ThreatFire 3.5 Release

Hi all, we just wanted to let you know that ThreatFire 3.5 has been released! This version includes some new features, some more protection and some more things for free

Existing versions will start being upgraded over the coming week so you don't need to update manually if you don't want, you can just wait. But if you want to get it now please uninstall any existing ThreatFire versions, reboot and then download and install from http://www.threatfire.com/

Hope you enjoy and as always please let us know what you think!

What's new in this release

• On-demand antivirus scanner is now available in ThreatFire Free as well as Pro. The main differences now between the Free and Pro versions surround licensing and support options, as well as the one configuration option which allows automatic updates even when opted out of Community Protection participation. See the comparison chart for further details.
• New Security Status tab now includes tabbed selection of Worldwide Detection and Protection Statistics. The new Worldwide Detection map shows lists of recent malware and adware detected within the ThreatFire User Community. Clicking on a threat in these lists will display red dots on the map to display the threat's recent geographical distribution as we as integration with ThreatExpert for detailed threat analysis.
• Advanced Rules tab was changed to Advanced Tools and now includes a new System Activity Monitor for viewing detailed process information. Advanced Rule Settings is also now located under Advanced Tools.
• Alert dialogs have been slightly reworked. Instead of having "Allow" and "Quarantine" buttons, there are new radio buttons with the choices "Allow this process to continue" and "Kill and quarantine this process".
• In addition to the above options, Custom Rule alerts now include the additional option "Kill this process." These special alerts also now appear with a blue banner to help further differentiate them from other unknown threats.
• Enhanced alert dialog now provides technical information similar to what is shown in the Protection Log and Quarantine areas detailed views. The details show which files and/or registry objects may be quarantined if you tell ThreatFire to quarantine the threat giving you the alert.
• New options for default alert handling. Users can tell ThreatFire to automatically and silently quarantine all known malware, for example. Or, you can choose to always allow any adware, also known as potentially unwanted applications.
• Improved malware detection, including improved MBR infection detection.
• Continued improvement to show fewer false positives.
• Miscellaneous other program fixes.

 

I'm using the new version now. Seems to be purring so far. Like the new features in the free version too.

 

Next time, this sort of announcement should be posted in the correct forum. This is an antivirus forum -- TF is not an antivirus. TF postings should be placed in the Anti-Malware forum.

In any event, the new TF update is superb. Running smooth & stable so far.

NOTE- If you already have TF installed, you should read THIS post at the PCT forum.

 

@bellgamin - although I know Threatfire as a behavior blocker, the website does say "ThreatFire AntiVirus".

Anyways thanks for the update

 

Sigh.

And unfortunately it looks like the time has come for me to bid goodbye to ThreatFire for a while.

 

Okay, I did some tests and TF convinced me again!

I am going to use on an XP box only:

A) DefenseWall 2.4 (now in Beta)
B) ThreatFire 3.5

I will run ThreatFire standard out of the box with one setting changed (see pic) and will implement some additional registry protection with DW 2.4.

TF 3.5: first checks for known bad guys, after an intrusion. Seems more smart than checking on every program load, read and write which a common AV does. I do not mind the PC Tools AV having a lower detecton rate. My AV's have not found a thing in the last three years (only when playing with malware they recognise a few).

DW 2.4: will have additional containment of untrusted processes from each other (except untrusted versus trusted now also untrusted versus untrusted). I will use the default build-in rules Ilya will supply, plus one rule to protect my mail directory form other untrusted processes.
The same mechanisme will enable me to setup some additional registry protection. I will containing them for the 'system', meaning only trusted processes are allowed to change them. This is smarter than implementing them in TF, because TF looks at all processes.

To Solcroft, Bellgamin
It is just a trend: FW are getting classical HIPS competences to score high on leaktests (with white/blacklist for ease of use), Behavior Blockers will get a black list to check for known badguys after an intrusion (to balance sensitivity against false positives), Policy Sandboxes and Content blockers will merge (because they focus on risk reduction and attack surface reduction in the most user friendly way).

