Discussion in 'other anti-malware software' started by jdd58, May 26, 2008.
Who has used ThreatFire and then decided to stop using it. If so, why?
When it was still known as CyberHawk it gave me alot of fp's. Constantly accusing proper programs as keyloggers. PC Tools takeover didn't inspire me to try it for any long period again knowing that pc doctor is fp's richer then any program i ever used.
Maybe it's the best thing for others right now but ill pass.
I stopped using it yesterday.
Great app. Light on resources. Can't comment on success rate, since I hadn't any encounter with malware since I installed it.
Very easy to build custom rules.
I uninstalled it because apparently it can conflict with SanboxIE, and between those two, I choose SBIE.
I use both and they are happy as a clam on an XP DTop and a Vista NBook.
I like it for the same reasons.
I just saw a post from Kees1958 on that. Between the two I choose Sandboxie also. On my Vista laptop (which also has Sandboxie) battery life seems to be shorter also. Maybe because of the constant disk writes.
Yes, until malware is encountered.
Antivir Premium usually nabs the bad suspects in my SB folder first. TF is pretty quiet for the most part on my end of cyberspace. I did received an alert that my Online Armor Firewall driver was loading on my main computer and TF gave me an alert. I guess that would be a false positive?
I absolutely fell head over heels when it was released by Novatix as CyberHawk
If you ask me the first versions were the BEST and i used it alongside SSM at the time and it was a magnificient secondary interceptor IMO.
Later in Novatix's development they were obviously running into programming issues that they seemed were not so really bad, but just needed additional attention and maybe some new eyes and handlers. This is when i think they decided PCTools would be their best bet to help improve on it.
Many say it was a great improvement and perhaps so for them, but i noticed changes in any or all the (4) drivers it implimented that were beginning to show signs of concern (for me) and those complainants began to trickle in with their issues.
In short, i personally preferred it singularly without the community support blacklist, something i also disdain with Prevx, but everyone has their own views on what they feel works best for them, it's just that it wasn't my cup of tea.
Somewhere buried deep in my storage archives are the first few free versions of CyberHawk i still prefer over the current ThreatFire, but everyone to their own preferences/results.
TF doesn't act unless told to do so by the user. Furthermore, TF only takes those actions SPECIFIED by the user. Furthermore, TF enables the user to EASILY restore/un-do any actions taken by TF. Please read the forum thread YONDER
Also -- if Kees drops by -- please define what is meant by "intrusion of programs."
Bottom Line- TF & SBIE make an excellent team for me. U 2, I think so. Shazam!
True, you have to yes "quarantaine", next you also can undo SBIE in the quarantained list.
Hurst, it was some time ago. Note you can set TF to make a restore point before quarantaining.
TF's FP is also close to zero (In all those years of operation, it only fired once on some Nokia softeware trying to auto update the OS of the smartphone). Even this is a doubtfull FP (it was conspicious move of Nokia trying to push an update of the smartphone OS to get rid of support of older OS versions).
I stopped running ThreatFire, because I have Anti-Executable on board.
Many malwares are bad executables and AE kills any unauthorized executable immediately without even asking "Allow" or "Deny". So TF didn't do much on my computer, because AE did all the work.
I'm not saying that TF is completely useless, when AE is on board.
After all TF is a behavior blocker and AE isn't one.
I have to think about this first and then I might install TF again.
If I ever use TF again (level 3), I will always "DENY", never "ALLOW", because I don't need "ALLOW" in a frozen system partition. A frozen system requires another philosophy, than a normal system.
After reading about rootkits, I lost my enthousiasm. What is the point of protecting your computer, when your motherboard, vga card, CPU and RAM is full of hardware viruses ?
You can relax and forget about those rootkits...
Furthermore, you used to be a programmer. You know that everything begins with code > exectuable. So it's the same old thingie all over.
I like Threatfire very much. Currently i don't use it because i am paranoid about speed and the net module gives me the impression that influences my browsing although very slightly.
So anyone having trouble updating Firefox extensions while TF is on? I have to disable the real time protection for TF to update correctly.
My experience with TF is too small, but I always turn OFF DefenseWall and AE, when I upgrade software.
If Firefox has changed its executable or something else, controlled by AE, the upgrade isn't successfull.
I always keep my internet connection as short as possible, when I upgrade my clean images.
It's a pity that developpers do every upgrade online nowadays, even M$. Don't they know that internet isn't safe ? How can they be so stupid. Pffft.
On my son's PC same problem - DELL 8300. The error message is something to do with Java. TF know about it but no fixes so far.
On my Acer laptop no problem.
I like to have the same security s/w on all family PCs so no go for TF. Trialling Drivesentry on mine. Will try it on his in a week or so.
I suppose in the event you upgrade security software online,at that very moment your vulnerable (temporarily disabled ?).
If your really scary then download new version,and install offline.
I do this as much as possible, but internet-related software are a bit more difficult.
Installing Firefox + extensions, while Firefox-screen is blank is a bit uncomfortable.
Deleted TF because of the following reasons:
1) It wasn't as good as it used to be when it was still Cyberhawk
Back then, I had little knowledge about virtualization and drive imaging softwares. It was a big disappointment, considering I was a 'novice' regarding security software back then.
Maybe someday I'll try it out. Maybe.
I feel I dont need it or other HIPS. Nonintrusive AV and FW, LUA and SRP is sufficient for my habits.
i liked cyberhawk,
but since it went to threatfire with pctools....
crash and burn for me..
Exact opposite for me. CyberHawk caused instability and hanging on my computers, the rootkit scanner would not complete and the program was alerting on lots of legitimate programs as being keyloggers. I eventually quit battling it and just removed it.
ThreatFire is a whole different story. Runs smooth as can be in every aspect. Very infrequent false positives, except for when I had the Protection Level cranked up to the max. Bringing it down closer to the recommended default position has solved that.
I had two friends have blue screens with Threatfire within 5 mins of being installed. I've had no problems the UI is slick and protection good. I found Viruses can fly under it's radar when TF doesn't recognize the behavior as a threat. I tested TF in AntiVirus Shodown 1 (see my sig) where it detected 7/10 threats.
Though I am using ThreatFire at the moment, one thing that got me to uninstall it many times was the sudden spikes and overall raised CPU usage, particularly of services.exe, when ThreatFire was running. When opening somewhat large (50 MB + ) files, my CPU usage (services.exe especially) would rise upto 60% for about 8 seconds before it subsided. Even during normal computer usage (surfing internet/listening to music), CPU usage for services.exe and in general would randomly rise upto 45% for around 7-8 seconds quite frequently. All this with the Automatic Updates and Community Protection disabled.
I have an NAT/SPI router, so all I need is a firewall for outgoing. With TF set at Protection Level 5, it does a fine job of checking outgoing connections, plus it protects against buffer overflows & much MUCH more. The pop-ups have not been excessive in 3 days of use at Level 5.
In over 7 hours of computer use today, TF has used a bit over 50 seconds of cpu time (see the screenie below). Running smooth & stable. VERY satisfied!
Separate names with a comma.