anti-malware query

Discussion in 'other anti-malware software' started by sach1000rt, Sep 30, 2007.

Thread Status:
Not open for further replies.
  1. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    i tried threatfire last week and it worked well(apart from that delay of shut down button).
    But it was hard to configure or set custom rules as said on the other thread on this forum.
    So i want to try a-squared right now.
    I dont want to compare these products.
    I want to know that WHICH IS EASIER TO USE.I know that threatfire is for free.
    Is a-squared comes with built-in rules not like threafire where we have to configure that manually.
     
  2. StevieE9

    StevieE9 Registered Member

    Joined:
    Jan 16, 2007
    Posts:
    139
    Prevx2 is the best (and, when it works, better) alternative to ThreatFire. Personally I've tried all versions of ThreatFire (Cyberhawk before) and don't like it one bit.

    ASquared free is not much different, and less good IMO, than the free 'post-trial' versions of CounterSpy and SuperAntiSpyware. Personally though I would only use any of these three as on demand scanners and never 'onguard' paid or not - for that I prefer Comodo BO Clean, which is always free.

    By the way, ASquared (full version) is actually nothing like Threatfire or Prevx - they are HIPs programs and Asquared is not.
     
    Last edited: Oct 1, 2007
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I haven't tried Threatfire, but I can tell you that A-squared is extremely easy to use. It's pop-ups provide easy to understand explanations of what's going on.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: If ThreatFire is to your liking, except that... Then,
    Perhaps you could explore this one, which is easy to use, pretty much self-explanatory. Primary Response SafeConnet, it offers 15 days trial. Set and forget, low resource usage, few or near nil popups. After a long observation and a brief trial, I finally enlist it. Noton's AntiBot is its clone, but I do not like
    Norton's digital d/l policy: free re-download only within first 60 days, after that , fee is required for extra d/l.
     
  5. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    The answer depends on which version of A-Squared you are looking at.
    The free scanner or A-Squared Anti-Malware?
    A-Squared Anti-Malware has real-time protection.
    You'd have to try it to find out if it's easy to configure.
     
  6. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Tester is correct. The paid version of A-squared has real time protection. It has IDS technology which alerts to certain changes in your system. http://www.emsisoft.com/en/software/ids/ There are only pop-ups to answer and nothing really to configure. A-squared has minimal configuration similar to a normal anti-virus.

    The free version they offer is only a malware scanner. If you want to try the paid version, it does have a 30 day trial.

    I'm not favoring either program as I haven't tried Threatfire. I was under the impression that it was also easy to use. When it comes to custom rules with any program, it gets above my understanding without help o_O.
     
  7. StevieE9

    StevieE9 Registered Member

    Joined:
    Jan 16, 2007
    Posts:
    139
    Threatfire and Prevx are HIPs based anti-malware programs that do not rely on malware definitions - they look at behaviour on the system.

    ASquared is an anti-spyware (not all-encompassing malware) program, that has a couple of additional options, like CounterSpy and SuperAntispyware, but they are *not* HIPs based programs so *none* of them are comparable to either Threatfire or Prevx.

    Prevx is a good (better) alternative to Threatfire.

    CounterSpy or SuperAntispyware are better alternatives to ASquared (all full paid for versions). CS & SAS are deeper scanners in their free, on demand versions, than ASquared free version.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Having Primary Response Safe Connect, A2 Mailware with IDS and ThreatFire on 3 different machines with sandboxes (resp: HauteSecure, DefenseWall and GeSWall Pro), these are my experiences:

    Ease of configuration: 1 PRSC, 2 A2, 3 TF
    Transparency in protection: A2 IDS = 1st, TF=2 and PRSC=3
    Clear messages: A2 IDS = 1st, PRSC=2, TF=3
    Tested protection, PRSC and CyberHawk in AV comparatives, own testset A2 and TF passed all. PRSC could not be tested with own set (is on Vista64 machine)
    Protection coverage is a mixed bag:
    - in TF you can set your own rules (but you were not happy with that, so it is irrelevant),
    - A2 theoretical provides the widest coverage, but does not protect all start up registry entries to protect against worms (that is why I use WinPooch additionally, see this forum for a set of rules to import). You also have to select the on (blacklist) protection to check for riskware. A2 categorises keyloggers as riskware not malware. The real time protection also increases protection against worm protection. Best protection with A2 is with the intelligent false protection set off and paranoid mode on.
    - PRSC is used by Norton as an Antibot, so their protection on this area is great, it also is strong against keyloggers. PRSC has an automated removal option (so you do not have to decide).

