PC Magazine review - ThreatFire 3.5

Discussion in 'other anti-malware software' started by smith2006, May 9, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sorry,

    NO: Just kidding because Easter and EricAlbert are very determined in finding the best (100%) security solution. Because they have a tight, but 'a bit paranoid like' setup, they (Eric some more than Easter) some times comments in holes of other people's security. I was just teasing them.

    Eric's example of a new form of intrusion is a theoretical one (situation 2). ThreatFire is intended to protect you from these kind of situations. So TF would fail on its core competence, which is very unlikely. The same applies on the much praised AE (by Eric), it is an Anti-Executable, It should recognise all files with possible code in it. So not finding a new form of executable code in a file format, would also mean that AE fails in its core competence (also very unlickely, but theoretically possible). That is the tease.

    Executable code does not have to reside on your PC any more (e.g. web applications, java, etc, Google's intention to supply MS Office like competitors via the web), or can move around Active X, BHO, J2EE, XML, COM, DCOM, etc. That is why 'hardening' of your PC is advised by many security experts. When you close down services on your Operating System which you do not use (e.g. BITS, Remote Assistance, Remote Procudure Calls etc) you make the attack surface smaller. Mingling code and data is a night mere to securty specialists, but will be a trend which we will be seeing more and more. So AE like programs will get a harder time than TF like programs. Simply because you can not control all the attack vectors on your PC, that is why behavior based defense, policy based defense, on execution sandbox heuristics (like Norman and F-secure offer) are a theoretical beter way of dealing with these future challenges.

    TF is Behavioral based, Returnils is Shadowing your file system, so TF for contineous and Returnil for adhoc is a good combo.

    Regards Kees
     
    Last edited: May 13, 2008
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,620
    Location:
    U.S.A. (South)
    Kees1958

    Your assumption is pretty much on-target.

    Erik fiercly refuses imperfection and i march towrad perfection but am somewhat forgiving, but not always :D

    You're definitely right about both our motives though, that is in finding a 100% security solution that cannot be compromised by anything.

    Untill then, FD-ISR plus my backup images will just have to do for now.

    But i think 100% protection IS within reach, just not quite there yet, because if it was, it would be have to be a single monopoly that would cancel any interest in any other solutions. LoL
     
  3. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Ahhhhhh........ Thanks for sparing me. LOL I couldn't stand (but would) to see my 3rd consecutive sunrise. My daughters will want to reclaim this 'puter tomorrow... LOL
     
  4. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    It's a pity then that he has no clue where the biggest hole in his setup is...
     
  5. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Let me guess...WINDOWSo_O roflmao
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Kees,
    You have alot more faith in scanners and TF than me, I don't even use scanners anymore.

    Except the last two months, I ran every scanner I could get, but that was only for verifying my setup. My setup was already 6 months old without scanners, I was curious to see if I was infected or not and I have no other way than scanners to verify this. They couldn't find anything on both system and data partitions.

    I don't trust any of my security softwares, I only trust IB as #1 and ISR as #2. If one of my security softwares fails, my ISR will at least remove them, if not IB will certainly do the job.

    Also our backup methods are totally different.
    Our data backup is probably the same, but data is nothing but folders and data-files, which are stored on my second harddisk. I backup my data every day, but only the changes.

    Our system backup is certainly not the same.
    I don't backup my actual system partition, I "restore" and "backup" my original system partition and only when it changes.
    I don't go online with my original system partition, I go online with a copy of my original system partition.
    Each time I have to change my system partition, I ditch my old actual system partition and replace it with a copy of my new updated original system partition, because my old actual system partition has been online too long.
    After that, I don't do any system backup anymore until the next change, which can be next week or next month, that depends on outcoming new versions of my resident applications.

    Of course I try alot of other softwares like anybody else, but that happens always in my actual system partition and when I'm tired of them, I use ISR or IB to get rid of them. :)
     
  7. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Erik, isn't AE a scanner of sortso_O In as much as ThreatFire iso_O
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The biggest hole is ME, but every security setup has that problem. :)
     
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    In my case that would be true. In your case, I still say it's the OS.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    AE is a pure whitelist scanner of executable objects on my system partition.
    My second pure whitelist scanner is a clean and unused FDISR-archive, which covers my system partition completely.
    AE is not my only security software, but AE is the only security software I do understand, the rest is very blurry.
    AE is hardly a subject at Wilders, but all the rest is blurry and that is food for endless discussions and user opinions.
     
