ThreatFire...finaly good news (?)

I don,t expect it will ever catch up with modern malware.

 

@aigle
do you realy think that TF - or maybe other BB - aren't able to catch modern malware? Of course any anti-malware isn't able to have all necessary signatures, but BB/HIPS works other way...
It realy looks like this - we haven't any protection (?)

 

With djames a former moderator of their forum i have had some discussions on next gen tf. They were thinking of some defence differentiation triggered by the limitations of x64

Last line of ring0 defense based on program signing and trusted vendors. Basically a white list HIPS whit cloud blacklist.
A first line behaviour blocker defense with prevx like features like higher sensitivity level based on origin, age and trustwortyness of intruding executable.

In the latest tf it allready tracks registry and file access, they were thinking to extending this capabilties to a some light virtualisation.

Pity most of them left. Still fingers crossed

 

Agree.

 

BB are weaker than classical HIPS. Recently we have seen even the classical HIPS being bypassed by malware, like stuxnet, dll vulnerabilities, malware with digital signatures etc.

 

Hmm...there is no way to have 100% protection...any HIPS or BB, any AV or firewall and perhaps any sandbox or virtualiser don't give us absolute sureness. So...we can only "mixing" between some kinds of security apps to get satisfaction and to be hopeful that we will never catch malware.
It's a little frustrating, but we haven't other exit. BTW...I still think that TF can be a good and efficent security layer...sorry

 

Agreed.
Nothing is 100% bullet proof. You would be hard pressed to find most wilders members relying on one layer of defense. If TF is willing to improve itself, then we should have an open mind and possibly help it along. Like I tell my kids, Try it, you might like it.

 

ThreatFire in level 5 is powerfull

 

Sure is. I hope that they can update it and add some new features.

 

Where can I download the newest build? Their website says current version: 4.7.0, release date: November 25, 2009.

 

You can get the latest version here.

http://majorgeeks.com/PC_Tools_ThreatFire_d5190.html

 

Not quite ...latest v. 4.7.0.53 is on TF forum.
http://www.pctools.com/forum/showthread.php?68805-Release-of-ThreatFire-v4.7.0.53
We have spoken about this "numbers confusion" in this thread
https://www.wilderssecurity.com/showthread.php?t=299708&highlight=threatfire

 

Thanks guys for the links.