I smell something fishy with Threatfire

Discussion in 'other anti-malware software' started by nomarjr3, Apr 7, 2008.

Thread Status:
Not open for further replies.
  1. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    917
    Sooooo...you think it is a great tool and a rogue softwareo_O
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Dr. Jekyll and Mr. Hyde :D
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    TF rogue, I think not.
    Maybe the definition of Rogue Security Software is just not clear.

    Here is one list of current rogue security software.
     
    Last edited: Apr 8, 2008
  4. l0_0l

    l0_0l Registered Member

    Joined:
    Mar 29, 2008
    Posts:
    18
    It is a decent security software for beginners as it being a "smart" HIPS. Its scanning abilities are not that great/believable. If you read the rest of my text, I said (implied) that TF is not a scanner but a behavior blocker and recommended that one should use a dedicated scanner for rootkits or as an AV rather than depend on TF to do the job. TF, being a freeware, is an important added security to a novice/intermediate user who are only depending on a AV/AS. TF would cover a fair amount of the zero-day exploits for such users. TF would not be my choice for protection and I would recommend a classical HIPS (e.g. EQS) for more advance users who know what they are doing. TF would serve more novice users since EQS would be close to useless for them since they would most likely answer "Allow" to most prompts without knowing what they are.

    So in conclusion TF is still provide effective protection from unknown threats but it should not replace dedicated scanners.
     
  5. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    917
    l0_0l,

    OK, what you just said makes a lot more sense than what you said in the post where I quoted you. :thumb:
     
  6. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Why would you want to create your own rules if you are not experienced ?

    "ThreatFire is designed with specific preconfigured security rules intended to provide you with
    the best possible protection against new and unknown threats. "
     
  7. l0_0l

    l0_0l Registered Member

    Joined:
    Mar 29, 2008
    Posts:
    18
    With 16 (this being the 17th) posts, I am still working on better communicating logic :D. Thanks for the criticism and then thumb up :cool:.
     
  8. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Can't help but wonder if TF wouldn't be a better seller if they found a way to make the Advanced Rules easier to implement for the novice or non tech who still wants great protection.
    OA has Free, Paid and +.
    Three flavors to keep most people satisfied.
    Then maybe TF would be giving the best possible protection available.
    Enjoy.
    Hugger
     
  9. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Hugger,

    If you do a search-the advanced rules theory has been discussed in some detail before.

    Kees came up with rules for outbound protection,if you wanted to use it instead of a firewall when you had a router.

    However it seemed that there was absolutely no need for them for regular work-a lot of work obviously has been done in the standard rules

    TF has the bases covered,thats the beauty of it-it does the work for you and its FREE.

    TF does seem to give top protection according to most users and reviewers,just as it is!

    edit; review
     
    Last edited: Apr 9, 2008
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's not only about own rules, TF considers even clean existing objects as a threat.
    So TF isn't really for inexperienced users, but for knowledgeable users, who can see the difference between good and bad objects.
    After all Wilders isn't a collection of average inexperienced users and they can use TF, if they want to.
     
  11. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    One FP = dangerous product, not for inexperienced users.

    System-wide FPs, restores EVERYTHING whether good or bad = cutting-edge product, best in the market.

    Amen.
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It isn't just one, it's more than one and inexperienced users will remove them and damage their own system.
    Experienced users probably don't even report these f/p's, because they accept them as normal, considering the nature of this type of software.
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Do you have an example of how a user might damage his/her own system by removing items with ThreatFire?

    Also, FPs are reported all the time. Just because you came up with a conjecture that sounds smart to you, doesn't mean it's remotely anywhere near the truth at all.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sure I have an example, if I remove "C:\$ISR\0\ISRCOPYXP.EXE", the main function "copy/update" of FDISR won't work anymore.
    In other words I can forget about creating snapshots and archives and that affects my whole system partition.

    Sorry that I hurted your feelings regarding your favorite security software, but I never had any feelings for any software.
    I'm already glad that my softwares are doing their job most of the time and if I find a better one, I replace it immediately without regrets.

    ThreatFire is nothing special, it makes mistakes like any other security software. Unfortunately some users become a fan of some software and don't want to hear anything bad about their software or get upset, if somebody complains about it.
     
  15. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Honest Erik but you are a fanboy of your own recovery strategy,which is promoted along the threads !!You are the biggest Fanboy known to man. :D :thumb:
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Recovery strategy isn't the same as recovery softwares. I use softwares in a certain way to accomplish this, but I would ditch them immediately, if I find better ones.
    Of course I like my recovery strategy, I don't have to do anything anymore to clean and restore my computer. That is something else than running scanners, history/registry/junk cleaners. I've done that too in the past, not anymore. :)
     
  17. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    I would'nt discriminate and focusing it on softwares alone,but in general terms IMO your posture perfectly fit that of a fanboy : Somebody who promote and defend his object of choice and would argue with[on this very moment !]anybody about his ''baby''.

    have to admit that you do it in an intelligent way. but none the less a Fanboy. ;) ;) ;)
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    TIMEOUT. This thread isn't about fanboy's, it is about a particular aspect of threatfire.

