New In Threatfire V4.1

http://www.threatfire.com/updates/

 

FINALLY SOMEONE LISTENED AND ACTED!!!

i'M OFF TO TEST THIS right now! (fingers crossed)

EASTER

 

Hehe, few days ago i tried old version and today decided to re-install it. And it looked different. Then i noticed it's version 4.1. So far it works great
If i remember correctly, this version even works on Vista 64bit.
Nice job PCTools!

 

Working fine here. Maybe it's only a coincidence, but my browsing speed seems improved compared to the previous version. I think it also loads a bit faster. It's goog thing that they got rid of the AV scanner.

 

Well, i tried 3 real malware and TF did catch all 3 of them, but... no option for deny...

And mind you, community is disabled and outbound connection too. One high alert, one moderate, same as in previous version.

http://img16.imageshack.us/img16/5905/93622798fq9.png

http://img16.imageshack.us/img16/9594/77750458ff4.png

 

Thanks for the heads up Guest.

I don't know why they just don't add the allow/deny feature to the advanced tools section, (a setting in this area which could be enabled or disabled) that way only expert user would be using it and getting the pop up warnings this way and all the n00bs they seem to be trying to protect from the deny feature would not even have to worry about it. But those who want the feature could have it.

 

I will try it today at home...

How is this version about CPU Usage and system impact?

 

I tried to install it on a 64 bit machine, installation was interrupted with a message stating this version is only for x86 versions of windows .....

 

Vsta64 bits version is still in Beta I think. To download go to pctools forum and sign on for beta testing (or wait a few weeks)

 

Oh, so 64bit did not fall into this one. Oh well, i'm using Windows XP again since i'm now mostly running my Aspire One netbook.
But ThreatFire 4.1 runs ultra fast on it. I don't think i notice any difference in performance on it. I'm certanly keeping it to suplement avast!.
I think both together really pack some punch. avast! for existing threats and some new ones while ThreatFire is focused on brand new stuff.
Chance of anything getting through is very very small.

 

Using this combo, Avast Standard Shield (Normal), TF (level 3) and Sandboxie. Running on XP Pro and Vista Home. TF 4.1 seems much lighter, probably due to the fact the AV is omitted this time around.

Ice

 

After running it for several hours, i 'd say that alghough CPU-wise i don't see improvement, it does feel less heavy on the system and on browsing. As Icecube noted, the first, must be the result of not having the scanner anymore. Before it would compare everything against the scanner's blacklist. Now it doesn't do that anymore, so seems to provoke less system drag.

 

In your opinion is the overall protection more/less/the same as the previous version?

 

Well, i haven't used it as much as the older version and mind you that i don't use the community protection, but i think it must be at least as good as the last one. 3 out of 3 malware in my test, the pop ups were quick to appear and i had the usual false positive with Emule. So, overall i think it's better than the last. If not for anything else, it seems to be cause less system drag.

EDIT: Although in CPU Time , doesn't seem to have made any improvements.

 

Yeah, TF 4.1 is very light. I'm running it along with avast! on my Aspire One netbook and i really don't see any slowdowns or noticeable delays.
Plus protection from new threats is really outstanding.
I know its performance from Cyberhawk days and also later when it was already under TF trademark. Matt from Remove-Malware tested it not long ago and it finished with flying colors (ie it blocked everything).
avast! and ThreatFire really work nice together and offer protection that is hard to match. All this for free.

 

The system hiccups were a great annoyance when I tried TF last year,if they'd just address the issue of auto blocking I'd be tempted to try it again.

 

ThreatFire previous version only checked the AV-blacklist after an intrusion. So this advantage should only take place after an intrusion. Intrusions are not that common enoght to justify the increased responsive feel.

I think the the enhanced categorisaton of intrusions (which pattern recognistion easier) plus the advanced tracking mechanisme of the previous version offer improvement. Also ThreatFire sets process controls to other programs which are known entry points of malware OR show strange behaviour.

I bet ThreatFire might have more compatibility issues with other HIPS type of programs now. I noticed this during beta testing. On the other hand it is intended as an add-on to an Antivirus or AntiSpyware application. As such it does a remarkeable job. It is remarkeable that it is improved so much over time that it does need an detailed AV blacklist anymore to detail the warning messages.

ThreatFire in the past, sometimes took 6 months or a year to respond to a specific threat. I hope the new internal architecture will solve this (as a mater of fact I am confident about an improvement on this).

 

Personally i would like the "deny" option too, but i don't see it as too much of a problem, if you have an ISR program or an image to restore. The times i 've seen it in action against malware (under shadow defender), it didn't do something harmful to system files. Ok, theoretically it can happen, but for me, the most important is to make me aware that i have a malware on my pc.

Besides, on any alert, if you click "technical details", you will see what is about to be quarantined. If you see something that shouldn't, you can allow it and restore image. Also, once quarantined, you can also review the things quarantined and restore selectively.

So, yeah, ok, there is a slim chance that it may quarantine something vital to windows, but the chance is slim and you can view that before it happens. Use an image/ISR and that's it.

For being a freeware, i can't complain much. Sooner or later they 'll add the "deny" too i hope. In the meantime, the pros way outshine the cons of using it.

 

Well, then they did some optimization anyway, because it feels better now running on my pc and since this morning my browsing also feels more fluid.

 

With the beta adding other security programs to the trusted programs really did help to prevent this problem. I only encountered one situation in which the exe was left untouched (it was mentioned in the trusted list) and a dll was quarantained of another security program.

There is an option to set a restore point before quarantaine. TF team is so confident they still do not choose to select this by default.

 

Yep you are right. From 4.0 to 4.1 really was a big internal overhaul. It also could have been numbered TF 5.0. I sometimes do not get these software companies (like OA 3.0 to 3.1 which not only feels a lot faster, it actually uses less CPU cycles and reads a lot less I/O)

 

And again, the DENY option is refused as a benefit for TF users. This disappointments me greatly because it "IS" a very useful option indeed and always has been with apps like HIPS.

I tried it and tried to get excited but my anticipation was turned quickly again to frustration with the ommision of the DENY option left out.

EASTER

 

... together with creating a system restore point by default, as mentioned by Kees. I can see that too as very negative, and especially when denying is missing.

 

Installs in Portuguese (i guess) language here

 

I would be interested to know if it will still quarantine explorer.exe? I've experienced this once and others have mentioned it as well.