For those that are interested Manutu is listed on GoTD. Remember that it needs to be downloaded and installed within 24 hours of the initial offering to function. See here (http://www.giveawayoftheday.com/) for details.

Thanks for the heads up! It gives 1 year license and i *think* you can install it again even if you format your HD.

Running quite light here. More than TF. Also more false alerts, but that's OK.

-{ Quote: "Thanks for the heads up! It gives 1 year license and i *think* you can install it again even if you format your HD.

Running quite light here. More than TF. Also more false alerts, but that's OK." }-

Have a look at the configuration options. There's one called "intelligent alert reduction". There's also a paranoid option which you want to turn off to reduce alerts. I don't know how Mamutu compares with Threatfire in terms of real performance, but I do like Mamutu's highly informative GUI.

-{ Quote: "It gives 1 year license and i *think* you can install it again even if you format your HD. " }-

No, you can't. Every GoTD giveaway checks the date and time while it is being installed to see if it is a valid giveaway, which is why this (and every GoTD giveaway) needs to be installed 24 hours after offering.

Here is a copy of the required coupon code to get the full version today:
http://www.wilderssecurity.com/showthread.php?t=201636

Hope that giveawayoftheday.com will be up asap.

-{ Quote: "No, you can't. Every GoTD giveaway checks the date and time while it is being installed to see if it is a valid giveaway, which is why this (and every GoTD giveaway) needs to be installed 24 hours after offering." }-

Sorry to interrupt, but that's only half the story. The coupon code to get the full version license works only today. But you can install and uninstall the software whenever you want. The license is stored on your user account at the Emsi Software servers.

You can convert the code today by creating an user account on www.mamutu.com and logging in at the customer center: http://cc.emsisoft.com

At the licenses menu you can find a link to the coupon conversion page.

The software can be installed later too. But the 1 year license period will expire 1 year after you converted the code.

Thanks for nothing Emsisoft! ::) I still can´t test this version on my VM, because of the "online account system". Like I asked before, why not make a special trial version which doesn´t need an account? And have you already tested the file infectors? ;)

The only thing I want to say is "thanks" :thumb:

GoTD is back up, and it case it wasn't clear this is not the usual arrangement with regard to installation and activation. To get the free one year license you need to create an account at www.mamutu.com and then use the coupon code included in the GoTD download. You need to do that today, however once it's done the license is tied to the account and not to the software. You can install Mamutu whenever you want to, and if you want to move it to a different PC no problem. After installing you just log into your account through the Mamutu GUI and your license information appears.

I like it, it's very light, like it's not even there. ;D

Worth a look, especially since you can resume your subs even after an OS re-install, which is the main problem with all GOTD downloads....

Thanks A-squared/Emsisoft

-{ Quote: "Have a look at the configuration options. There's one called "intelligent alert reduction". There's also a paranoid option which you want to turn off to reduce alerts. I don't know how Mamutu compares with Threatfire in terms of real performance, but I do like Mamutu's highly informative GUI." }-

Thanks Viteck. I saw it, but warns that will lower detection somewhat. I don't mind really having false alarms. The important for me is that it isn't eating much CPU. Something that TF should imitate.

It also gives more options (block for example). Although my main problem with these programs is that they give somewhat cryptic alerts. For example, "this program wants to behave like backdoor " (UTorrent for example, false alert obviously) , without giving any explanation as to what exactly happens. TF has the same problem too.

Anyway, i like it.

There were a few members positive on mamutu :-)

-{ Quote: "GoTD is back up, and it case it wasn't clear this is not the usual arrangement with regard to installation and activation. To get the free one year license you need to create an account at www.mamutu.com and then use the coupon code included in the GoTD download. You need to do that today, however once it's done the license is tied to the account and not to the software. You can install Mamutu whenever you want to, and if you want to move it to a different PC no problem. After installing you just log into your account through the Mamutu GUI and your license information appears." }-
Hi,

may I add some?

