New In Threatfire V4.1

I would say LinkScanner is still being useful - it'll block exploits before the other AV vendors have catched up. Your choice to go on and buy the software if you see an exploit-block-warning.

 

IMHO ThreatFire, Prevx, or AntiVir Personal by itself is already enough, not to mention adding PC Tools Firewall Plus, AVG LinkScanner, and Returnil Premium!

 

Of course they do; nobody would bother to use them if they didn't! I can't believe you're suggesting that all of the magazine reviews, independent malware tests, and security analysts are wrong . It's true that no single program or approach provides 100% protection, which is why a layered approach can be more effective, providing that the layers are carefully chosen so they they complement each other without causing system instability or other performance issues.

True, but the term black-listing is usually reserved for signature-based products such as anti-virus. IMHO it's misleading to apply it to products such as ThreatFire and Prevx which primarily use behavioural monitoring and/or heuristics. It's generally recognised that the use of black-listing as a sole means of protection is becoming increasingly ineffective as the volume of malware continues to rise exponentially, which is why many people are now combining traditional anti-virus with other approaches such as ThreatFire that don't rely on signatures.

Black-listing may still be the most effective means though of dealing with social engineering attacks such as, for example, the user unwittingly visiting a fraudulent website designed to capture personal information for financial gain. Without some detectable suspicious activity on the host, behavioural and heuristic methods will fail. In any case, most people would probably agree that the most important element of any security setup is education and vigilance on the part of the user.

True. I agree that programs that restore the system back to a known state are not security products because security is not their primary focus. They do have a role to play though in cleaning up the system after an infection. Imaging, roll-back systems, and virtualisation can all be used for this purpose.

I use Returnil which is a partition virtualisation application, not a roll-back system. I don't regard it as a primarily as a security product, although it does have some security features such as file and folder protection for sensitive data and an anti-execute tool . For me, it does a similar job to Sandboxie which I also use, but only for high-risk surfing becase Sandboxie doesn't run well on my system and slows down my browsing to a noticeable degree. It also enables me to test most program updates (i.e. those that don't require a reboot) for stability before applying them to the real system.

As this thread is about ThreatFire, it's worth pointing out that some users have reported that ThreatFire has been known to occasionally cause system damage when remediating after malware detection. Although this has never happened to me, because of Returnil, it's not something I worry about. A simple reboot and I'm back to a clean working system without having to restore from an image.

Agreed, but Returnil isn't a VM; it's a lightweight virtualisation application which runs under the control of the OS.

 

ThreatFire and Prevx are both designed to be run alongside a traditional anti-virus program such as AntiVir. Although, it's perfectly viable to run any of these programs on their own, the overall level of protection is likely to be increased if two or more are combined. The recent PC magazine review of ThreatFire 4.5 for example showed that detection and blocking of malware was indeed improved by running Prevx 3.0 and ThreatFire 4.5 together. In any case, the main reason I pay for Prevx is because I like what the company are doing and want to support them.

The reason I use PC Tools Firewall Plus is because I wanted a good simple firewall for network activity monitoring and outbound control of normal, well-behaved applications. As I'm behind a router, switching on the Windows XP firewall would probably be quite sufficient for security purposes. I don't regard it as the primary purpose of a firewall to detect and block malware; that's what the other layers are for.

I use AVG LinkScanner and WOT as Firefox extensions when using Google. It's possible to have a debate about the usefulness or otherwise of site advisors, but I like them and a lot of people do use them when surfing the Internet in addition to their other security.

Regarding Returnil, as with Prevx, the main reason that I use Returnil Premium is because I like what the company are doing and want to support the future development of RVS. I've already said in my last post #79 that I don't regard RVS primarily as a security product. I like that the fact that after a web browsing session, a simple reboot removes all traces of the session from the system. It also allows me to be more experimental, knowing that if I manage to crash the system (it's not unknown), I can recover it in just over a minute instead of having to wait 45 minutes for an Acronis restore to finish. As the biggest cause of system instability on my PC is me rather than malware, running the system on a virtual layer has its attractions.