    Pete
     
  19. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    917
    Can we get off the subject of FDISR and back to TF? ;)
     
  20. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    TF has much less possibility for user error than most or even all comparable products-this must be obvious as few choices are presented in recommended mode.
    Its certainly more "set and forget" than most,whilst remaining very powerful.

    Rudimentary knowledge is really necessary for any computer user.

    Your remarks are rather condemning all the other security apps which constantly ask questions, that leave even experienced users in doubt.

    If you have a certain exception,or a FP which didnt present a choice- quite simply-make a Custom Rule-Process List and choose the required app-its that easy:thumb: :thumb:

    Doubt if even a beginner would have a problem with that.

    Never had a problem with TF and FDISR-never had the need for a custom rule-never had TF block any necessary app .or function and I have a LOT of software!!

    edit ; if you enable Community Protection,this will assist in having the FP placed in the whitelist.


    .
     
    Last edited: Apr 10, 2008
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    More fanboy posts removed. This thread must be running out of steam. Enough of the off topic posts.

    Pete
     
  22. ThreatFire QA_Tech

    ThreatFire QA_Tech Registered Member

    Joined:
    Apr 10, 2008
    Posts:
    3
    Location:
    Boulder, CO
    Hi guys,

    I noticed that my boss has already posted on this forum, but I just wanted to elaborate a little bit more than he did on a few things. First and foremost I would like to enumerate the fact that we're pretty sure we're not rogueware ^.^ PC Tools is a very reputable company and is reviewed in such magazines as PC Magazine, Maximum PC and is a very highly rated software application by many reputable reviewers, including the often-times militant crowd here at WSF (I'm looking at you solcroft:D )JK! In addition, we are a VeriSign certified and Microsoft-accepted security program to boot.

    Anyway, on top of this, a few other comments I would like to make:

    The developers go to painstaking lengths to ensure that all critical system processes, any files found on our whitelist, and other applications that pass a basic "trustworthyness" calculation are not damaged during a quarantine or removal. So, if we detect WMPlayer.exe (the primary component of Window's Media Player) as being a culprit of some suspsicion reason, we will not try and remove or delete this process. In addition to this, in the off chance that by some grace of software irony we do end up quarantining a necessary registry entry or file, we have the option of restoring individual files from our quarantine. So, an average user who blindly clicks "quarantine" on a necessary application won't muck their system up in the process!

    And, it is without question, that, being a behaviour-based program, we are going to flag potentially trustworth applications. However, we always try and offer as much information on why we triggered, as well as the opportunity for the user to research the nature of the application and make an educated decision on whether to click allow or quarantine. While we do assume some of the burden for flagging a potentially trustworth program, there is atleast some onus of burden left to the user to cogently recognize the trustworthiness of the program they are installing and draw a reasonable conclusion to decide what they want to do.

    And lastly, but certainly not least, I would like to touch base on our scanner in general. We are aware it is not perfect, and with every release we try and better it's detection ability. We are adding new rules to every build and whitelisting/blacklisting on a daily basis. Our real-time protections is our primary concern to make sure you are protected no matter how a malware program tries to infect your system. We do recognize that our on-demand scanner can be a little...err...weak from time to time; mostly because it isn't the primary function of our product, but that's not to say it doesn't detect threats. I am able to run a scan with malware samples scattered throughout my testbox and it will detect most if not all without a hitch.

    Also, keep in mind that we do have 2 different types of scans. We have both a full scan AND an intelli-scan. The intelli-scan can be a little fast and miss things, mostly because it only searches critical and the most common locations for malware to hide. This can be seen as "fast" simply because of the amount of files it scans. However, our more comprehensive and powerful "full" scan option maintains efficiency and is still a powerful deection agent. As I had stated earlier, it does a great job at detecting most if not all threats. That's not to say, though, that we do not extoll the merits of full-fledged signature based scanners. They are very beneficial and often essential in offering all levels of protection to your system and are an undeniably contributing layer to a totally protected system.

    Anyway, I just wanted to clarify a few things! I hope this helps!

    -The New Guy ^.^
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    Thanks! Very informative and congenial.

    As to your remarks concerning Solcroft -- he is a very easy going lad. However, Solly is an eagle (and has a very low tolerance for turkeys such as OP). ;)
     
  24. ThreatFire QA_Tech

    ThreatFire QA_Tech Registered Member

    Joined:
    Apr 10, 2008
    Posts:
    3
    Location:
    Boulder, CO
    :argh:
    I know ^.^ I've actually been following the forums for some time now, but I'm usually too busy with testing or tech support to get a chance to post, but I thought I'd spare a minute or two to ease some minds!:D
     
  25. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Yes, how to avoid that ? Of course the alarm is triggered out of behaviour...the most important is a clear and understandable notification which I beleive you have...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.