If you have X units of computers, just create X different user names(email address), so that you can own X accounts and install X copies . The license is attached to your account, you own it for one year from this moment. Reinstall is your very right given.

Take care.

As a now former user and lover of ThreatFire. I just want to say thanks to Emsisoft as well, and that Mamutu to is running great so far. This is by far a much more polished program than TF and hopefully as protective. Hey you experienced security programs testers, how about testing this one? LOL.

Am running Mamutu at same time as Comodo FW with Defense +....seem to get
the same popups mostly, so i guess they are ovrlapping protection....

Nice, polished GUI for Mamutu, wish they would change the name though...

Just tried it. It installs very nicely, didn't seem to consume very many resources.

Set up some basic malware tests and it seemed to do fine. Then I tried AKLT. Failed the only test I ran.

It uninstalls very nicely

A virus can screw up my computer.
A keylogger can screw up my life.

How do I make Mamutu protect an application? If I try, without defining exceptions, the ok button remains greyed out and inaccessible. Placing a tick in the "protect this application from process manipulations" doesn't seem to help either.

It also seems to ignore (not monitor) all services by default?

I like it and thank you for the give-a-way.:thumb: :)

NP here, only a few FP. Test it a few days and make then a final decision.
Thank you very much EMSI.

Thank you Emsisoft for this opportunity. Mamutu was easy to install. I think it is agreat idea to have account but i think it should be done after the program is running...anyway thats is not a big issue.

So far mamutu is running fine and very light. I am testing it if i can replace Threatfire with this one.

-{ Quote: "Just tried it. It installs very nicely, didn't seem to consume very many resources.

Set up some basic malware tests and it seemed to do fine. Then I tried AKLT. Failed the only test I ran.

It uninstalls very nicely

A virus can screw up my computer.
A keylogger can screw up my life." }-

Mamutu may fail these types of tests simply because it knows it's only a test and not real malware. Christine explains this in the Emsisoft forum in regards to the Trojandemo test. I suggest you ask him in the forum why Mamutu doesn't pass the AKLT test and see what he has to say about it before jumping to any conclusions.

can this replace my avg antispyware? whats best alert mode to have it on community or intelligent, also in permissions it says administrator but then says choose a non admin acc? confused here

ive been wanting to try this forever.;D ;D ;D im going to replace tf with this for a while.

I installed Mamutu the first couple of hours of the GoTD deal. I decided to take it off because I have Threatfire and I like to wait for more feedback from users. Will this license work if I install the program again on a later date?

-{ Quote: "I installed Mamutu the first couple of hours of the GoTD deal. I decided to take it off because I have Threatfire and I like to wait for more feedback from users. Will this license work if I install the program again on a later date?" }-
Yes, see post #6 in this thread.

Thanks. Prevx2 worked the same way, but I reformatted my computer and lost the deal.

Hi owining licesenses of all 3 behavior blockers on different macjines this is what I can tell:

TF is the best (has an issue with allow or quarantaine and no deny or block option which reduces usability and uses the most CPU power). Mamutu is by far the lightest and available in a lot of languages and PRSC is very quiet (with a system load somewhere in between Mamuto and TF, but with a lesser scope of protection to refrain from false positives). The new Mamutu community advise really makes it a very easy to use application. This is the reason I have Mamutu on my wife's PC (it is behind DefenseWall). For paronoids it is not a reassuring thought to lay their security into the hands of others (noobs compared to their own knowledge problably). So depending on your wallet, knowlegde and CPU strength/RAM, OS version of your PC you can choose the right package.

I installed it with a few minutes to go. Nice GUI. But what is under the hood? Has anyone had it catch malware? The community feature seems rather poor though. The onus should be on the malware analyst to decide what rules to put into a behavior blocker, not everyone else.

-{ Quote: "TF is the best (has an issue with allow or quarantaine and no deny or block option which reduces usability and uses the most CPU power)." }-
It's kind of frustrating how many times I have to set the record straight on this one.