Regards Kees

NB for those not having DefenseWall and requiring some additional worm protection, import the text file and copy the Keys and Values to your Custom rules (registry) (When any process tries to write to the registry to the Key/Value Except when the source process is in the system/trusted process list, etc)

 

...and at this point we have a "new" Free Antivirus solution on the start, but what will PcTools do now with their other Free Antivirus, nobody needs it anymore if the Database is the same.

 

Why is that solcroft?

 

Why? It isn't like Threatfire is changing there philosofy:

 

You wouldn't bid farewell to an updated product, that has served you well, unless you've tried it for awhile and it doesn't fit your needs anymore.

Besides, it's only an on-demand scanner.

Any viruses or odd behaviour the on-demand scanner happens to miss, the normal ThreatFire protection will quarantine it.

People panic when a virus scanner misses several malware in a 'virus test' (no product will always get 100 per cent). What's the probability of getting those 'several serious malware' missed versus the ones a program catches. 1 serious malware missed for every 1000 caught?
(exclude the junk counted in tests)

 

It's changed to me. Now that Novatix is under the thumb of PC Tools' marketing department, things don't really look quite the same. The new improvements (worldwide detection statistics, radio buttons) read to me like a list of toys and eyecandy aimed at appealing to new users. The take care to point out the improved MBR protection rules. Why just the MBR rules? What happened to the other half-dozen of weaknesses in TF's protection? Because Mebroot was THE one that made the headlines, and new users are going to ask: "Hey, I heard there's this nasty rootkit that infects the boot sector, can TF defend against it?" And the marketing and support staff can say: "Sure it does, sonny boy!"

But what happened to the other long-standing loopholes? Script/batchfile viruses? Pcclient backdoors? Trojans that install a service by registering svchost.exe (for example) as a parent executable and controlling it using a shadow dll? Protection against file infector/encryptor viruses and mass-deleting trojans still aren't perfect either. Were fancy maps and radio buttons and a glorified task manager worth focusing on instead of these problems that dated back since the Cyberhawk days? From a marketing standpoint, maybe. I can understand that, as a new product in a niche market, ThreatFire needs users and revenue. But ThreatFire has lost some bit of its shine in my eyes, as the small company dedicated to cutting-edge technology that provided state-of-the-art defense against zero-day threats when so many other products threw the towel. It offered silent and dependable protection, an invisible sentinel with an awesome strength that few knew and appreciated. Nowadays the product seems more interested in advertising in your face what it can do rather than working on its flaws. TF's technical capabilities abilities haven't really waned, but they have more or less remained stagnant over the last few updates, with the emphasis placed on marketing rather than underlying technology. And though I understand their situation, I can't say it really appeals to me. I don't want to see the Novatix team scrambling to cover their behinds again when another new trojan hits the news and TF can't detect it because they've been blithely ignoring the weaknesses in their product, but that's definitely a possibility.

But with the latest updates, TF has certainly become more of a presence, so to speak. Good luck to the Novatix team, and I hope I'll be back someday.

 

Great release.Thanks again to those from pc tools for offering such good protection even with the free version.

 

Hi, Solcroft :

I totally agree with your points/views.

TF today is a changed identity from a tech-driven app to a marketing-driven item.

When the company was smaller and was cared/nurtured by owner with tech background, all tech details will take their seats. But when company configurations are altered, all focuses will subsequently be deviated.

The lasted 3.5 just a clear illustration to that theory. When marketing guru have the final say, all tech inputs which may hinder its marketing profile will take the back seats. After all, TF is now virtually a free ware, they(marketing guys) do not see an urgency to improve its tech lineups. Appealing to new average uses by dressing up nicely/elegantly is the key move.

I would not be surprised to learn that perhaps one day the tide has changed, all your pointers will be material-ed in a completely new tech-driven product.

If I were that pointed guy, I would be more than happy to bring you aboard.

 

My 2 cents for what it's worth.

We are still the same team. But having a product out in the world that does not retain users, because they do not understand what TF is doing is a problem. Marketing money goes down the proverbial toilet. And I am sure you all agree money pays rent, salaries etc...
In order to retain users, the focus was put on a bit of "eye candy", user requests, etc...
Rules are still a focus, and more than just MBR was put into TF for this release, and I hope you will see the results soon. Our devs are working on a few new ideas, and this takes time not only to develop, but to test.

