When I install any software that remains resident (nearly all security software does) I run a benchmark with Super Pi to test for slowdowns. On my system, a notebook with loits of fanch hardware features, Theatfire increases the time for Super Pi to run by 3% to 4%. My system error logs also show some triggering of AV anti tampering features.

The question (and topic) is it worth it to run Theatfire with these negatives known?

I know that Threatfire has done well in some independent tests, but this is against known malware. The real test is if it finds stuff that signature based AV's miss at a high enough rate to be trusted.

Has any Threatfire user around here found (and confirmed later) malware using Theatfire that a decent AV missed?

In other words, has Threatfire ever saved your back side...

-{ Quote: "Has any Threatfire user around here found (and confirmed later) malware using Theatfire that a decent AV missed?

In other words, has Threatfire ever saved your back side..." }-
If that's your question, then yes. ThreatFire offers incredible protection in return for minimal user intervention. I don't personally recommend anyone else do this, but it's the only security software I run on my main machine - it works much better than any AV.

If your question is the one posed in the thread subject, however, then no. You obviously don't see much malware if you ever have reason to doubt ThreatFire's effectiveness. No point in sacrificing system performance for protection you don't need.

-{ Quote: "When I install any software that remains resident (nearly all security software does) I run a benchmark with Super Pi to test for slowdowns. On my system, a notebook with loits of fanch hardware features, Theatfire increases the time for Super Pi to run by 3% to 4%. My system error logs also show some triggering of AV anti tampering features.

The question (and topic) is it worth it to run Theatfire with these negatives known?

I know that Threatfire has done well in some independent tests, but this is against known malware. The real test is if it finds stuff that signature based AV's miss at a high enough rate to be trusted.

Has any Threatfire user around here found (and confirmed later) malware using Theatfire that a decent AV missed?

In other words, has Threatfire ever saved your back side..." }-

FWIW, Threatfire received high marks in this review.

http://www.pcmag.com/article2/0,2704,2191333,00.asp

I prefer Mamutu which is similar and seems to have less impact on performance then TF. TF is free though, which is a big selling point (pun intended). Eventually I stopped using both and moved to SafeSpace since I think the CPU cycles are better dedicated to a sandbox. SS also drops browser privileges and has key-logger protection.

Hi,

Is it worth depends on your set up.

I like the concept of a sandbox as first defense and a behavioral blocker as a second line. This has proven adequate on several setups (XP and Vista).

The CPU power of your PC also makes a difference. For instance a Athlon 3900 runs TF seamlessly, on the Athlon 3400 I bought A2 with IDS (IDS only is now Mamuto), because the slightly weaker CPU suffered to much from the first TF versions. Although those processors did not differ that much in power, TF was felt on the 3400, but did not seem to harm (performance wise) the 3900.

The question is it worth the CPU cycles? This is a mixed bag answer, I have only infected our PC's, So really no security software has saved my back. For me it was a reason to drop black list programs like AV and AS (I use A2 as Mamuto, without scanning). Want to see a jump (reduction) in Super PI calculations, shut off the read or execute (so write only) check of your AV, buy a hardware router with SPI and forget software FW.

Regards Kees

Threatfire runs better with Firefox or Opera if you are worried about IE slowdowns while using it. I like Sandboxie over SS. SafeSpace bogs down my system, but it might run better w/out TF.

-{ Quote: "Threatfire runs better with Firefox or Opera if you are worried about IE slowdowns while using it. I like Sandboxie over SS. SafeSpace bogs down my system, but it might run better w/out TF." }-

Yep TF runs well with Opera, also set history to use memory in stead of disk when you have +1 GB Ram on XP.

-{ Quote: " On my system, a notebook with loits of fanch hardware features, Theatfire increases the time for Super Pi to run by 3% to 4%. My system error logs also show some triggering of AV anti tampering features.

The question (and topic) is it worth it to run Theatfire with these negatives known?
" }-

I think one question you have to ask yourself is, does running TF make any real noticeable difference in your overall system performance. What does that 1% increase really mean? Is it just a number, or do you actually see the difference?

If there is no noticeable difference in performance with or without it, then I'd say go ahead and use it, what can it harm? And it just may do some good.

When I ran it here on this old PIII 1 gig cpu, the impact seemed quite minimal, and therefore worth it. If it catches something that Avira might miss just once, then it was well worth it IMO...

Some interesting ideas here. Mamutu, sounds like a name for a polar bear. The machine in question has a fairly fast 2 ghz Core 2 Duo CPU. That tip on history in memory seems interesting, I have 2 Gigs & XP. Is history needed at all? I guess I am not ready to turn off AV scanning on reads because then there is no automatic scan when a folder is opened. In many cases a suspect item is simply left alone for a while to see if it shows up in a subsequent signature file.

I will have to check for any perceived slow down. Also, I wonder if the slow down is across the board, or simply due to something Super Pi does.

Same old story, test, test, test. How many times to you see that one?

-{ Quote: "Threatfire runs better with Firefox or Opera if you are worried about IE slowdowns while using it. I like Sandboxie over SS. SafeSpace bogs down my system, but it might run better w/out TF." }-

Mine too. And i was just running Safespace alone...