How does the lack of a Deny option affect usability? If it's a legitimate program that you recognize, you allow it. If it's a malicious one, you should quarantine it so that all traces of it are safely removed and all potentially dangerous changes it made to your system settings reversed. If you do make a mistake (which shouldn't be that often, given TF's relatively low FP rate), restoring items from quarantine is only a few clicks away.

The only thing the lack of a Deny button affects is the usability of advanced rules. That is soon to be fixed AFAIK, and how many people use TF for its advanced rules anyway?

When i used threat fire and i had real malware inside sandboxie which is my main security app and is on my pc to stay threat fire quarantined sandboxie,my file manager that was open inside and everything inside,so this is a problem,the lack of a deny option.It removed them from the real pc also.That happened many times and the restore option didn't always worked and i had to reinstall sandboxie or the file manager a couple of times.Mamutu seems to ignore what happens inside sandboxie,i opened a few infected apps from p2p sites and got no warnings,and i like that.I know that some will say that threat fire&sandboxie work well for them but there is a problem and is not my pc or a bug.I like mamutu so far and i'm glad i find out about the offer.

At this point I can say that Mamutu is running better than Threatfire on my old 1,76 MHZ Singel Core Laptop, It is really lighter.
I have three FP's:
- explorer.exe
- UMTS.exe
- CCleaner.exe

We will see what it say when I Install a new Software or make a Windows-Update.

-{ Quote: "When i used threat fire and i had real malware inside sandboxie" }-
Then please click allow. Sandboxie will keep the malware contained.

If you're interested in continuing to use ThreatFire, you can report the incorrect quarantining, which will be fixed.

-{ Quote: "It's kind of frustrating how many times I have to set the record straight on this one.

How does the lack of a Deny option affect usability? If it's a legitimate program that you recognize, you allow it. If it's a malicious one, you should quarantine it so that all traces of it are safely removed and all potentially dangerous changes it made to your system settings reversed. If you do make a mistake (which shouldn't be that often, given TF's relatively low FP rate), restoring items from quarantine is only a few clicks away.

The only thing the lack of a Deny button affects is the usability of advanced rules. That is soon to be fixed AFAIK, and how many people use TF for its advanced rules anyway?" }-

how many times I have to set the record straight on this one?
I hope your vision on how to use TF and for whom it is developed will be shared by the development team and implemented soon. This will save you a lot of time explaining how to use TF to vision deluted members of Wilders (like me :-\ ).

How does the lack of a Deny option affect usability?
The scenario described is only vallid for non critical processes being quarantained. The default setup of TF is not to create a restore point. Please always run TF with the option to create a restore point before user decision. I guess the poor PC users who quarantained a critical process which made their PC hang, just should have been more educated. Wait :o were not behavior blockers intended for people not able (or willing because other family members use the PC also, see note) to deal with the mind braking pop-ups of a classical HIPS?

*** note ***
I known that PC stands for Personal Computer, so I agree it is mistake to allow other members of the family to use the PC in the first place (wrong again :-X )

how many people use TF for its advanced rules anyway?
Only me, I suppose. :D

-{ Quote: "I hope your vision on how to use TF and for whom it is developed will be shared by the development team and implemented soon. This will save you a lot of time explaining how to use TF to vision deluted members of Wilders (like me :-\ )." }-
What will really save me time is for people to stop parroting this request, without responding to my arguments, and without any really valid explanation of why it's needed.

-{ Quote: "I guess the poor PC users who quarantained a critical process which made their PC hang, just should have been more educated." }-
This would make for a rather good argument, actually, were it not for the fact that the hypothetical scenario that you pose is completely nonexistent save for within the realms of your imagination. I can think of no better argument to prove the lack of need for the Deny button, than the fact that its proponents have to resort to fantasy, make-believe scenarios to justify the need for it.

