CyberHawk is now ThreatFire & has new beta for v3

Discussion in 'other anti-malware software' started by InfinityAz, Aug 17, 2007.

Thread Status:
Not open for further replies.
  1. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    What about ppl stop using >50 security programs at once and use only those that actually compliment themself? Any kind of antivirus with decent track record on VB100% and AV-Comparatives with ThreatFire can already provide outstanding detection rates without compromising actual security and stability. I really don't see any point in using bunch of virtualizing tools and bunch of behavior blockers and HIPS on top of it along with antiviruses and truck load of antispyware tools. It's just unnecessary overkill.
     
  2. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I guess you never heard of layers.You can never have enough layers. In fact, I think according to this , most people don't have enough layers, as their defenses don't cover all the 9 defensive styles.
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    To be honest, I think all these "layers" of stuff is ridiculous too.. Just where on Earth are you guys planning to go armed with every possible security app under the sun? Whatever happened to being reasonable and practical? I've been on the internet for 12 years now and never needed anything other than an AV and a router or firewall.

    IMO, all you need for 99.9% of the situations out there are a decent AV and at most one other HIPS type program. That plus an image or two of your setup should cover you. I am simply amazed that some of these overapp'd PCs even run at all, much less BSOD every other day...
     
  4. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    i totally agree, i think some people are just paranoid, to me a good AV, hardware firewall and a good Image backup program is enough
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, I just don´t see what all the fuzz is about, I´m not impressed at all, firstly, it´s obvious that it won´t prompt you about a lot of suspicious behavior, secondly, it detects leaktests by signature, and thirdly, making of advanced rules is way too complex. So, no CyberHawk for me, but for the people who like it, have fun guys. :)
     
    Last edited: Aug 19, 2007
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Perhaps it's just intelligent enough to distinguish between "suspicious behavior" and something that is actually harmful.. The less prompting I get from it, the better for me.
     
  7. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    So whats better, an intelligent behavior blocker or dumb HIPS that asks you for everything and anyting, yet it's always up to you top decide. But when Cyberhawk (now ThreatFire) detects something there's like 99% chance it's actually bad. It doesn't detect leaktests by signature because they can't detect them via behavior. But they are in fact harmless and signature detection doesn't work just for these. Lots of common malware and adware is detected this way.
    Plus some components of these leaktests are in fact greyware. By themself, they aren't malicious but in combination with other components they can be.
    ANd third, who says you have to make any extra options? If you don't know how to make them, leave that option alone. I'm not gonna bang my head into a wall trying to create a program if i don't know how to programm one. Same here.
    Default rules are balanced enough for anyone anyway.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ RejZoR & Kerodo

    I´m sorry but I believe there is no such thing as "intelligent" HIPS, if you don´t want to see alerts just don´t use HIPS. A HIPS job is to (silently) protect you from zero day attacks, and to alert you about possible dangerous behavior, the more behaviors covered, the better.

    Because just like any other HIPS, CyberHawk doesn´t know which process is malicious and which is not, so how is it "intelligent" again? Even the HIPS in KAV/KIS will alert you about all processes who perform dangerous stuff, eventhough KAV can actually spot malicious tools by signature, know what I mean? So to answer your question, "dumb" behavior blockers are better. :)
     
  9. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Actually behavior blockers aren't dumb. HIPS programs are.
     
  10. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Please, let's not have another definition debate again.. They are so counter-productive...

    I suppose if one has the knowledge level of a malware analyst, one probably might use SSM or something of that class. For most of us normal mortals, Threatfire or Norton Antibot might be better.
     
  11. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Actually given that some users expect these overlapping setups to run on Virtual machines makes it even more amazing...
     
  12. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: Are all behavior blocker and HIPS are smart stuff? That all depend upon who are behind those apps. Some developers are smarter than others in the way of users-friendly. Some think they have the most advanced technologies which can outperform any other rivals. But when it put out for public testing, nothing but negative feed-backs, problems after problems. Do we say these apps are smarter ones, yes in their incubator, but not out in the open. I am involved with product development-consumer products--daily. Any inventions by our smart brains have to be filtered by some tech-deficient marketing staff. Their inputs are not taken lightly usually. That is why I smell ThreatFire will not be a user-friendly product as it stands now, alothough it comes from tons of brilliant brainpower.
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Every piece of software is certain to garner feedback from among thousands of users who don't like some niggles or aspects of how it works, especially when said software is still in beta. To be honest, I don't really see your point at all (if there is indeed one).
     
  14. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Keywords: "you" and "believe". Which means it doesn't necessarily has anything to do with fact, which is indeed the case here.

    "Dumb" HIPS will alert you everytime a process fires one of their rules, regardless of whether that process is benign or malicious. In the end, the user still needs to make a decision whether a process is harmful. Behavior blockers like ThreatFire and Micropoint (another excellent behavior blocker from China) function by analyzing a SERIES of actions (much like how a human user of a HIPS program would) instead of blindly flagging single ones, and then use an inbuilt algorithm to try to determine whether the series of actions fit the pattern of a virus or harmless program. Behavior blockers can monitor everything a HIPS can, and some of them actually do. They just don't blindly jump in your face every time something triggers their rules.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Don,t try to judge a behav blocker like a HIPS.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    This is not good to hear. Can u post a snapshot? Anyone else noticed it?
    I remember similar behaviour from CH and it was corrected after we mentioned it here.
     
  17. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Who cares? People are so freakin WAY too paranoid even where they shouldn't be. Oh noes, it's calling home. Oh dear, it's not like it's sending all your pr0n to them...
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    That,s a ridiculous remark. I always thought of u a helping person.
    BTW there is no porn on my PC.
     
    Last edited: Aug 20, 2007
  19. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,316
    Location:
    Earth
    ill stick with Norton Antibot till its final :D
     
  20. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    642
    i think he was only kidding aigle :D
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    About Porn? Yes
    Rest- not sure!
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I xpect it to be better. So far I have not seen off and on CPU spikes from its service( especially on launch of application), Ch used to give such spikes with sometimes slow downs etc.

    They should have changed the GUI of pop ups too, to match the new GUI.
     
  23. Nubiatech

    Nubiatech Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    50
    Location:
    IL, USA
    Hi,
    Could somebody please elaborate on the "buffer overflow" protection feature of Threatfire? How does it compare to other software, let's say Comodo Memory Guardian?
    I've read many posts on this forum about buffer overflow, but it seems there is no consensus on how important it is.
    I'd appreciate any comments and thoughts.
    Thanks
     
  24. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    922
    Location:
    Big Apple USA
    Had to dump Threatfire. Too reminiscent of CH. Frequent 75% CPU spikes. Slowed starting apps to a crawl.

    Then again YMMV??

    ...screamer
     
  25. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I must say I haven't seen any probs with TF here so far at all, and I just tonight went thru a major program upgrade as well as Microsoft Update installs, and was pleased to see that TF didn't once bother me with a bunch of ridiculous popups. It knows what's normal and what isn't, and that's exactly why I like it...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.