-{ Quote: "SMARTER ALERTS, LESS QUESTIONS – PATENT-PENDING TECHNOLOGY

Security software alerts can cause confusion about the appropriate action to take (block, allow etc). ThreatFire 4.1 reduces this confusion by minimizing both the number and the type of alerts that require you to make a decision. This is made possible using two new techniques:

Patent pending technology which groups threats into families based on common traits or characteristics of the threat. This technology makes ThreatFire capable of catching hundreds of variants of malware derived from the same original threat and helps you to make a more informed decision about any malicious activity on your computer.
ThreatFire now verifies potential threats against its in-the-cloud black/white lists to automatically determine how to handle threats, requiring fewer decisions from users. Only those potential threats not identified on either list will display an action alert for you to make a choice as to whether to block or allow the threat. These technologies combine to provide the most up-to-date threat protection while intuitively handling threats.
ENHANCED ROOTKIT DETECTION

While ThreatFire protects you in real-time from most rootkits, it also employs unique technologies in an enhanced rootkit scanner to protect you from deeply hidden threats. PC Tools recommend setting up regular rootkit scans as a precaution against these particularly nefarious types of threats (this can be done in the ThreatFire settings menu).
FOCUS ON PURE BEHAVIORAL PROTECTION

PC Tools recognizes that traditional signature-based anti-virus scanners have become a less effective, secondary line of defense to proactive behavioral based protection. User feedback has also indicated that ThreatFire is useful as the first line of protection in addition to traditional signature-based virus scanners. As a result, ThreatFire 4.1 focuses on delivering best-of-breed behavioral protection and no longer provides a signature-based virus scanner.1
GREATER DETECTION ACCURACY – REDUCED CHANCE OF FALSE POSITIVES (http://www.virusbtn.com/resources/glossary/false_positive.xml)

ThreatFire 4.1 incorporates patent-pending technology to provide greater accuracy in detecting real threats and a greater ability to avoid classifying legitimate programs as potentially malicious (known as a false positive (http://www.virusbtn.com/resources/glossary/false_positive.xml)). The method that ThreatFire uses to determine the legitimacy of a program has been completely re-engineered in an effort to further reduce false positives. This new method of rating will ensure that ThreatFire’s alerts include more accurate and relevant information about potentially malicious behavior.
ADDITIONAL UPDATE OPTIONS

The Smart Update feature now includes several options to give you greater control over how and when updates are applied. The new update options include “download and install automatically”, or “notify before installing updates”.
OTHER FEATURES

Beta support for Windows Vista 64-bit users. Online help files now available in Simplified Chinese Quick Start Guides now include Simplified Chinese, German, Portuguese, Polish, French, Italian and Spanish languages. ThreatFire is now available in Simplified Chinese, German, Portuguese, Polish, French, Italian and Spanish." }-

http://www.threatfire.com/updates/

-{ Quote: "The Smart Update feature now includes several options to give you greater control over how and when updates are applied. The new update options include “download and install automatically”, or “notify before installing updates”.
OTHER FEATURES" }-

-{ Quote: "Only those potential threats not identified on either list will display an action alert for you to make a choice as to whether to block or allow the threat." }-

FINALLY SOMEONE LISTENED AND ACTED!!!

i'M OFF TO TEST THIS right now! (fingers crossed)

EASTER

Hehe, few days ago i tried old version and today decided to re-install it. And it looked different. Then i noticed it's version 4.1. So far it works great :)
If i remember correctly, this version even works on Vista 64bit.
Nice job PCTools!

Working fine here. Maybe it's only a coincidence, but my browsing speed seems improved compared to the previous version. I think it also loads a bit faster. It's goog thing that they got rid of the AV scanner.

Well, i tried 3 real malware and TF did catch all 3 of them, but... no option for deny...

And mind you, community is disabled and outbound connection too. One high alert, one moderate, same as in previous version.

http://img16.imageshack.us/img16/5905/93622798fq9.png

http://img16.imageshack.us/img16/9594/77750458ff4.png

Thanks for the heads up Maymoons.

I don't know why they just don't add the allow/deny feature to the advanced tools section, (a setting in this area which could be enabled or disabled) that way only expert user would be using it and getting the pop up warnings this way and all the n00bs they seem to be trying to protect from the deny feature would not even have to worry about it. But those who want the feature could have it.