-{ Quote: "how many people use TF for its advanced rules anyway?
Only me, I suppose. :D" }-
That's very interesting. We need a Deny button because the lack of it "affects usability", nevermind the fact that figuring out advanced rules are, by far, more "usability affecting" than a Deny button (or lack thereof).

what are the popups that last about a tenth of a second and I cant read.

-{ Quote: "what are the popups that last about a tenth of a second and I cant read." }-
its explained here:
http://forum.emsisoft.com/Default.aspx?g=posts&t=3130

Hi can someone help me here answer these questions thanks.. whats best alert mode to have it on community or intelligent?? , also in permissions it says administrator but then says choose a non admin acc? what do i choose?.....and lastly in the Applications rules i have few of my main programs in there I ticked exclude on a few things is that a good idea? what can i exclude? do i leave IExplore as monitored? i have addmunch excluded because i know it is that how it should work ...Tx MD ???

iirc the permissions page is if you want to run Mamutu under a limited account. On that page you choose your limited account.

-{ Quote: "iirc the permissions page is if you want to run Mamutu under a limited account. On that page you choose your limited account." }-

ok thanks..::)

-{ Quote: "What will really save me time is for people to stop parroting this request, without responding to my arguments, and without any really valid explanation of why it's needed.


This would make for a rather good argument, actually, were it not for the fact that the hypothetical scenario that you pose is completely nonexistent save for within the realms of your imagination. I can think of no better argument to prove the lack of need for the Deny button, than the fact that its proponents have to resort to fantasy, make-believe scenarios to justify the need for it." }-

I will anser your questions in reversed order

This would make for a rather good argument, actually, were it not for the fact that the hypothetical scenario that you pose is completely nonexistent save for within the realms of your imagination.

I now of three occasions where this is possible:

1) Imagine this: set the security level to 5 of ThreatFire. TF pops on to every intrusion, then choose quarantaine on every pop-up and re-boot!


2) A simple false positive (e.g. as it did with PRSC) of software drilling deep into the system, quarantaining it could cause on next boot up


3) A release might contain a programming error, is a possibility you can not rule out, therefore you have to provide user a parachute when the software bails out. Same reason I can not understand why the create a restore point before user decision is not on by default.


without responding to my arguments
See answers above

-{ Quote: "set the security level to 5 of ThreatFire." }-
Why the average user would do that? solcroft said that level 3 gives excellent detection.

Lucas,

Solcroft claims it is non-existent situation. The example given is that a Noob/fool could easily create the so called non-existing sitiuation.

The problem within TF's own configuration possibilities is that you can create a situation in which quarantaine is a bad option. Okay it is stupid, but did you see on the Mamuto screenshots that 13 percent of Mamutu's users block legitemate programs, why would the TF users be different?

When level 5 is an option, would you stick your hand into a fire for it (after a bet that no one would ever do this?)

Regards Kees

There's one important difference. By default, Threatfire doesn't require user involvement, because it's much less prone to FPs.
Mamutu's users need to submit their decisions to a database and there's no reduction of FPs. TF's users only need to quarantine malware or (unlikely) allow an FP.

Hey Kees1958 and solcroft. I like ThreatFire a lot and used it as my staple security software for awhile, but since receiving the free Mamutu 1 year license and giving it a try I have to say I like it more than ThreatFire. I guess what I'm saying is can we go back to talking about Mamutu and argue about TF in another thread? Sheese. LOL. Just kidding. I actually get a kick out of the "friendly" debates you guys have, and would like to hear more on both of your opinions about the protective capabilities of Mamuta in comparison to TF.

The Logic says Threatfire, but my Heart says Mamutu.
What is better for a Security-Software Logic or Heart?

-{ Quote: "The Logic says Threatfire, but my Heart says Mamutu.
What is better for a Security-Software Logic or Heart?" }-
Hi,

May be a bit easy.

Whose logic ? whose heart ? and whose box these security apps to be applied onto ?

-{ Quote: "Hi,

May be a bit easy.

