Discussion in 'other anti-malware software' started by acr45, Oct 2, 2007.
PCMag reviews have lukewarm responses here
ThreatFire looks good, but I don't need behaviour blockers/analyzers.
Such a good review, hm, I am not so sure, I saw a paper that already exploited and bypassed threat fire. Also I think it slow downs the system and has several incompat issues I am not that enthusiastic about.
For the first time I have to agree on this PCMag's review.
ThreatFire is a real fire on threats, I tested it against even modified and encrypted malwares and it amazed me in it's unique way in stopping them.
Another very strong point is it's capability to remove every single trace of the malware it detect whatever it is file, folder, or registry entry.
Also I didn't face noticeable system delay with ThreatFire.
Adding to all above you can make it a real HIPS with custom rules, and guess what all of this for free.
In my opinion ThreatFire deserves "Antimalware of the year" with so many Thumps up
I will add a on it right now. Avira AV, Sandboxie, and Threatfire, make a very good but inexpensive suite.
This line from the Cons section on that page kind of amused me a little:
"Can't detect a threat until it attempts to take malicious action, thereby offering behavior for analysis."
If something doesn't take any malicious action, then I would tend to think that it's not a threat anyway... course some would say it's a dormant threat, but it really isn't a threat until such time as it does do something nasty.
yeah, kind of a stupid analogy. But I will say no system slow down, and I agree with the part that the paid version isnt worth it.
Yes, I had good luck with the beta, I have yet to try out the final but I suspect it's fine also...
Would BOClean be needed with Avira and ThreatFire?
I tested Threatfire a few weeks ago and found it's results to be good for typical attack methods. The minor weakness I have found with behavioral detection is that if a virus doesn't behave typically then this type of product will fail. An example I tested with a new variant of Deepscan.Generic.Malware.SP!VP..... which uses different techniques to drop a rootkit (driver) into the system. The trojan also modifies core VMware utils if running in a VM. This trojan manged to 'replace' both VM utilities and even though Threatfire warned me the damage had already been done.
I assume PC Mag's Rubenking would not delve this deep as PC Tools spend far to much on advertising and you should never piss your customers off
Anyone tired running this with SSM Pro and BoClean?
I tried Threatfire a few weeks ago - Liked it so much i'm going to make sure it becomes a standard in my security arsenal. I've experienced a small amount of false positives, but the detection rate of the Trojans and Worms I threw at it were excellent. With the custom rules (which dont seem to work for me for some reason) you can set additional parameters too. I think this is one of those essential layers of protection that supremely compliments an Antivirus.
I know you can have Antispyware, Anti-Trojan, HIPS, Virtualization complimenting your Antivirus solution but personally, i'd rather save those system resources and just use TF to cover the unknowns of the internet.
Maybe my system is a bit more insecure than it should be, but with Threatfire, I really dont feel that insecure at all.
Conclusion: PCMag got it right.
I tested all the previous versions of Cyberhawk and found them resource heavy and prone to cause system freezing on at least three machines. Many others pointed this out too in the Technology section of a newspaper in my city.
Threatfire is less of a problem in that respect but it still has a tendency to cause hanging at times in a way that Prevx never seems to do.
I'm still not anywhere near impressed enough with it to install it for general use.
Prevx is still superior.
After reading this review I decided to install ThreatFire and I am very pleased with it. What surprised me about it most was that it's pretty light on resources and doesn't hang. But most what really really surprised me is that it is actually getting along with my other security apps. I currently have McAfee Virus Scan Plus, Spyware Doctor, and Comodo Firewall Pro installed and they are all active. I have yet to experience any form of slow down. I guess it should be noted that I have 2 gigs of ram so that obviously helps.
Or maybe they know how to test the relevent parts of the program that will matter to end users. Maybe they also know that they're writing a professional product review, which does not involve a lopsided assessment where they place a magnifying glass on shortcomings that are inevitably present in every program and use it to smear the product.
I just uninstall threatfire and enable a squared antimalware. I think pc and internet runs faster with a squared than Threatfire.
do you know what rule to add to TF to stop it going bonkers when Avira is doing an on-demand scan? The scans are taking forever.
Alternative is to suspend TF whilst scanning.
I ran Threatfire for a day. Seemed to run ok--- small delay at shutdown (a few seconds) but a noticeable delay at startup. Once, it locked my PC at startup. I had to unplug to reboot. So, I uninstalled.
Been running it for 3 weeks or so now (alongside NOD32, CounterSpy, SpywareBlaster and ZA Free as well as a couple of on demand scanners) - seems to be getting along fine.
Works better for me than Prevx2 which I had installed for a month or so about 4 months ago.
Not noticed any slowdown and it's silent almost all of the time. Used to get taskbar messages about scans having found stuff 'last time' advising me to scan again. There was never anything found and there nver had been. Has stopped in last 2 weeks - probably since I did last update.
In short a nice quiet extra layer and the review gave me extra confidence that it would actually do something should the need arise (I've just not had that yet!)
Theres obviously still some quirks in it yet to be ironed out. There is a fraction of a delay that concerns me as well as some odd behavior, but nothing so serious yet to make me dismiss it. I also run EQSecure 3.4 and have noticed some duplication of alerting to things, so probably is not a good idea to run them both.
I'm still not completely sold on ThreatFire yet, but it does have one nice feature, CUSTOM RULES, that i use to my system's advantage (i hope)
I installed ThreatFire v3.0.8 yesterday and it seems to be one cool security app.. I tweaked the program rules by excluding all of my security programs under Advanced Rules > Custom Rule Settings > Process Lists (tab) > ...and added the executables for my security apps ... AV, AS, FW, etc... to the Trusted Processes List. Then I added an exclusion in my other security programs exclusion lists for the ThreatFire executable(s). Anything you can try to keep these different security programs from fighting each other... the better your system should run. So far it seems to be running smooth and light on my main desktop system which is by no means state of the art by current standards... WinXP Pro SP2, AMD AthlonXP 2600+ CPU, 1GB RAM, using a variety of additional security apps..
Kerodo I think the point here is that with Threatfire (and similar software) is that by the time it notices the malicious behavior, it might sometimes (not always) be too late as compared to antiviruses that can detect malware before it even runs by scanning the code.
Ok, I didn't think of it that way...
Separate names with a comma.