I will try it today at home... :)

How is this version about CPU Usage and system impact?

-{ Quote: "If i remember correctly, this version even works on Vista 64bit." }-

I tried to install it on a 64 bit machine, installation was interrupted with a message stating this version is only for x86 versions of windows :'( .....

Vsta64 bits version is still in Beta I think. To download go to pctools forum and sign on for beta testing (or wait a few weeks)

Oh, so 64bit did not fall into this one. Oh well, i'm using Windows XP again since i'm now mostly running my Aspire One netbook.
But ThreatFire 4.1 runs ultra fast on it. I don't think i notice any difference in performance on it. I'm certanly keeping it to suplement avast!.
I think both together really pack some punch. avast! for existing threats and some new ones while ThreatFire is focused on brand new stuff.
Chance of anything getting through is very very small.

-{ Quote: "Oh, so 64bit did not fall into this one. Oh well, i'm using Windows XP again since i'm now mostly running my Aspire One netbook.
But ThreatFire 4.1 runs ultra fast on it. I don't think i notice any difference in performance on it. I'm certanly keeping it to suplement avast!.
I think both together really pack some punch. avast! for existing threats and some new ones while ThreatFire is focused on brand new stuff.
Chance of anything getting through is very very small." }-

Using this combo, Avast Standard Shield (Normal), TF (level 3) and Sandboxie. Running on XP Pro and Vista Home. TF 4.1 seems much lighter, probably due to the fact the AV is omitted this time around.

Ice

After running it for several hours, i 'd say that alghough CPU-wise i don't see improvement, it does feel less heavy on the system and on browsing. As Icecube noted, the first, must be the result of not having the scanner anymore. Before it would compare everything against the scanner's blacklist. Now it doesn't do that anymore, so seems to provoke less system drag.

-{ Quote: "After running it for several hours, i 'd say that alghough CPU-wise i don't see improvement, it does feel less heavy on the system and on browsing. As Icecube noted, the first, must be the result of not having the scanner anymore. Before it would compare everything against the scanner's blacklist. Now it doesn't do that anymore, so seems to provoke less system drag." }-

In your opinion is the overall protection more/less/the same as the previous version?

-{ Quote: "In your opinion is the overall protection more/less/the same as the previous version?" }-

Well, i haven't used it as much as the older version and mind you that i don't use the community protection, but i think it must be at least as good as the last one. 3 out of 3 malware in my test, the pop ups were quick to appear and i had the usual false positive with Emule. So, overall i think it's better than the last. If not for anything else, it seems to be cause less system drag.

EDIT: Although in CPU Time , doesn't seem to have made any improvements.

Yeah, TF 4.1 is very light. I'm running it along with avast! on my Aspire One netbook and i really don't see any slowdowns or noticeable delays.
Plus protection from new threats is really outstanding.
I know its performance from Cyberhawk days and also later when it was already under TF trademark. Matt from Remove-Malware tested it not long ago and it finished with flying colors (ie it blocked everything).
avast! and ThreatFire really work nice together and offer protection that is hard to match. All this for free.

-{ Quote: "Well, i haven't used it as much as the older version and mind you that i don't use the community protection, but i think it must be at least as good as the last one. 3 out of 3 malware in my test, the pop ups were quick to appear and i had the usual false positive with Emule. So, overall i think it's better than the last. If not for anything else, it seems to be cause less system drag.

EDIT: Although in CPU Time , doesn't seem to have made any improvements." }-
The system hiccups were a great annoyance when I tried TF last year,if they'd just address the issue of auto blocking I'd be tempted to try it again.

ThreatFire previous version only checked the AV-blacklist after an intrusion. So this advantage should only take place after an intrusion. Intrusions are not that common enoght to justify the increased responsive feel.

I think the the enhanced categorisaton of intrusions (which pattern recognistion easier) plus the advanced tracking mechanisme of the previous version offer improvement. Also ThreatFire sets process controls to other programs which are known entry points of malware OR show strange behaviour.

I bet ThreatFire might have more compatibility issues with other HIPS type of programs now. I noticed this during beta testing. On the other hand it is intended as an add-on to an Antivirus or AntiSpyware application. As such it does a remarkeable job. It is remarkeable that it is improved so much over time that it does need an detailed AV blacklist anymore to detail the warning messages.

ThreatFire in the past, sometimes took 6 months or a year to respond to a specific threat. I hope the new internal architecture will solve this (as a mater of fact I am confident about an improvement on this).

-{ Quote: "The system hiccups were a great annoyance when I tried TF last year,if they'd just address the issue of auto blocking I'd be tempted to try it again." }-

Personally i would like the "deny" option too, but i don't see it as too much of a problem, if you have an ISR program or an image to restore. The times i 've seen it in action against malware (under shadow defender), it didn't do something harmful to system files. Ok, theoretically it can happen, but for me, the most important is to make me aware that i have a malware on my pc.

Besides, on any alert, if you click "technical details", you will see what is about to be quarantined. If you see something that shouldn't, you can allow it and restore image. Also, once quarantined, you can also review the things quarantined and restore selectively.

So, yeah, ok, there is a slim chance that it may quarantine something vital to windows, but the chance is slim and you can view that before it happens. Use an image/ISR and that's it.

For being a freeware, i can't complain much. Sooner or later they 'll add the "deny" too i hope. In the meantime, the pros way outshine the cons of using it.

-{ Quote: "ThreatFire previous version only checked the AV-blacklist after an intrusion. So this advantage should only take place after an intrusion. Intrusions are not that common enoght to justify the increased responsive feel.

" }-

Well, then they did some optimization anyway, because it feels better now running on my pc and since this morning my browsing also feels more fluid.

-{ Quote: "
So, yeah, ok, there is a slim chance that it may quarantine something vital to windows, but the chance is slim and you can view that before it happens. Use an image/ISR and that's it." }-

With the beta adding other security programs to the trusted programs really did help to prevent this problem. I only encountered one situation in which the exe was left untouched (it was mentioned in the trusted list) and a dll was quarantained of another security program.

There is an option to set a restore point before quarantaine. TF team is so confident they still do not choose to select this by default.

-{ Quote: "Well, then they did some optimization anyway, because it feels better now running on my pc and since this morning my browsing also feels more fluid." }-

Yep you are right. From 4.0 to 4.1 really was a big internal overhaul. It also could have been numbered TF 5.0. I sometimes do not get these software companies (like OA 3.0 to 3.1 which not only feels a lot faster, it actually uses less CPU cycles and reads a lot less I/O)

-{ Quote: "Well, i tried 3 real malware and TF did catch all 3 of them, but... no option for deny...

And mind you, community is disabled and outbound connection too. One high alert, one moderate, same as in previous version.

http://img16.imageshack.us/img16/5905/93622798fq9.png

http://img16.imageshack.us/img16/9594/77750458ff4.png" }-

And again, the DENY option is refused as a benefit for TF users. This disappointments me greatly because it "IS" a very useful option indeed and always has been with apps like HIPS.

I tried it and tried to get excited but my anticipation was turned quickly again to frustration with the ommision of the DENY option left out.

EASTER

... together with creating a system restore point by default, as mentioned by Kees. I can see that too as very negative, and especially when denying is missing.

Installs in Portuguese (i guess) language here ???

-{ Quote: "And again, the DENY option is refused as a benefit for TF users. This disappointments me greatly because it "IS" a very useful option indeed and always has been with apps like HIPS.

I tried it and tried to get excited but my anticipation was turned quickly again to frustration with the ommision of the DENY option left out.

EASTER" }-

I would be interested to know if it will still quarantine explorer.exe? I've experienced this once and others have mentioned it as well.

-{ Quote: "I would be interested to know if it will still quarantine explorer.exe? I've experienced this once and others have mentioned it as well." }-

Well, i scripted a VBScript to add to run and sure enough the same old ways cropped up again leaving only to allow it or carry off REGEDIT to quarantine, no DENY option to prevent this at all yet once again.

I duno why they don't just get off the pot and place a DENY option in there and be done with it. It would save a lot of frustration and disappointments being lodged against TF as of late.

EASTER

Easter,

Did you send the VB-script to TF support?

Cheers

-{ Quote: "Easter,

Did you send the VB-script to TF support?

Cheers" }-

We are in communication now directly, yes.

EASTER

-{ Quote: "Installs in Portuguese (i guess) language here ???" }-

I posted this problem at their forum, they said they would take note.

I solved the problem by installing the 4.0 version and let it smart update. Now it's ok.