Whose logic ? whose heart ? and whose box these security apps to be applied onto ?" }-

Yes, my Statement was not objective, I'm talking to myself.
I think I use it for a longer Time, because it's running better on my machine than Threatfire and to follow the improvement of the future Versions, but this is only playing, I need it not really.

-{ Quote: "I now of three occasions where this is possible:" }-Kees, have you even so much as HEARD of your hypothetical scenarios ever happening, or were you just practising your theorycraft, which seems to have gotten quite rusty?

I rest my case.

-{ Quote: "Yes, my Statement was not objective, I'm talking to myself.
I think I use it for a longer Time, because it's running better on my machine than Threatfire and to follow the improvement of the future Versions, but this is only playing, I need it not really." }-
Hi,

I am glad that you feel that way, good for you.

I am using Mamutu now( I just wish I can remember its name someday, after long time usage), because its generous one year free offer- IMO, a smart deploy to let public to sample its product w/o any string attached.

I also used TF sometime ago, on and off depending on its version/build.

IMO, both are excellent applications from user's perspective. Just like wine and beer to me, I will use them according to the occasions. Moreover, both M and TF are supported by reputable software developers, Emisoft and PC tools respectively. Future development can be warranted. Meantime, any healthy technical debates between these two are most welcomed to me, by reading the between lines, I do learn something valuable.

Solcroft, you may have rest your arguments a bit too soon. I like to hear yours , so is Kees' . You both are still at Turn(Texas Hold em poker), you need to see the River, and then head up show down. Perhaps it is a split. :-*

Take care.

-{ Quote: "Kees, have you even so much as HEARD of your hypothetical scenarios ever happening, or were you just practising your theorycraft, which seems to have gotten quite rusty?

I rest my case." }-

Yep, I am old and rusty (from 1958). Sprained my ankle playing rugby, got beaten by a 22 year old in the last Battle of Twins race, so I am losing it definitely.

Point is: when a software makes it possible within its own settings to enable unskilled users to cause disaster over themselves, they should:
a) either set the create restore point as a standard (so a fallback option is created)
B) allow for a deny button or
C) do not provide the user a Fals Positive generator by increasing the sensitivity level (mentioned security level for clearity, ThreatFire does not become much safer, it only warns more often, increasing the FP risk)


I like TF (should stop arguing about it in a Mamutu post, this is the last reaction), sorry Perman

Just wanted to add here another thank you to Emsisoft for a great program. Mamutu is running well with PC Tools Firewall and Avira Personal Premium and I think this makes for a good security set up.

-{ Quote: "Point is: when a software makes it possible within its own settings to enable unskilled users to cause disaster over themselves, they should:" }-
Kees,

I think you've conveniently decided to not address my point: have you ever experienced this, or so much as heard of it happening before, or did you simply cook up your own doomsday scenario just to present a false need for a pointless feature?

Short of the Novatix staff themselves, I don't know anyone who tests TF as rigorously as I do, and I have not seen this happen. I'm willing to happily stand corrected if you have, but at the moment, as far as I'm concerned, you have a very vivid imagination, and an inexplicable self-justifying desire for a useless function.

-{ Quote: "Kees,

I think you've conveniently decided to not address my point: have you ever experienced this, or so much as heard of it happening before, or did you simply cook up your own doomsday scenario just to present a false need for a pointless feature?

Short of the Novatix staff themselves, I don't know anyone who tests TF as rigorously as I do, and I have not seen this happen. I'm willing to happily stand corrected if you have, but at the moment, as far as I'm concerned, you have a very vivid imagination, and an inexplicable self-justifying desire for a useless function." }-
hi solcroft, since you test so much tf how do the quarantine works? yesterday i installed an application and it gave me an yellow alert. (i know it was a false positive but thought lets see how tf work). i pressed quarantine and it did the work. i was installing this sandboxed. tf quarantined the application and nearly half of the sandbox including opera (also installed in the sandbox) and even a word document on an other drive. it quarantined 1220 files and only a few were from the original application that gave the alert. i tried to recover files from the quarantine but that was impossible because the gui went blank after several minutes of tf scanning the quarantine folder. thx

edit: sorry noticed this is total OT

This is because ThreatFire, mistakenly, doesn't seem to recognize Sandboxie as a legit application.

