PC Magazine review - ThreatFire 3.5

Discussion in 'other anti-malware software' started by smith2006, May 9, 2008.

Thread Status:
Not open for further replies.
  1. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    808
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  3. 337

    337 Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    232
    Location:
    Georgia, USA
    Not a big fan of their reviews, but I give TF :thumb: :thumb: :thumb: !!
    Two products in one----behavior based HIPS and an on demand AV scanner!!
    :D
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi,

    I concur your comments, and am using it too, but.....

    recent incidents regarding its driver(s)--two so far, as I have come across.
    its hidden(un clear) status concerns me.

    The deeper TF gets into my box, the more nervous I have become.

    If a driver is left behind after reboot, and if user dares to remove it, system will blow up, rendering it useless(keyboard), it reminds me of road side cyberbomb, lethal, indeed.
     
  5. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    did anyone test the on-demand AV scanner in ThreatFire Free 3.5?
    Or are there actual any tests by magazines or AV testers available for 3.5.

    Because the pcmag author only wrote "On-demand scanner is not as accurate as that of signature-based products." o_O

    Cheers
     
  6. Clweb

    Clweb Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    127
    Location:
    France
    Seems a good product. But after installing it, I had a serious slowdown with the Opera browser. It was practically unusable when it came to reopen the previuous tabs.
    Firefox was not happy too: usable, but slower.
    I uninstalled it ( in normal mode) and everything worked like before.
    I give it a try by the next release/update.
     
  7. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    ThreatFire is the best prog that PC Tools has (or acquired, if you will), IMHO. I run it with APSS 8 and feel very well protected. I consider this program spot on for today's malware aggravations.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Subset,

    When using TF on a clean system, the AV scanner is a no-brainer. The real advantage of the on-access AV data base is when TF finds an intrusion, it first checks whether it is known malware. This on-demand is so effective, because you now do not need a realtime AV anymore.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    What if the malware is unknown or brand new or has a new form of intrusion or known but without signature ?
    How are you going to remove these, you can't keep them as resident malware, unless you don't care ?
     
    Last edited: May 12, 2008
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    The teaming of TF with PCT's AV (a VirusBuster clone) is the same concept as the teaming-up of Winpooch and Clam AV. Unfortunately, PCT's AV & Clam AV are 2nd tier, at best.

    It's as if Madonna were to be cast in the diva's role in Madam Butterfly. Brilliant concept. Inept execution.
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Bill,

    That may be true, but . . .

    TF checks the blacklist data base after an intrusion is detected. It is for the users comfort to tell them that they found a known malware. Point is TF still finds the intrusion. It is just for user reassurance and clearity to deal with the intrusion.

    Anyway I am only using TF, no more realtime AV (only a 2nd opnion scan before monthly image backup).

    Regards Kees
     
  12. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    With Returnil on-board and TF, with advanced rules and raised security protecting between re-boots, my AV has been relegated to on-demand and right-click scans only.
     
  13. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    491
    Will Threatfire run with NOD32 & Sygate. My last few attempts at installing this product have met with system lockups. I finally gave up & quit using it. What Av will run iwht this product?
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Have used it with so many security software without problems. Antivir, Avast, CFP, SSM, NG, etc .Try posting on their forums. May sygate is the issue but not sure.
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The combination of Returnil and TF is a good one, not because you have TF, but because you have Returnil.
    The trouble with TF is that TF asks you what to do and when you answer wrong, Returnil gives you the opportunity to correct your mistake.
    If I had Returnil and TF on board, I would always say NO to TF, because there is no reason to say YES.

    TF asks first then shoots, while AE always shoots without questions.
    If you combine AE with TF, TF is as good as unemployed, because lots of malware are executables and AE has a detection rate of 100%, TF not.
     
    Last edited: May 12, 2008
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    ......and the best part of the shoot first is, you can add an exe you determine is safe to it's WHITELIST! Everything else not listed is toast again.

    As far ThreatFire, i still can't bring myself to it's way of handling risks and the heavy impact it makes on my setup. I've talked till i'm blue in the face about why it employs 4 drivers and couple of running processes to do the same job i get from EQS which is a classical HIPS, and you have to answer it's alerts too.

    At least with AE combined with anything, AE will slap an executable down in a moment without hesitation not in it's WHITELIST!

    My verdict on TF is neutral, i neither am interestd in it for the reasons stated by experience but i don't discount it's usefulness either.
     