Cheers.

On my pc Threat fire eats 99-92% of cpu is that normal???????????????
thats tooooooooooooooooo much
can anyone help me?
win xp home sp3
for example
kaspersky eats 5%

-{ Quote: "On my pc Threat fire eats 99-92% of cpu is that normal???????????????
thats tooooooooooooooooo much
can anyone help me?
win xp home sp3
for example
kaspersky eats 5%" }-

deinstall asap

This version is lighter than previous, but I think it still use a lot of system resources...
I'm not talking about RAM or CPU, but the rest...

If our system isn't doing nothing, why the program should always check the system?
The hook instructions doesn't fire this way, right?

I also tried it against keyloggers without any success...

-{ Quote: "deinstall asap" }-

ok,but what is "asap"
maybe
As Soon As Possible?

-{ Quote: "ok,but what is "asap"" }-

as soon as possible

-{ Quote: "as soon as possible" }-

ok but why Pc tools make a software that eats 90% of cpu??

ThreatFire uses around 0-5% on my Atom 1,6GHz based netbook.
Considering how weak this CPU is, any dual core CPU above 2GHz could run it with ease.

i got celeron 1.6 asus laptop 1 core 1,5 gb ram
threat fire eats 99-92 cpu usage
win xp home sp3 without net frame work

-{ Quote: "On my pc Threat fire eats 99-92% of cpu is that normal???????????????
" }-

There must be some conflict between Threatfire and some other program you run at startup.

on startup i got
Ad muncher 4.72(full from polish magazine)
kaspersky av 2009
autoconnect(conect automaticly to internet ADSL)
power gear(power managment for my asus)
process lasso
o o clevar cache v4

Thats all

-{ Quote: "on startup i got
Ad muncher 4.72(full from polish magazine)
kaspersky av 2009
autoconnect(conect automaticly to internet ADSL)
power gear(power managment for my asus)
process lasso
o o clevar cache v4

Thats all" }-

Maybe it's Kaspersky... Anyway, here's the official TF forum, you may want to report it and they may have means of solving your problem:

http://www.pctools.com/forum/forumdisplay.php?f=59

no its not kaspesky
few days ago i tested avira free and there was the same problem

-{ Quote: "no its not kaspesky
few days ago i tested avira free and there was the same problem" }-

Well, it can even be a hardware driver you have that doesn't like TF and makes it go mad... In such cases, you fix it with trial and error. Maybe in the TF forum, they can give you some debug version or something and find the problem quicker.

Otherwise, nobody can guess what's your problem, unless he is a magician.

One thing is for sure, it's not normal for TF to eat 99% of a 1,6 Ghz CPU. Not by a long shot.

ok thanks

Any other experiences?

I'm running ThreatFire on my laptop for about 2 months and there was no ThreatFire action. So is it really "necessary"? ::)

On the other side it slows down browsing a little bit ... :-\

-{ Quote: "Any other experiences?

I'm running ThreatFire on my laptop for about 2 months and there was no ThreatFire action. So is it really "necessary"? ::)" }-
I would not use this criteria to select my security software ;)

-{ Quote: " So is it really "necessary"? ::)" }-
Depends on your surfing habits and what other software you have installed.
-{ Quote: " On the other side it slows down browsing a little bit ... :-\" }-
I have not seen this on my laptop, but you could try another HIPS/behaviour blocker to see whether they slow down your browsing.

Overall it is running as light as a feather here.

-{ Quote: "

On the other side it slows down browsing a little bit ... :-\" }-

Have you tried other browsers. I experienced slow-down with Opera (upload-speeds dropped right off) but no difference with Chrome or FF. No diff with IE8 either :shifty:

Hey fellas

I been out of the loop for a week or so and was curious as well as anxious if TF is finally updated another version yet or are we still chained down with the same one with no DENY feature as well as all the improvements proposed some many months and weeks ago.

I not given up on it nor want to, but it's been a very long delay IMO between the last version and the talk up of releasing an even better one.

Thanks EASTER

-{ Quote: "Hey fellas

I been out of the loop for a week or so and was curious as well as anxious if TF is finally updated another version yet or are we still chained down with the same one with no DENY feature as well as all the improvements proposed some many months and weeks ago.

I not given up on it nor want to, but it's been a very long delay IMO between the last version and the talk up of releasing an even better one.