The reason for 1220 files being quarantined was because the PARENT PROCESS of the false positive was Sandboxie. When ThreatFire quarantines something, it hacks off the parent process as well - this is by design, to clean up droppers and downloaders from your machine as well; early versions of Cyberhawk didn't have this feature, and although they can terminated offending processes, they left these malware remnants on your PC. But as aforementioned, ThreatFire screwed up on Sandboxie and didn't know it's a legit process that should be left alone, and as a result Sandboxie, along with ALL OTHER FILES it dropped, gets axed.

Hi, Solcroft:

I am pleased you return for more healthy debates/discussion.

On Chinese Kafan Forum, two experts have conducted Mamutu, AntiBot against so called FOUR most notorious malwares, there are links there for the d/l.

Since you have done extensive testing work on TF, could you possibly conduct some serious testing of TF vs these malwares ?

According to their tests, Mamutu has detected/intercepted all FOUR, while AntiBot has just stopped two of them.

Looking forward to your test results, thanks, Take care.

-{ Quote: "Since you have done extensive testing work on TF, could you possibly conduct some serious testing of TF vs these malwares ?

According to their tests, Mamutu has detected/intercepted all FOUR, while AntiBot has just stopped two of them." }-
It's not even worth testing. TF completely destroys those trojans, and many ones that are much worse. Back when Xorer was first released, for instance, TF was the only one I tested who successfully withstand its messaging attacks and quarantined it completely, while the competition folded beneath the onslaught. Some of them have since caught up, of course.

Generally I don't pay too much attention to those tests. It's more of a "been there, done that" thing for me.

Hi, Solcroft:

Nice to know these things.

Thanks.

So since this is a thread about Mamutu. I'd like to know how TF stacks up to it as far as Real Time protection.

-{ Quote: "This is because ThreatFire, mistakenly, doesn't seem to recognize Sandboxie as a legit application.

The reason for 1220 files being quarantined was because the PARENT PROCESS of the false positive was Sandboxie. When ThreatFire quarantines something, it hacks off the parent process as well - this is by design, to clean up droppers and downloaders from your machine as well; early versions of Cyberhawk didn't have this feature, and although they can terminated offending processes, they left these malware remnants on your PC. But as aforementioned, ThreatFire screwed up on Sandboxie and didn't know it's a legit process that should be left alone, and as a result Sandboxie, along with ALL OTHER FILES it dropped, gets axed." }-

So SandBoxie and Threatfire, not a good combo huh ???
I use SandBoxie now but i've used Threatfire in the past, I'm asking for future reference.

I wonder if PC Mag will jump on Mamutu and test it. It gave a glowing review of TF. ;D

I know that AV-Comparatives tested Cyberhawk and a few other programs way back. Will they do another test with the newest bunch??

-{ Quote: "So SandBoxie and Threatfire, not a good combo huh ???
I use SandBoxie now but i've used Threatfire in the past, I'm asking for future reference." }-
Slight correction. Quaranting a sandboxed process = not a good combo.

You can't run everything sandboxed. Having something to intercept the things you have to run outside the sandbox sounds like a very wise precaution to me.

Gave up on Mamutu after noticing high CPU usage spikes (approx 80%) every few seconds.

Changed to Threatfire (with Sandboxie). No problems so far.

-{ Quote: "Gave up on Mamutu after noticing high CPU usage spikes (approx 80%) every few seconds.

Changed to Threatfire (with Sandboxie). No problems so far." }-
ThreatFire and Sandboxie make a good combination.
For many months, I've been using them without a problem. :thumb: