Mamutu on GoTD

Yes, see post #6 in this thread.

 

Thanks. Prevx2 worked the same way, but I reformatted my computer and lost the deal.

 

Hi owining licesenses of all 3 behavior blockers on different macjines this is what I can tell:

TF is the best (has an issue with allow or quarantaine and no deny or block option which reduces usability and uses the most CPU power). Mamutu is by far the lightest and available in a lot of languages and PRSC is very quiet (with a system load somewhere in between Mamuto and TF, but with a lesser scope of protection to refrain from false positives). The new Mamutu community advise really makes it a very easy to use application. This is the reason I have Mamutu on my wife's PC (it is behind DefenseWall). For paronoids it is not a reassuring thought to lay their security into the hands of others (noobs compared to their own knowledge problably). So depending on your wallet, knowlegde and CPU strength/RAM, OS version of your PC you can choose the right package.

 

I installed it with a few minutes to go. Nice GUI. But what is under the hood? Has anyone had it catch malware? The community feature seems rather poor though. The onus should be on the malware analyst to decide what rules to put into a behavior blocker, not everyone else.

 

It's kind of frustrating how many times I have to set the record straight on this one.

How does the lack of a Deny option affect usability? If it's a legitimate program that you recognize, you allow it. If it's a malicious one, you should quarantine it so that all traces of it are safely removed and all potentially dangerous changes it made to your system settings reversed. If you do make a mistake (which shouldn't be that often, given TF's relatively low FP rate), restoring items from quarantine is only a few clicks away.

The only thing the lack of a Deny button affects is the usability of advanced rules. That is soon to be fixed AFAIK, and how many people use TF for its advanced rules anyway?

 

When i used threat fire and i had real malware inside sandboxie which is my main security app and is on my pc to stay threat fire quarantined sandboxie,my file manager that was open inside and everything inside,so this is a problem,the lack of a deny option.It removed them from the real pc also.That happened many times and the restore option didn't always worked and i had to reinstall sandboxie or the file manager a couple of times.Mamutu seems to ignore what happens inside sandboxie,i opened a few infected apps from p2p sites and got no warnings,and i like that.I know that some will say that threat fire&sandboxie work well for them but there is a problem and is not my pc or a bug.I like mamutu so far and i'm glad i find out about the offer.

 

At this point I can say that Mamutu is running better than Threatfire on my old 1,76 MHZ Singel Core Laptop, It is really lighter.
I have three FP's:
- explorer.exe
- UMTS.exe
- CCleaner.exe

We will see what it say when I Install a new Software or make a Windows-Update.

 

Then please click allow. Sandboxie will keep the malware contained.

If you're interested in continuing to use ThreatFire, you can report the incorrect quarantining, which will be fixed.

 

how many times I have to set the record straight on this one?
I hope your vision on how to use TF and for whom it is developed will be shared by the development team and implemented soon. This will save you a lot of time explaining how to use TF to vision deluted members of Wilders (like me ).

How does the lack of a Deny option affect usability?
The scenario described is only vallid for non critical processes being quarantained. The default setup of TF is not to create a restore point. Please always run TF with the option to create a restore point before user decision. I guess the poor PC users who quarantained a critical process which made their PC hang, just should have been more educated. Wait were not behavior blockers intended for people not able (or willing because other family members use the PC also, see note) to deal with the mind braking pop-ups of a classical HIPS?

*** note ***
I known that PC stands for Personal Computer, so I agree it is mistake to allow other members of the family to use the PC in the first place (wrong again )

how many people use TF for its advanced rules anyway?
Only me, I suppose.

 

What will really save me time is for people to stop parroting this request, without responding to my arguments, and without any really valid explanation of why it's needed.

This would make for a rather good argument, actually, were it not for the fact that the hypothetical scenario that you pose is completely nonexistent save for within the realms of your imagination. I can think of no better argument to prove the lack of need for the Deny button, than the fact that its proponents have to resort to fantasy, make-believe scenarios to justify the need for it.

That's very interesting. We need a Deny button because the lack of it "affects usability", nevermind the fact that figuring out advanced rules are, by far, more "usability affecting" than a Deny button (or lack thereof).