Thanks EASTER" }-
.
As far as I know the "deny" option has not been implemented yet. I believe in 4.1 they dropped the AV database component. I only tested it briefly though, so correct me if I'm wrong. I'm patiently waiting too for a version of TF that I can really trust.

Dropping the AV db should not be an "issue" according to them anyway - only solve conflict-problems and such. What was in effective use was TF's own black and white databases - and now the software features cloud-updating/db in addition to the regular updates.

I hope i.m wrong but with this long absence originatig for the PCTools camp, it;s beginning to look strikingly similar to the same demise that plagued Power Shadow Master & the other chinese HIPS which was a real step in the right direction.

This seemingly very long delay without concrete explaination except broken record canned responses from it's forum doesn;t exactly encourage expectations expected many hoped for that it will ever make it to either distribution or market, which would be a yet another let down for users full of anticipation and hope in it.

But like i said, i hope i'm wrong but the longer they continue to put matters off with TF the more it signals to me IMO there could be other alternatives than the work on that particular TF project in exchange for some other priorities (if they have any ).

TF IMO is been very prime to take a positive popular center stage stance if they can or are able to press on ahead with it sooner then later.

Interest is serious waining at this point and users are definitely losing hope if they ever see this project materialize.

EASTER

-{ Quote: "on startup i got
Ad muncher 4.72(full from polish magazine)
kaspersky av 2009
autoconnect(conect automaticly to internet ADSL)
power gear(power managment for my asus)
process lasso
o o clevar cache v4

Thats all" }-
It may be process lasso or clever cache.

BTW are not these two software supposed to do similar job?

Very many thanks to Kees for pressing ahead in their forums and offering a very efficient ruleset much in the same way Alcyon is done for EQS, but the delay in implimenting it then eventually we hope rolling it out remians in serious doubt. And i hope thats all it is, just a doubt, because he gave them (like Alcyon) an excellent move ahead in it's capabilities IF THEY WILL JUST GET WITH IT!

Nothing against Mamutu which IMO is the ONLY real Behavioral Blocker that does whats expected from it more often then not, but TF stands to even equal or surpass Mamutu if they eventually finish that programming puzzle of a very unique and IMO badly needed compliment to any security set up as a reliable buffer!

EASTER

ThreatFire 4.5 - Full Review (http://www.pcmag.com/article2/0,2817,2347574,00.asp) :)

Where can i d/l v4.5?

Not officially released yet. PCMag received a sneak copy from PCTools.

According to their forum it may be out next week.

-{ Quote: "
Can't release too many details of future roadmap now, but we've already mentioned here and elsewhere that the next version of TF after 4.5 (due in August/September) is scheduled to have the Deny button that users have been requesting.
" }-

Nice feature ;)

-{ Quote: "ThreatFire 4.5 - Full Review (http://www.pcmag.com/article2/0,2817,2347574,00.asp) :)" }-
Interesting "team" concept mentioned by Neil Rubenking in his review...

-{ Quote: "Working Together

ThreatFire is designed to work together with your standard anti-malware product to catch those zero-day threats that slip past. What sort of protection would you get by combining ThreatFire with current top scorer Prevx? No, I didn't install both and re-run the malware blocking test. I just created a new hybrid set of statistics. For each threat I copied the result from whichever of the two was more successful. The combination yielded some amazing scores.

The Prevx and ThreatFire team detected 100% of spyware, 100% of commercial keyloggers, and 100% of rootkits. Prevx previously had the top score for malware blocking – 9.4 out of 10 points. ThreatFire's help raised that to 9.8. ThreatFire didn't do a lot to block commercial keyloggers, but it did enough to raise Prevx's 8.9 points to 9.3, beating the previous top score of 9.0 from Spyware Doctor.

Looking specifically at rootkit blocking, Prevx alone rated 8.9 of 10 points, a tie for first place with Spyware Doctor. Adding ThreatFire broke that tie; the team scored 9.4 points. The only area where ThreatFire didn't help out was in blocking scareware, and that type of threat is not easily detected at the behavior level." }-

Anyone here running these two side-by-side?

-{ Quote: "Interesting "team" concept mentioned by Neil Rubenking in his review...



