Mamutu on GoTD

Yep, I am old and rusty (from 195. Sprained my ankle playing rugby, got beaten by a 22 year old in the last Battle of Twins race, so I am losing it definitely.

Point is: when a software makes it possible within its own settings to enable unskilled users to cause disaster over themselves, they should:
a) either set the create restore point as a standard (so a fallback option is created)
B) allow for a deny button or
C) do not provide the user a Fals Positive generator by increasing the sensitivity level (mentioned security level for clearity, ThreatFire does not become much safer, it only warns more often, increasing the FP risk)


I like TF (should stop arguing about it in a Mamutu post, this is the last reaction), sorry Perman

 

Just wanted to add here another thank you to Emsisoft for a great program. Mamutu is running well with PC Tools Firewall and Avira Personal Premium and I think this makes for a good security set up.

 

Kees,

I think you've conveniently decided to not address my point: have you ever experienced this, or so much as heard of it happening before, or did you simply cook up your own doomsday scenario just to present a false need for a pointless feature?

Short of the Novatix staff themselves, I don't know anyone who tests TF as rigorously as I do, and I have not seen this happen. I'm willing to happily stand corrected if you have, but at the moment, as far as I'm concerned, you have a very vivid imagination, and an inexplicable self-justifying desire for a useless function.

 

hi solcroft, since you test so much tf how do the quarantine works? yesterday i installed an application and it gave me an yellow alert. (i know it was a false positive but thought lets see how tf work). i pressed quarantine and it did the work. i was installing this sandboxed. tf quarantined the application and nearly half of the sandbox including opera (also installed in the sandbox) and even a word document on an other drive. it quarantined 1220 files and only a few were from the original application that gave the alert. i tried to recover files from the quarantine but that was impossible because the gui went blank after several minutes of tf scanning the quarantine folder. thx

edit: sorry noticed this is total OT

 

This is because ThreatFire, mistakenly, doesn't seem to recognize Sandboxie as a legit application.

The reason for 1220 files being quarantined was because the PARENT PROCESS of the false positive was Sandboxie. When ThreatFire quarantines something, it hacks off the parent process as well - this is by design, to clean up droppers and downloaders from your machine as well; early versions of Cyberhawk didn't have this feature, and although they can terminated offending processes, they left these malware remnants on your PC. But as aforementioned, ThreatFire screwed up on Sandboxie and didn't know it's a legit process that should be left alone, and as a result Sandboxie, along with ALL OTHER FILES it dropped, gets axed.

 

Hi, Solcroft:

I am pleased you return for more healthy debates/discussion.

On Chinese Kafan Forum, two experts have conducted Mamutu, AntiBot against so called FOUR most notorious malwares, there are links there for the d/l.

Since you have done extensive testing work on TF, could you possibly conduct some serious testing of TF vs these malwares ?

According to their tests, Mamutu has detected/intercepted all FOUR, while AntiBot has just stopped two of them.

Looking forward to your test results, thanks, Take care.

 

It's not even worth testing. TF completely destroys those trojans, and many ones that are much worse. Back when Xorer was first released, for instance, TF was the only one I tested who successfully withstand its messaging attacks and quarantined it completely, while the competition folded beneath the onslaught. Some of them have since caught up, of course.

Generally I don't pay too much attention to those tests. It's more of a "been there, done that" thing for me.

 

Hi, Solcroft:

Nice to know these things.

Thanks.

 

So since this is a thread about Mamutu. I'd like to know how TF stacks up to it as far as Real Time protection.

 

So SandBoxie and Threatfire, not a good combo huh
I use SandBoxie now but i've used Threatfire in the past, I'm asking for future reference.

 

I wonder if PC Mag will jump on Mamutu and test it. It gave a glowing review of TF.

I know that AV-Comparatives tested Cyberhawk and a few other programs way back. Will they do another test with the newest bunch??

 

Slight correction. Quaranting a sandboxed process = not a good combo.

You can't run everything sandboxed. Having something to intercept the things you have to run outside the sandbox sounds like a very wise precaution to me.

 

Gave up on Mamutu after noticing high CPU usage spikes (approx 80%) every few seconds.

Changed to Threatfire (with Sandboxie). No problems so far.

 

ThreatFire and Sandboxie make a good combination.
For many months, I've been using them without a problem.