    Regards K
     
    Last edited: Oct 1, 2007
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    This was the question. Which of these two are easier? Not which is a better sub. for TF. I agree with some products maybe being better than A2, but it wasn't what was asked.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    You can not call TF an HIPS and tell that A2 is an IDS, they respond exactly the same to threats. They notify when an anomoly occurs, giving you a choice.

    Until an objective broad test has tested their effectiveness, I can not tell which application is better. For as far as I have seen CyberHawk (now ThreatFire) and PRSC have only been tested in PC Mag and Av Comparatives against each other. A2 previous version was tested also in AV comparatives, but I rate version 3 much stronger than the testes 1.65

    For a complete noob I would advice PRSC set to automatically quarantaine. For an average skilled user I think A2 is the easiest option. When you have some additional security knowledge TF is simply the best deal because it is free.
     
  11. StevieE9

    StevieE9 Registered Member

    Joined:
    Jan 16, 2007
    Posts:
    139
    TF and A2 are two very different programs. They do *not* do the same things. So they cannot be compared like for like.
    A2 can only be compared with products such as AVGAS, CS, SAS, SpySweeper etc.
    TF can only be compared with Prevx and other HIPS programs.
     
  12. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    My apologies, I thought...
    meant he wanted to know which was easier to use. But he actually wanted to know...
    ...thanx for clearing that up. Again my apologies.
     
  13. StevieE9

    StevieE9 Registered Member

    Joined:
    Jan 16, 2007
    Posts:
    139
    That's ok - we all get it wrong sometimes.;)
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    19monthy64,

    I interpreted it the same as you did, anyway I tried to shine some light on their ease of use. I guess it is up to Sach1000rt to decide whether the answers are helpfull or not.

    StevieE9,

    I disagree with you. Why don't you download both TF and A2 Malware (paid with IDS) and run them through the same set of tests. Now try A2's IDS with and without Intelligent False Positive Reduction and you will notice it evaluates the sequence of events (with IFPR). I would call that behavior analysis (e.g. keyboeard hook setting without seeking the internet is okay, with you will get a notification). From release 2 on CyberHawk also uses parts of code to identify knwon threats (the red alerts), so ThreatFire is not behavior only. In fact ThreatFire Pro has as extra AntiVirus. As far as I have tested them both (A2 with IFPR off); they both protect against driver installation, dll-injection, etc. and display a pop-up. Only the description of A2 is clearer. So from a user friendliness point of view they can be compared also (as was the question as I interpreted it).

    Regards Kees
     
    Last edited: Oct 1, 2007
  15. StevieE9

    StevieE9 Registered Member

    Joined:
    Jan 16, 2007
    Posts:
    139
    Hi Kees

    I have used and tested all those programs.
    IDS in A2 is definitely not the same as HIPS in TF or Prevx.
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep A2 and TF are not the same, I agree

    PrevX also uses black and white list for execution control and some (light) behavioral analysis, so that is definitely not the same as the advanced behavioral analysis without execution control of TF, agree again

    Have fun ;)
     
  17. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I haven't tried Threatfire (or the former Cyberhawk), but A-squared is a relatively easy program to use. Learning to set up rules and a proper configuration takes time for many behavior based security applications. To make a similar comparison, Zone Alarm is very simple to run right away, while Jetico requires a bit of tinkering to set up. BTW, there are many free programs that are not easy to set up, IMHO.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    CCsito,

    True, but TF out of the box does not need configuration. Due to the lack of dicumentation I had only given a short introduction on how to set up custom rules.

    TF is only in English and A2 provides a lot of other languages available.

    At home we have three different PCs with three different user preferences (A2 with IDS, ThreatFire and Primary Response Safe Connect), so I am not favouring one above the other. The good thing off trial software and competition.

    Regards Kees
     
  19. SMPRICESOLUTIONS

    SMPRICESOLUTIONS Registered Member

    Joined:
    Jan 8, 2007
    Posts:
    35
    I have been running ThreatFire and Prevx2 side by side for a few days now and have not seen any problems as of yet between the two.
     
  20. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I have Prevx2, TF and PRSC in the same laptop, no conflicts. Who says three is too crowded ? Take care.
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You could have hidden conflicts. Non-signature security software make extensive API hooking and there's a limit in the number of filter drivers you can install.
     
  22. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, lucas 1985:

    What would be the warning sign of these hidden conflicts ? Thanks.
     
  23. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'm not sure, but having no BSODs doesn't mean that all your apps play nicely with each other :)
    Some SSDT entries may have several hooks and this may lead to instabilities, crashes, BSODs, slowdowns and crippled protection.
     
Loading...
Thread Status:
Not open for further replies.