Anyone here running these two side-by-side?" }-

I've run those before before I decided Prevx is simply not for me. Didn't have any conflicts if that's your concern. ;)

-{ Quote: "Anyone here running these two side-by-side?" }-
I'm running ThreatFire 4.1 alongside Prevx 3.0 (paid), AntiVir Personal 9, PC Tools Firewall Plus 5, AVG LinkScanner, and Returnil Premium. The entire combination runs nice and light on my XP Pro system with no conflicts or performance issues.

-{ Quote: "I'm running ThreatFire 4.1 alongside Prevx 3.0 (paid), AntiVir Personal 9, PC Tools Firewall Plus 5, AVG LinkScanner, and Returnil Premium. The entire combination runs nice and light on my XP Pro system with no conflicts or performance issues." }-
That looks like one heck of a strong line-up, pegr. TF just didn't do right on my machines... I think it was conflicts with ZAP's OSFirewall. I always did like it, and wished it would run better, but some things just aren't meant to be, I guess. Good luck with what you've got. :)

-{ Quote: "Good luck with what you've got." }-
Thanks Page42. Best wishes to you too. :)

Ok, here is v4.5:
http://www.majorgeeks.com/PC_Tools_ThreatFire_d5190.html

Changelog available? :)

-{ Quote: "Changelog available? :)" }-

Not yet, last time I checked, which definitely wasn't long ago (some min. to be frankly ;D) - we'll just have to wait patiently, and I don't think it'll be long. ;)

Threatfire 4.5 changes (http://www.threatfire.com/updates/).

-{ Quote: "Threatfire 4.5 changes (http://www.threatfire.com/updates/)." }-

Thanks - I expected the changes to show up at the forums first. ;)

This new version does seem to be a beta of some sort. Just look at the following prompt and make your opinion. ;D

It'll prompt on a small, free game. There's no removable drive even inserted, it reports a BUNCH of registry keys and values, and that it accessed programs like Opera and MSPaint. ;D

-{ Quote: "Threatfire 4.5 changes (http://www.threatfire.com/updates/)." }-
.
Unfortunately, I don't see anything about a "deny" option or anything that suggests they have addressed the problem of quarantining critical system files. I would like to know how TF 4.5 handles that scenario before I use it again since I got bitten a couple of times by previous 4.X versions.

guh, threatfire for 64bit is still in beta 4.1:isay:

Where is the deny option?

Im guessing it wont be added till the August/September release.

-{ Quote: "Im guessing it wont be added till the August/September release." }-

Correct, it'll be in the release after this one. ;)

-{ Quote: "That looks like one heck of a strong line-up, pegr." }-
Lol, it looks just a little bit overkill to me. ;D

-{ Quote: "Lol, it looks just a little bit overkill to me. ;D" }-
In this forum, a little overkill isn't much! ;) Tell me which part of pegr's set up you think is overkill?
-{ Quote: "I'm running ThreatFire 4.1 alongside Prevx 3.0 (paid), AntiVir Personal 9, PC Tools Firewall Plus 5, AVG LinkScanner, and Returnil Premium. The entire combination runs nice and light on my XP Pro system with no conflicts or performance issues." }-
I know nothing about AVG LinkScanner, but it all looks balanced and strong to me. :)

-{ Quote: "Im guessing it wont be added till the August/September release." }--{ Quote: "Correct, it'll be in the release after this one. ;)" }-
Thanks. I will wait for that version to try.

-{ Quote: "
I know nothing about AVG LinkScanner, but it all looks balanced and strong to me. :)" }-

I would say LinkScanner is still being useful - it'll block exploits before the other AV vendors have catched up. :) Your choice to go on and buy the software if you see an exploit-block-warning. ;D

-{ Quote: "In this forum, a little overkill isn't much! ;) Tell me which part of pegr's set up you think is overkill?

I know nothing about AVG LinkScanner, but it all looks balanced and strong to me. :)" }-
IMHO ThreatFire, Prevx, or AntiVir Personal by itself is already enough, not to mention adding PC Tools Firewall Plus, AVG LinkScanner, and Returnil Premium!

-{ Quote: "Black-listing programs (including Antivirus, behaviour blockers like Mamutu, ThreatFire, Prevx etc) do not prevent you from getting harmed in the first place." }-
Of course they do; nobody would bother to use them if they didn't! I can't believe you're suggesting that all of the magazine reviews, independent malware tests, and security analysts are wrong :argh:. It's true that no single program or approach provides 100% protection, which is why a layered approach can be more effective, providing that the layers are carefully chosen so they they complement each other without causing system instability or other performance issues.