 

what are the popups that last about a tenth of a second and I cant read.

 

its explained here:
http://forum.emsisoft.com/Default.aspx?g=posts&t=3130

 

Hi can someone help me here answer these questions thanks.. whats best alert mode to have it on community or intelligent?? , also in permissions it says administrator but then says choose a non admin acc? what do i choose?.....and lastly in the Applications rules i have few of my main programs in there I ticked exclude on a few things is that a good idea? what can i exclude? do i leave IExplore as monitored? i have addmunch excluded because i know it is that how it should work ...Tx MD

 

iirc the permissions page is if you want to run Mamutu under a limited account. On that page you choose your limited account.

 

ok thanks..

 

I will anser your questions in reversed order

This would make for a rather good argument, actually, were it not for the fact that the hypothetical scenario that you pose is completely nonexistent save for within the realms of your imagination.

I now of three occasions where this is possible:

1) Imagine this: set the security level to 5 of ThreatFire. TF pops on to every intrusion, then choose quarantaine on every pop-up and re-boot!


2) A simple false positive (e.g. as it did with PRSC) of software drilling deep into the system, quarantaining it could cause on next boot up


3) A release might contain a programming error, is a possibility you can not rule out, therefore you have to provide user a parachute when the software bails out. Same reason I can not understand why the create a restore point before user decision is not on by default.


without responding to my arguments
See answers above

 

Why the average user would do that? solcroft said that level 3 gives excellent detection.

 

Lucas,

Solcroft claims it is non-existent situation. The example given is that a Noob/fool could easily create the so called non-existing sitiuation.

The problem within TF's own configuration possibilities is that you can create a situation in which quarantaine is a bad option. Okay it is stupid, but did you see on the Mamuto screenshots that 13 percent of Mamutu's users block legitemate programs, why would the TF users be different?

When level 5 is an option, would you stick your hand into a fire for it (after a bet that no one would ever do this?)

Regards Kees

 

There's one important difference. By default, Threatfire doesn't require user involvement, because it's much less prone to FPs.
Mamutu's users need to submit their decisions to a database and there's no reduction of FPs. TF's users only need to quarantine malware or (unlikely) allow an FP.

 

Hey Kees1958 and solcroft. I like ThreatFire a lot and used it as my staple security software for awhile, but since receiving the free Mamutu 1 year license and giving it a try I have to say I like it more than ThreatFire. I guess what I'm saying is can we go back to talking about Mamutu and argue about TF in another thread? Sheese. LOL. Just kidding. I actually get a kick out of the "friendly" debates you guys have, and would like to hear more on both of your opinions about the protective capabilities of Mamuta in comparison to TF.

 

The Logic says Threatfire, but my Heart says Mamutu.
What is better for a Security-Software Logic or Heart?

 

Hi,

May be a bit easy.

Whose logic ? whose heart ? and whose box these security apps to be applied onto ?

 

Yes, my Statement was not objective, I'm talking to myself.
I think I use it for a longer Time, because it's running better on my machine than Threatfire and to follow the improvement of the future Versions, but this is only playing, I need it not really.

 

Kees, have you even so much as HEARD of your hypothetical scenarios ever happening, or were you just practising your theorycraft, which seems to have gotten quite rusty?

I rest my case.

 

Hi,

I am glad that you feel that way, good for you.

I am using Mamutu now( I just wish I can remember its name someday, after long time usage), because its generous one year free offer- IMO, a smart deploy to let public to sample its product w/o any string attached.

I also used TF sometime ago, on and off depending on its version/build.

IMO, both are excellent applications from user's perspective. Just like wine and beer to me, I will use them according to the occasions. Moreover, both M and TF are supported by reputable software developers, Emisoft and PC tools respectively. Future development can be warranted. Meantime, any healthy technical debates between these two are most welcomed to me, by reading the between lines, I do learn something valuable.

Solcroft, you may have rest your arguments a bit too soon. I like to hear yours , so is Kees' . You both are still at Turn(Texas Hold em poker), you need to see the River, and then head up show down. Perhaps it is a split.

Take care.