    Last edited: May 13, 2008
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Thank you, that is exactly the point I am making!

    ;)
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm not paranoid. I'm not even a fan of anything. I replace any software without regrets. I don't work with software names, I work with software functions, possibilities, combinations, ideas, but Wilders always like to hear software names and doesn't like theoretical ideas, unless there is absolute proof.
    I do what looks logical to me and that's all.
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, that is indeed your point, but I'm not planning to keep on using scanners on my system partition.
    I used them to verify my setup, I uninstalled them after one scan.
    They couldn't find anything, which means my setup works, that's all I needed to know.
     
  14. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Exactly my point. I can "get my mind around" the white-listing of known-safes....
    Interesting. I never looked at it that way....
    I learn 1 security software at a time before I move on to another....
    So I have 1 question for you, a hypothetical perhaps. If you were just starting to build your current set-up and your pc didn't yet contain anything that couldn't be easily replaced, would you go with AE first or the imaging software for recoveryo_O
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm not sure I understand your question completely.
    I build my system partition with IB (ShadowProtect) first, while my computer is disconnected from the internet, unless there is no other possibility.
    My worst enemies are softwares than need an internet connection during installation. I try to avoid them, but it's not possible anymore nowadays.
    ShadowProtect and FDISR-archives are the only way to keep my system partition in a "malware-free" and "unused" state.

    This is also possible with Returnil, but to keep your system partition in an "unused" state is difficult, you will need IB to make that possible.
     
  16. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    I never used ThreatFire, but reading this thread I have no clue with all the answers (un)related to the topic starter, other than the always same answers/comments from ErikAlbert.
    Stay away from here ErikAlbert or just stick with threads regarding your software, you are wasting bandwith.

    Gerard
     
  17. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    This was the thread-starter...
    and I apologize for taking it off course. I will start my own thread or PM Erik for my answers. Sorry Erik, for not understanding and having to ask...
     
  18. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    The nerve of you to do this 19monty64. LOL. I actually enjoyed reading the banter between everyone, but I rather use a program based on what I hear in Wilders. Hopefully the thread will turn back to ThreatFire now though.
     
    Last edited: May 13, 2008
  19. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    ThreatFire is definitely 4 & 1/2 stars out of 5, and for anyone who hasn't tried it yet, they should. It is simple enough that a noob could install it without problems but advanced enough for the tweakers. What's not to (understand) likeo_O
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Erik has turned this thread about a security program (Threatfire) into yet another of his unending descriptions/proclamations about the superior structure of his security set-up. I have read about Erik's configurations before -- MANY times.

    The topic of this thread caused me to hope to read about THREATFIRE, but here we go again with frozen snapshots. Yada yada yada

    Erik -- please read again the last few sentences of LWM's recent comments to you.
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Re-read the thread completely and you will see I'm not the only one, who got off-topic. Since you don't blame the other guys and only me, I guess it's more a personal issue against me alone ... yada yada yada
     
  22. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,252
    Location:
    New England
    Erik, how about this then... How about we make this the very last thread that you post your "boot to restore" configuration in, if the thread itself is not specifically about "boot to restore" solutions. That way, the members complaining about you taking threads off-topic will have nothing more to complain about. And, you still get to post about how you do things in threads specifically about "boot to restore" products or configurations. Everyone will be happy that way.
     
  23. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    I've bookmarked that moderator's very handy post for future use whenever I next see ErikAlbert perform another one of his thread hijackings again. It's absolutely amazing how he can infect just about any thread and forcibly turn it towards yet another discussion about HIS setup instead. :thumbd:
     
  24. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hi perman,Can you be more specific of your findings,what incidents with the drivers are you refering to.your making me nervous a little bit.
     
  25. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,362
    Location:
    Oz
    So if you always activate Returnil when you turn your computer on, it will do as well as ShadowProtect?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.