For developers it is hard to get it %100, some are more successful, and all the power to them, we are trying too.

back to

 

what leaves me scratching my bald head is, PC Tools buys Cyberhawk. They make 2 products, one feature enriched for about $30.00 and one with less modules for free. I would assume they hoped you would start with the freebie then upgrade. I dont think they counted on the freebie being a hit and the paid version being a miss.

Now the freebie is featured enriched and what in the hell does PC Tools get for this. Sounds like they screwed themselves on this whole purchase. Maybe I am missing something.

 

I can understand people who might want that small company back, who nurtured a product from the ground up, did away with the fancy interface, and focussed just on improving a user's security.

But how many people actually paid or donated money for the cyberhawk product? Anyone? Even though nearly everyone who used the program enjoyed it.

The company PC Tools might not be highly regarded on forums where guys like to tweak their products to the nth degree, but if they have the same bunch of guys who worked on cyberhawk, now working away at ThreatFire, but in a much bigger company which can continue to put food on their table (as a top free product works wonders for the rest of a company's lineup- promotes trust, security and adds value) then I'm all for supporting them. Money wise that is.

They just have to find the right balance with getting a large number of people on-board to the free product, and find that 'difference' people are willing to pay for, whether it's a new scanning technology, better rootkit scanning, and so on. What that difference is, I'm unsure. (Maybe creating a more advanced product, like what the user solcroft is after and describes, is where a paid version could be viable).

Back to the topic, good to see the program is listening to user requests on the company's forum and making actual changes.

 

I have to agree on this. If a product is relatively unknown and/or to complicated to use, not many people wil use/buy/support the product. What good is a program, no matter how good it currently is, if the developers don't have the resources to support and improve the product over a longer period of time?

 

Saraceno,

ThreatFire IS an advanced product. The other so-called "advanced" products are advanced only in the sense that they're dumb and thus require advanced users to compensate for their complete lack of intelligence. I don't want TF to turn into an (ugh!) Comodo clone. It's just that TF's development is taking a trend that I can't say is much to my liking, and that's placing the development of toys and eyecandy ahead of technical improvements to the underlying technology.

 

That's fair enough.

I've enjoyed the product so I'm willing to pay for it. You've raised an interesting point, which maybe I'm interpreting differently.

Maybe the free product can target the everyday consumer, and if it's filled with 'eyecandy', then that's fair enough, cause they won't care. The more 'eyecandy' the merrier they'll be saying.

Maybe the paid version can be the one without the bloat, faster load-up time (as some users complain of slight lag), cleaner interface, uses significantly less resources (as that's what we all want and comment on) and so on...What do you think?

Just throwing around some ideas.

 

Here's the reason I won't be using it anymore: It's not free for commercial use anymore. The site used to say it was free for both commercial and personal use, but not anymore!

Other sites offering it for download still say so, but I guess they'll have to change that. See http://www.google.com/search?aq=f&c...ess site:www.threatfire.com/faqs/&btnG=Search

They've changed the site now, but Google still has that cached. Bummer.

 

Wow,

PCTools gives Pro features for free to the home user and it seems that the whole securityt community falls over them.

Version 3.5 did some eye candy and made the messages more clear I think the concept of a behavior blocker checking a blacklist first when an intrusion occurs is a briliant idea. TF listened to us, by offering a kill option for the custum rules.

The difference between yesterday and today in regard of TF is:
a) an extra bad guy check using an AV data base
b) clearer information pop ups
c) better customm rule handling
d) MBR protection

What is bad about it, I just don't see it?

 

I couldn't agree more Kees. It really is a fine free security tool that takes very little resources. I'll be keeping it on my pc.

Al

 

Yeah, you guys are right -- TF is awesome. It's just that I was using on our corporate network because it was legal before, but I can't now b/c they changed the EULA with the latest release. That sucks, b/c it is just about perfect for non-technical users, and now I'm going to have to look for something else (I'm not paying $600 for TF for all our machines).

 

Nothing, really; it's just that, as the saying goes, you can't please everyone. It's good because they're trying to make users happy, and it looks like they're taking the right steps. And the sooner they're done with appeasing you guys, the sooner they can get back to focusing on the things that I care about, such as the detection rate.

 

Well said. This is a great product.