How to make ThreatFire block /+ remember.

Same here. I've been reading of this TF debate, wherein TF has been urged by some to include an Allow/Deny feature, but until this moment I hadn't settled on what to do. I am also experiencing a connection/performance issue with TF and avast!, so tonight I uninstalled TF and installed Mamutu.

Thanks to bellgamin and EASTER (and others) for the on-going good reporting about the TF/Mamutu comparison.

 

Personally I think TF does not have a stellar network component. I noticed slowdowns with custom rules. I wish it were more modular so you could turn components on and off.

Also, 'we' should remember that over at the pctools forum, it was stated that including the allow/deny feature was felt to cause performance issues. If this is the case, I can easily understand the need to not include it ATM. But the complete lack of this feature still leaves me scratching my head as to 'why not'.

For those interested, DSA is a pretty good app network wise. It's only downfall IMO is it blocks ICMP on WAN with no way to neuter. I tried to ping for instance google.com, and no reply. Exit DSA and now reply. That is the one and only reason why I do not use it.

Sul.

 

New user questions...

Since Mamutu is a pure behavior blocker without signature based detection, what are the updates for? Strictly program updates?

Next question is about configuring for alerts. I don't want to be buried with alerts, but I want good protection. Is this a good configuration?

 

Dynamic Security Agent is on - everything is fast and sofar no problems.

Mamutu slowed me down and hanged in certain situations.

ThreatFire weve talked about.

PrevXEdege conflicted with DW on my PC.

So now the question is - does DSA improve my defence?

I think it was Bellgamin who said DSA could detect some really unusual behavior - thats what made me interested.

Will keep it as long as its fast.

Best Regards

 

As I noted earlier, DSA includes some classical HIPS functions & SPI-firewall functions. Over & above those functions, DSA also monitors each process on your computer & makes a record of how each process on your computer acts "normally." For example, DSA tracks & records the maximum CPU usage of each process, in addition to tracking & recording many other usage patterns.

Once DSA completes its training period (you can specify how long its training period will be) then DSA will notify you if any given process suddenly begins doing something that is OUTSIDE of the norms that DSA developed during its training period.

For example, if process "A" normally uses a maximum of 30% of CPU cycles at any given point in time, and then process "A" suddenly begins using 80% of CPU cycles, DSA would immediately alert you to that fact. You can specify how big of a deviation that you want DSA to alert you to.

Be aware that DSA will alert you to any & all *abnormalities* that exceed the boundaries you have established. It doesn't tell you what to do about them.

Threatfire (TF), on the other hand, has a small amount of "intelligence" and will automatically allow or quarantine certain types of abnormal behaviors on its own. However, it will also alert you to those abnormal behaviors which it is NOT set up to handle automatically -- you must decide what to do about those.

Furthermore, TF includes a set of antivirus signatures. Therefore, it has blacklist capabilities in addition to its behavior blocker capabilities. When using DSA, it is prudent to ALSO run a stand-alone antivirus program.

Generally speaking, TF is "less demanding" of user intervention than is the case for almost all other HIPS, including DSA.

Bottom line -- Each HIPS (including DSA & TF) has its own unique set of strengths & weaknesses. The only way to decide on a given HIPS is to try them out.

 

Thanks Bellgamin DSA has been trialed and proven fast on my PC. But yesterday I decided to give PrevX Edge another go. If that will workout is still to early to say - uninstalled all - cleaned - defragged - and have installed Antivir + Edge and sofar OK - I have to post some Q to PrevXHelp first.

Best Regards