CyberHawk is now ThreatFire & has new beta for v3

Hi, folks;My point is very simple, does not need scientist's IQ to comprehend: You can invent any product(of course, in this case is an application) which may be plated with gold and also comes from best of the best brains. But if it can not be used by majority of population(in this case is pc home users, not commercial IT experts), where are you going to recoup your dev. costs and retain your reputation. Luckily, TF is still in early beta, anything deviated from that direction(user-friendly) can be fixed and adjusted, if the pilot of this program has a clear vision. I did not say TF will not mature as an excellent product, but I do worry its direction and its path to become a full version.

 

After tried CH a lot of times, I decided to give a try to this new version, because like some of you, I don't like dumb HIPS programs annoying me all the time...

The same problems that I had before seems to continues...

Besides that, I run a program that change the IE homepage, and another that change the windows startup items, and ThreatFire didn't alert me about nothing! Is this normal!?

 

When uninstalling WUBI it asks if you want to create a back-up file (for re-installing) and when doing so TF will pop-up to warn about the files being created. But when doing MS-update or updating drivers, it doesn't ask you to permit the actions that obviusly caused. For a set-it-and-forget-it apps., this is great! For those wanting more control, I think TF would be a disappointment. Since the majority of users prefer not to be bothered with pop-ups, I think TF will be accepted by the majority. I would compare this with PrevX, but "lighter". Great for a beta!!!

 

i had this new malware few days before which was not detected by major avs in virus total then after submitting it to many avs it was added to database as somthing like "win32.rbot.byj".
when i tried it on TF it alerted of malware.
and it knows the name of malware also.
may be thats why it tries to connect to internet.

 

Nope, this is from local blacklist data base that is checked on triger events.

 

That will be the good thing about the PRO version.

Behavior rules will be set tighter (I Guess), when fired the AntiVirus is used to check for known bad guys. When known => message, when not known => prompt. After user prompt the file shoudl be sent to PC Tools for analyses (because black list can also be used to create white list).

Regards K

 

@ solcroft

I guess it´s a different point of view, but I already explained why I wouldn´t feel safe with a HIPS like Cyberhawk.

But how do "smart" HIPS know if a process is malicious or not? And if they think that a process is most likely to be malicious they will still leave the decision up to you not? I mean you guys make it sound like everytime CyberHawk prompts you about something, it´s bound to be malware, but this is not the case. I´ve seen that most of the time it acts just like a "dumb" HIPS, but it seems to be monitoring less, that´s my whole point.

Sounds good in theory, but I do not believe in this technology, no HIPS in the world can identify malware with 100% certainty, not even signature based tools can do this. So at the end of the day it makes sense to alert about every suspicious behavior from (almost) every process, something that even KAV/KIS does.

 

Ultimately it's really up to your own choices and preferences, but your observation in this case is incorrect. Take the time to test TF against malware and normal programs alike, and you'll see the difference.

Again, it's up to your personal preferences. And of course, who's to say that you'll be able to create rules and identify malware with 100% certainty in place of TF? What you choose to use is your decision, but there's no reason to try to cast doubt on a perfectly viable alternative just because you don't fully understand it.

 

The nay-sayers came out of the woodwork when BoClean got bought out. Very few trusted AVS, because it came from AOL even though it used the KAV-engine. If PCTools had bought SAS, the detractors would be just as hard. I trialled CH and don't notice much difference with TF, just a change of gui Some people are not going to like TF just because of "the sins of the father"...puh-shaw!

 

Well i don't because i know who's behind the program and so do guys at PC Tools.
It's best to keep original team on the project even though you own the brand now.

 

I am not happy that CH was bought by PC Tools. It,s my personal opinion though.
I wish it was not PC Tools.

 

I think we need three options here.

1- Allow( will allow action)
2- Deny( it will deny action and will kill the malicious process like old CyberHawk)
3- Qurantine(it will deny action, will kill the malicious process and quaratine the malicious file)

I posted this on their forums.

 

This p.o.s. of a program still renders Firefox unusable on my machine for some reason. It messes with the profile when I try and add add-ons and gives me errors; then multiple files start appearing in the firefox profile folder.

 

Don't really see why you'd just want to Deny the action and kill the running process, as it will most likely just run or resurface again at some point and prompt you all over again. Why not quarantine it?

 

Never had any problems here with TF and Firefox, none of any sort. Must be some reason for it, bizarre or otherwise...

 

Here's a response from Cyberhawk support in another thread:

https://www.wilderssecurity.com/showthread.php?t=183020&page=2

 

@ solcroft

It´s not a matter of not understanding the product, I just doubt the fact that it´s truly "intelligent".

Yes, the best way to find this out is to do a test and see if it really stays quite (most of the time) when installing harmless tools, and only alerts you about malicious tools. The problem is that it currently detects almost all malicious tools by signature, is this a full blown AV btw?

Yes, personally I like HIPS that give you more control, but I´d admit I was perhaps way too negativ, I´ve done some more testing, and I was wrong, it seems that ThreatFire has indeed been improved and is monitoring more things now, so certainly not a bad product. Btw, I have checked out MicroPoint and didn´t like it.

 

Hi, folks: Out of curiosity, I am testing this new ThreatFire. So far so good on my Intel T5500 laptop, no need for PeptoBismal yet. Today I come across that PC Tools does offer a free version of AntiVirus 3.6. I just wonder, perhaps someone from PCTools can clarify my question here: Is the on-demand scanner in ThreatFire Pro is the same or at least part of that in PCTools AV free version ? If not, can you elaborate it ? Thanks.

 

Hi Perman--

Glad ThreatFire is working well for you so far (and no stomach upset! ).

Please see pctools post earlier on this thread which hopefully answers your question:

https://www.wilderssecurity.com/showpost.php?p=1059480&postcount=11

While you could certainly run the free versions of both ThreatFire and PC Tools AV, you'd lose out on the integrated real-time blacklist check you'd get with ThreatFire Pro.

This doesn't affect ThreatFire's overall effectiveness against threats, of course, as this check is only invoked AFTER it's behaviorally detected some suspicious activity. However, it does make the subsequent user interactions much more straightforward: you'll see the "red" (known bad threat) alert and the threat will be automatically quarantined. Otherwise you'll typically see the "yellow" (unknown or suspicious activity) alert where you must decide whether to Allow or Quarantine.

This is particularly helpful for users who are perhaps not as advanced or expert as many on this forum.

Hope this helps.

Becky Dubrow

 

Hi, Becky: Thanks for your light-speed reply. Yes, so far so good I have not touched PeptoBismal yet. I do hope when ThreatFire final is released I can upgrade to pro. I did use Cyberhawk for a while, and I do miss those happy old times. Have a nice one. Thanks.

 

CyberHawk is better than ThreatFire, in my opinion!

 

I mean the name!