Rating ThreatFire's rootkit scanner

Discussion in 'other anti-malware software' started by Page42, Mar 15, 2008.

Thread Status:
Not open for further replies.
  1. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I'm interested in any opinions of ThreatFire's rootkit scanning capabilities?

    Is it by any chance ranked up there with the 5-star programs like GMER, IceSword or RootkitRevealer? My guess is it is more along the lines of ARKs like AVG, F-Secure Blacklight & Panda.

    I don't see it rated here. Maybe it hasn't been around long enough?

    Has anyone seen any TF rootkit tests done by members, like anything from fcukdat or any of the other knowledgable members?
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Nobody? :(
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Probably it's because Threatfire is a HIPS and not a standalone rootkit scanner.
     
  4. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    That site doesnt show ThreatFire but if you scroll down and look under Rootkit Prevention Software you will see Cyberhawk, the name before it was changed to TF
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I wouldn't put much stock in ThreatFire's ARK success to any degree because EP_X0FF is already shown many times over how just a simple POC can walk right past them, in effect making them blind to discovery.

    I would instead rely on actual and specialized ARKD's like Sophos and the like for more accurate results, but even it can be side tracked into total blindness from what i hear.
     
  6. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    This is a test from a forum:

    In this test Threatfire Pro came out in 6th place among other paid AV:s
    ThreatFire Pro- 88.69%
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Do you have a link to that test result? Looks interesting.
     
  8. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    It´s a serious test but on a warez forum...therefor not suitable for wilder´s...nevertheless a serious test with interesting results...PM sent...
     
  9. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Not too hard to find the source of the test, but unfortunately I can't view it. Nor anything else there. Apparently somebody in my IP range has given this forum some kind of grief in the past, and I'm blocked.
    Not interested in warez at all, but was interested to see the other five. And the five after that. 88.69% is quite impressive, especially if we're talking real world exploits.
     
  10. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    I don't understand how TF Pro got better results than PCTools Free AV, as TF Pro uses PCTools AV engine (unless the free version of PCTools AV has less detection rates than the paid one).
    Anyway I don't see how the test is related to the rootkit scanner.
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I must ask, are you saying EP_XOFF specifically tested ThreatFire's ARK scanner?

    I have seen a long list of ARKs that EP_XOFF said were either partially or fully bypassed with user land/user mode rootkit, the best result seeming to be from SnS rootkit detector, which detected but couldn't identify his rootkit process and couldn't terminate it. (Anyone know where to get SnS?)

    I think it's safe to say that if one is prepared to believe EP_X0FF's verdicts, then there is no ARK product which can be fully trusted. Where some might say there is a list of products which do their jobs quite well, EP_X0FF would probably say that they do their jobs not quite as bad as the rest. Does that sound right to you?
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I agree.

    As someone who is been totally up front and more importantly, also backed up his claims/findings with proof as well as shared the same with the general public in some cases in this particular field, if nothing else is given all of us a measuring stick of sorts from which to draw a fairly accurate conclusion regarding Anti-Rootkit Detectors from various vendors not the least of which originate from commercial vendors.

    I haven't seen anyone else, or group for that matter, more intensely focused in this one area of Windows exploits as EP_X0FF and have even taken to task many of those findings myself, so IMO, commercial vendors although they finally did get around to taking this issue up as they should have all along, but didn't really bother at all untill developers like EP_X0FF brought the seriousness of this to the world stage with Proof by comparisons.
     
Loading...
Thread Status:
Not open for further replies.