One new thing about ThreatFire 4.0.0.8!

Discussion in 'other anti-malware software' started by ratchet, Oct 30, 2008.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    At least I think this is different. If you disable Community Protection you lose the auto updating capability. I'd not enabled that feature since I never, ever, ever get any malware. I know, so why even bother with TF? Peace of mind I guess. So now I have to decide if I want to just update manually, keep Com Pro enabled or reinstall .6 if it's still available.
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Been that way for quite a while; not really new... ;)
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    is any there any thing new in this version?
     
  4. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Better ask the vendor; they don't make anything beyond this information available.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    thanks for the info,it looks alitle more to it,but not sure,
    anyway thanks again:thumb:
     
  6. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    341
    They fixed the virus definitions updates?
     
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I think what you're looking for is this specifical updates-thread: http://www.pctools.com/forum/showthread.php?p=194489#post194489

    The link leads to the last post there about this small update, but it doesn't provide much more information apart from fixing bugs related to database updates...
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,409
    Location:
    U.S.A. (South)
    I'm intensively conducting an in-depth benchmark on the newest Upgrade of TF 4 PRO. I am very encouraged overall in spite of i like to see a DENY & TERMINATE feature as opposed to the program's QUARANTINE function, but that alone by no means is reason to express nothing but a positive satisfaction in what this version offers.

    The Custom Rules Finally! have taken shape in just the way it should always been long ago. But better late then never.

    Some of you who over the course of my testings have followed my unorthodox piling on of similar apps as i done in HIPS before, and this is no exception. I'm running BOTH TF4 & MAMUTU for examination sake and theres no loss of energy in eithers response working together.

    I won't keep it that way, but it's always been my practice in research to run two of the same type of apps like this in order to observe any conflicts that might arise or not. None are evident i'm pleased to report.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,409
    Location:
    U.S.A. (South)
    By the way. After a full scan you can't see the complete line path of the files it records as suspicious becuase theres no way to expand the program GUI box to extend as it should. That should be corrected. Anyone else agree?

    And one more item of concern. Where on earth does TF keep the reports/Logs it makes on what it finds. I looked everyplace but no Log File i could find to do a review of what was detected.

    Many Thanks And More

    EASTER
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    thanks buddy:thumb:
     
  11. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    Anyone try setting the threat sense level to 5 and tick the custom rules settings for appp control and network? On my box my programs fail to launch they just hang. :mad:
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,409
    Location:
    U.S.A. (South)
    Reboot is Required after changing TF 4 rules (latest version) i discovered, but something very disturbing is come to light while testing Custom Rules for registry protection rules.

    CHECK THIS OUT!

    PROBLEM!

    Perhaps others can verify this for all the community if you will when making registry rules in TF 4.

    Simply set your rule to be alerted whenever a file/action is made (manually in my case) to add to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key.

    ThreatFire alerts alright but since there is no DENY rule to prevent writing to this key, TF 4 identifies Regedit.exe as the culprit, and guess what? You would normally choose to Deny (if that were available) but since the only alternative is Deny & Quarantine there goes folks your registry editor app straight to the QUARANTINE bin.

    IOW, without a DENY option the creation of the key can't block the action but only QUARANTINE the system's Regedit System Program itself instead of blocking the behavior as MAMUTU does.
    A very bad limitation!!!

    See for yourself!
    :thumbd:
     
  13. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    That sounds very exciting indeed :D

    So where is Symantec heading with this project? I'm assuming that if they are putting all this energy in improving the product, it will eventually either be integrated in one of their security suites, or replaced by a paid version - or both.

    Thoughts?
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,409
    Location:
    U.S.A. (South)
    It is sorely in need of a DENY option before they even think of going forward with it. Please see my experience with it tonight and serious limitation because it doesn't offer a DENY option but only QUARANTINE.

    EASTER
     
  15. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Good luck with that; they've refused to implement it for ages... Here and here... With completely bogus claims such as "critical system processes will never be quarantined".
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,409
    Location:
    U.S.A. (South)
    Well then if that be the case then they might as well pack up shop and find a new candy stand because even old CyberHawk features that very useful option. So IMHO mamutu has the corner on a pure user friendly Behavioral Blocker that doesn't let it's customers lose control but rather places the destiny of their good machine squarely where it belongs, the owner.

    TF4 is ignorant for ommitting such a simple useful feature as i just experienced. Suppose a program attempts to make changes to the registry but TF is blind to the original source executable making the attempt, well since TF is blind it turns to the only file they can blame for the attempt to manipulate forcing an autostart file in the RUN key and your only alternative is allow it or let TF quarantine Regedit.

    I thought it had completely deleted it at first untill it turned up under TF's Quarantine display, and even then it took several seconds for it to even show up in it's list.

    That's PCTools for you, or Symantec, always going only far enough but never really completing the task expected.

    MAMUTU is best hands down in comparision and thats where i'll stay.
     
  17. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    EASTER, bring both of those threads (doktornotor listed) back to life by posting the example of your registry editor.

    Maybe they should implement a feature whereby default 'normal' user, the current options are shown, but if set to 'expert' user, then the deny feature will be listed. Their firewall, for example, has the options to choose 'normal' or 'expert' user, where if the latter is selected, more information/options are given in the alerts.
     

    Attached Files:

  18. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567

    Wow... that argument sounds so retarded I can't believe I'm reading it. :ninja:

    We're explaining briefly over again why the feature is needed. I've to allow threats to perform their actions to be able to use things for god sake! (See my third post in this topic to see what I mean: http://www.pctools.com/forum/showthread.php?t=53179) And yeah, I'm really frustrated about this - frustrated over that another time, another company is bringing up arguments which is lacking point. They're talking about making "TF as user friendly and helpful as possible." Well if the software is gonna prompt the user about making a choice, then what's most "user friendly" is to give the user a choice! Cause what it's now, is that it's LACKING a choice! They didn't think about that "maybe users want to still be able to use certain software, but simply deny what's not good"? The previous time that I'm talking about, the arguments wasn't even about the topic in question! They just didn't say that "this will simply not go through" instead...
     
  19. demonon

    demonon Guest

    You need the paid version if you want to turn of Community Protection and you still want to keep the auto updating capability.
     
  20. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I agree 100% Mamutu is head and shoulders better when it comes to functionality.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,409
    Location:
    U.S.A. (South)
    ATM that statement is true, but i harbor no reservations against TF 4 because they are monitoring Mamutu and theres no doubt they will eventually rise to the challenge set before them in this constructive competition with them. It will come, that i have no doubts because it's obvious they are very hot on the heels of Mamutu IMHO and proceeding with haste.

    Expect a nice surprise from TF 4 soon because from all indications i seen resulting so far show a definite forward race to finally catch up in this great competition and they are not backing away from the equality they are working on to stay on the same level as MAMUTU, and maybe even surpass them at some point in the near future.

    Behavior Blockers are yet another wave of the future and they are proving a very useful security innovation unlike any others before them including HIPS if i might go out on a limb and say so myself.

    This specialized field is every bit as demanding as any AV/AS, and HIPS AFAIK.

    EASTER
     
    Last edited: Nov 9, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.