-{ Quote: "Remember, prevention is key. Prevention also gets you close to 100%. Black-listing will never get you close to 100%." }-
True, but the term black-listing is usually reserved for signature-based products such as anti-virus. IMHO it's misleading to apply it to products such as ThreatFire and Prevx which primarily use behavioural monitoring and/or heuristics. It's generally recognised that the use of black-listing as a sole means of protection is becoming increasingly ineffective as the volume of malware continues to rise exponentially, which is why many people are now combining traditional anti-virus with other approaches such as ThreatFire that don't rely on signatures.

Black-listing may still be the most effective means though of dealing with social engineering attacks such as, for example, the user unwittingly visiting a fraudulent website designed to capture personal information for financial gain. Without some detectable suspicious activity on the host, behavioural and heuristic methods will fail. In any case, most people would probably agree that the most important element of any security setup is education and vigilance on the part of the user.

-{ Quote: "Also roll-back systems are not security products. If you have to rollback because of malware, then it means your security setup has failed you. Sure, rolling back will mean you start off with a clean system again, but you'd better hope you didn't have any sensitive data on your system that was stolen before you rolled back." }-
True. I agree that programs that restore the system back to a known state are not security products because security is not their primary focus. They do have a role to play though in cleaning up the system after an infection. Imaging, roll-back systems, and virtualisation can all be used for this purpose.

I use Returnil which is a partition virtualisation application, not a roll-back system. I don't regard it as a primarily as a security product, although it does have some security features such as file and folder protection for sensitive data and an anti-execute tool ;) . For me, it does a similar job to Sandboxie which I also use, but only for high-risk surfing becase Sandboxie doesn't run well on my system and slows down my browsing to a noticeable degree. It also enables me to test most program updates (i.e. those that don't require a reboot) for stability before applying them to the real system.

As this thread is about ThreatFire, it's worth pointing out that some users have reported that ThreatFire has been known to occasionally cause system damage when remediating after malware detection. Although this has never happened to me, because of Returnil, it's not something I worry about. A simple reboot and I'm back to a clean working system without having to restore from an image.

-{ Quote: "Virtual machines can sacrifice usability and convenience, and aren't really security products either. They are usually just used to test (potential) malware." }-
Agreed, but Returnil isn't a VM; it's a lightweight virtualisation application which runs under the control of the OS.

-{ Quote: "IMHO ThreatFire, Prevx, or AntiVir Personal by itself is already enough, not to mention adding PC Tools Firewall Plus, AVG LinkScanner, and Returnil Premium!" }-
ThreatFire and Prevx are both designed to be run alongside a traditional anti-virus program such as AntiVir. Although, it's perfectly viable to run any of these programs on their own, the overall level of protection is likely to be increased if two or more are combined. The recent PC magazine review of ThreatFire 4.5 for example showed that detection and blocking of malware was indeed improved by running Prevx 3.0 and ThreatFire 4.5 together. In any case, the main reason I pay for Prevx is because I like what the company are doing and want to support them.

The reason I use PC Tools Firewall Plus is because I wanted a good simple firewall for network activity monitoring and outbound control of normal, well-behaved applications. As I'm behind a router, switching on the Windows XP firewall would probably be quite sufficient for security purposes. I don't regard it as the primary purpose of a firewall to detect and block malware; that's what the other layers are for.

I use AVG LinkScanner and WOT as Firefox extensions when using Google. It's possible to have a debate about the usefulness or otherwise of site advisors, but I like them and a lot of people do use them when surfing the Internet in addition to their other security.

Regarding Returnil, as with Prevx, the main reason that I use Returnil Premium is because I like what the company are doing and want to support the future development of RVS. I've already said in my last post #79 that I don't regard RVS primarily as a security product. I like that the fact that after a web browsing session, a simple reboot removes all traces of the session from the system. It also allows me to be more experimental, knowing that if I manage to crash the system (it's not unknown), I can recover it in just over a minute instead of having to wait 45 minutes for an Acronis restore to finish. As the biggest cause of system instability on my PC is me rather than malware, running the system on a virtual layer has its attractions. ;D