PC Magazine review - ThreatFire 3.5

Sorry,

NO: Just kidding because Easter and EricAlbert are very determined in finding the best (100%) security solution. Because they have a tight, but 'a bit paranoid like' setup, they (Eric some more than Easter) some times comments in holes of other people's security. I was just teasing them.

Eric's example of a new form of intrusion is a theoretical one (situation 2). ThreatFire is intended to protect you from these kind of situations. So TF would fail on its core competence, which is very unlikely. The same applies on the much praised AE (by Eric), it is an Anti-Executable, It should recognise all files with possible code in it. So not finding a new form of executable code in a file format, would also mean that AE fails in its core competence (also very unlickely, but theoretically possible). That is the tease.

Executable code does not have to reside on your PC any more (e.g. web applications, java, etc, Google's intention to supply MS Office like competitors via the web), or can move around Active X, BHO, J2EE, XML, COM, DCOM, etc. That is why 'hardening' of your PC is advised by many security experts. When you close down services on your Operating System which you do not use (e.g. BITS, Remote Assistance, Remote Procudure Calls etc) you make the attack surface smaller. Mingling code and data is a night mere to securty specialists, but will be a trend which we will be seeing more and more. So AE like programs will get a harder time than TF like programs. Simply because you can not control all the attack vectors on your PC, that is why behavior based defense, policy based defense, on execution sandbox heuristics (like Norman and F-secure offer) are a theoretical beter way of dealing with these future challenges.

TF is Behavioral based, Returnils is Shadowing your file system, so TF for contineous and Returnil for adhoc is a good combo.

Regards Kees

 

Kees1958

Your assumption is pretty much on-target.

Erik fiercly refuses imperfection and i march towrad perfection but am somewhat forgiving, but not always

You're definitely right about both our motives though, that is in finding a 100% security solution that cannot be compromised by anything.

Untill then, FD-ISR plus my backup images will just have to do for now.

But i think 100% protection IS within reach, just not quite there yet, because if it was, it would be have to be a single monopoly that would cancel any interest in any other solutions. LoL

 

Ahhhhhh........ Thanks for sparing me. LOL I couldn't stand (but would) to see my 3rd consecutive sunrise. My daughters will want to reclaim this 'puter tomorrow... LOL

 

It's a pity then that he has no clue where the biggest hole in his setup is...

 

Let me guess...WINDOWS roflmao

 

Kees,
You have alot more faith in scanners and TF than me, I don't even use scanners anymore.

Except the last two months, I ran every scanner I could get, but that was only for verifying my setup. My setup was already 6 months old without scanners, I was curious to see if I was infected or not and I have no other way than scanners to verify this. They couldn't find anything on both system and data partitions.

I don't trust any of my security softwares, I only trust IB as #1 and ISR as #2. If one of my security softwares fails, my ISR will at least remove them, if not IB will certainly do the job.

Also our backup methods are totally different.
Our data backup is probably the same, but data is nothing but folders and data-files, which are stored on my second harddisk. I backup my data every day, but only the changes.

Our system backup is certainly not the same.
I don't backup my actual system partition, I "restore" and "backup" my original system partition and only when it changes.
I don't go online with my original system partition, I go online with a copy of my original system partition.
Each time I have to change my system partition, I ditch my old actual system partition and replace it with a copy of my new updated original system partition, because my old actual system partition has been online too long.
After that, I don't do any system backup anymore until the next change, which can be next week or next month, that depends on outcoming new versions of my resident applications.

Of course I try alot of other softwares like anybody else, but that happens always in my actual system partition and when I'm tired of them, I use ISR or IB to get rid of them.

 

Erik, isn't AE a scanner of sorts In as much as ThreatFire is

 

The biggest hole is ME, but every security setup has that problem.

 

In my case that would be true. In your case, I still say it's the OS.

 

AE is a pure whitelist scanner of executable objects on my system partition.
My second pure whitelist scanner is a clean and unused FDISR-archive, which covers my system partition completely.
AE is not my only security software, but AE is the only security software I do understand, the rest is very blurry.
AE is hardly a subject at Wilders, but all the rest is blurry and that is food for endless discussions and user opinions.

 

Thank you, that is exactly the point I am making!

 

I'm not paranoid. I'm not even a fan of anything. I replace any software without regrets. I don't work with software names, I work with software functions, possibilities, combinations, ideas, but Wilders always like to hear software names and doesn't like theoretical ideas, unless there is absolute proof.
I do what looks logical to me and that's all.

 

Yes, that is indeed your point, but I'm not planning to keep on using scanners on my system partition.
I used them to verify my setup, I uninstalled them after one scan.
They couldn't find anything, which means my setup works, that's all I needed to know.

 

Exactly my point. I can "get my mind around" the white-listing of known-safes....

Interesting. I never looked at it that way....

I learn 1 security software at a time before I move on to another....

So I have 1 question for you, a hypothetical perhaps. If you were just starting to build your current set-up and your pc didn't yet contain anything that couldn't be easily replaced, would you go with AE first or the imaging software for recovery

 

I'm not sure I understand your question completely.
I build my system partition with IB (ShadowProtect) first, while my computer is disconnected from the internet, unless there is no other possibility.
My worst enemies are softwares than need an internet connection during installation. I try to avoid them, but it's not possible anymore nowadays.
ShadowProtect and FDISR-archives are the only way to keep my system partition in a "malware-free" and "unused" state.

This is also possible with Returnil, but to keep your system partition in an "unused" state is difficult, you will need IB to make that possible.

 

I never used ThreatFire, but reading this thread I have no clue with all the answers (un)related to the topic starter, other than the always same answers/comments from ErikAlbert.
Stay away from here ErikAlbert or just stick with threads regarding your software, you are wasting bandwith.

Gerard

 

This was the thread-starter...

and I apologize for taking it off course. I will start my own thread or PM Erik for my answers. Sorry Erik, for not understanding and having to ask...

 

The nerve of you to do this 19monty64. LOL. I actually enjoyed reading the banter between everyone, but I rather use a program based on what I hear in Wilders. Hopefully the thread will turn back to ThreatFire now though.

 

ThreatFire is definitely 4 & 1/2 stars out of 5, and for anyone who hasn't tried it yet, they should. It is simple enough that a noob could install it without problems but advanced enough for the tweakers. What's not to (understand) like

 

Erik has turned this thread about a security program (Threatfire) into yet another of his unending descriptions/proclamations about the superior structure of his security set-up. I have read about Erik's configurations before -- MANY times.

The topic of this thread caused me to hope to read about THREATFIRE, but here we go again with frozen snapshots. Yada yada yada

Erik -- please read again the last few sentences of LWM's recent comments to you.

 

Re-read the thread completely and you will see I'm not the only one, who got off-topic. Since you don't blame the other guys and only me, I guess it's more a personal issue against me alone ... yada yada yada

 

I've bookmarked that moderator's very handy post for future use whenever I next see ErikAlbert perform another one of his thread hijackings again. It's absolutely amazing how he can infect just about any thread and forcibly turn it towards yet another discussion about HIS setup instead.

 

Hi perman,Can you be more specific of your findings,what incidents with the drivers are you refering to.your making me nervous a little bit.

 

So if you always activate Returnil when you turn your computer on, it will do as well as ShadowProtect?