  17. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I use TF for it's advanced-ruleset and FW-capabilities, and like it for it's ask first way of doing things. I always say "yes" to TF's pop-ups, (which increase as I raise it's security level) and if it was a wrong decision, I just need to re-boot. Lesson learned and thankfully not the hard way, like was always my way in the past. LOL I turn off Returnil for 1 hour each day for up-dates and to incorporate the "denied-list" in TF, so after a few days it goes quiet again. It's advanced rules make it more like a classical-HIPS in that the rules need to be dictated by the user, and the pop-ups are my educational-tool to learn HIPS. I've tried others (PG, SSM, etc) and they are like firewall-rules to me. I HAVE NO CLUE AND BY THE TIME I LOOK UP THE DEFINITIONS I FORGOT WHAT I READ. In the natural evolution of things, I will eventually become an AE-user. It took me long enough to grasp Returnil. I struggled for months to figure it out. LOL I follow a lot of AE threads and will eventually get the nerve (and time) to take it on. Then TF is GONE. For now I will keep on learning...
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    AE borders on ridiculously simple because it doesn't flood a customer with way too many settings to struggle with, and right out of the box after it SCANS your "clean" system, it Whitelists them all so that if ANY executable not indexed and databased by it becomes a moving target to stop cold on-the-spot. And i think thats why you'll really admire it once you test it for yourself.

    The other easy part is IF you have an executable that you know is safe that it flags, like a newly downloaded or copied files, it's as easy as entering your password to temporarily stop AE altogether and then run that app. After so engage AE to ON again, and it adds it to the Whitelist.

    Faronic's really has a winner with this program as well as in my case, Deep Freeze which LOCKS the partition so tight, i can't even get it to do business with another HD.

    Now i call that really STRICT safety protection.

    EASTER

    ErikAlbert can fill you in with even better details about AE then myself.
     
  19. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I liked Erik's approach to re4matting. Early next year when I re4mat again, (and after I replace my cd-burner) I plan on doing it similar to the way he did. (minus the phone call to M$ ;) ) I'm 99.9% sure of Returnil (I'll need to renew my license by then) and AE. The imaging software is the only missing piece to the puzzle but I have months to figure that one out...
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Then the behavior blocker will kick in.

    Then you are hanging out to dry. Same applies to your setup.

    What when a new form of executable is found (think about WMF exploits, for instance in data files), this leaves anti executable hanging out to dry to.


    Then the behavior blocker will kick in.

    For 2, the theoretical unknown, there is a simple solution.

    Data backup every month, Image backup every two months. I keep six image backups. After making a new one, I set back the latest - 1 (previous version), update an on demand AV scanner (Avira) and perform a scan. This means the AV on demand scanner has a two month time advantage on any zero day threats. I think the risk is close to zero for not finding a two month old zero day threat. When that scan is okay, I delete my oldest image and set back my latests one as actual.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Thats what i done.

    I got hold of a used HD and wiped the devil out of it with D-Ban & WhiteCanyon's Wipe Drive Pro to make darn sure the metal was ready.

    I installed, get this, Deep Freeze w/ AntiExecutable and this single drive is Rock Solid. I might add i also threw in EQS just to watch over matters because it covers darn near everything humanly and machine possible with NT Systems.

    That unit is more or less my Fort Knox because it's so tightly sealed from any forced intrusions.

    EASTER
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Only when AE knows the executable format (1) AND when AE is active (2).

    I think drive by infections are the main concern, followed by new forms of code in data files (1) and malware trying to kick in on log-on or system shut down (2).

    This means that AE is also lickely going be to defeated, because it relies on execution code recognition. You can also not guarantee that AE is the first to be on duty and the last to go asleep.

    ;) Hope this feeds your security concern :p

    Regards Kees
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Forgot to tell you that I backup on a external harddrive. I would not count on a backup as long as it is connected, there is always a possibilty that . . .

    :) Think this feeds some disconcern to :D
     
  24. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Please don't tell me that my use of TF (advanced rules & raised security levels) has actually made it less effective. I finally got it working (peacefully) with Returnil & AntiVir. It has already been a long week, and it's only Monday (or Tuesday) LOL
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I also back up my drives/partitions as a regular routine but i either got some guts or am overconfident in the confidence i've experienced with DeepFreeze & AE combo because i don't feel the need to image it at all. Plus not a lot of apps on it of any real concern of loss, like i said it's my Fort Knox unit and is tight as they get.

    One reboot and you're safely back again at the starting line. LoL
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.