ThreatFire Free versus...

Discussion in 'other anti-malware software' started by RCGuy, Feb 8, 2008.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    While looking at the Windows MarketPlace/antivirus software site for a new anti-virus program, I discovered and intalled this real-time protection program(not really an AV program, but a supplement to one) called ThreatFire Free along with the AV, PC Tools AntiVirus Free. Now ThreatFire Free looks like a really good program from it's description, however, I already have Geswall installed on my computer, and apparently an older version because last time that I was at this forum, it looked like Geswall may have been on it's way out, but I noticed that it made a comeback. But anyway, yesterday I opened up my SAS progam(apparently, an older version too), and my computer started running very slow and the hard drive kept making a continous revving up sound and I had to restart my computer. Now I don't know if the problem that I was having with my computer was because of the bug that was mentioned in the SAS thread for the older version of SAS, or if perhaps I have too many protection programs on my computer, especially having both Geswall and ThreatFire Free on my computer. Also, I know that installing the new version of SAS will obviously be better for my computer, but I was wondering if anyone had any opinions about having both Geswall and ThreatFire on my computer...not to mention the other protection programs that I have on my computer which also include Spybot and a-squared free. Also, I'm curious about any opinions in regards to the ThreatFire Free program versus the Geswall program. Thanks in advance for your help.
     
  2. quasim

    quasim Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    3
    Just my 2cents: Check the S.M.A.R.T status of your drive. HDDs aren't supposed to make strange noises.
    Spybot S&D and Spyware Blaster don't interfere with any other software, AFAIK. I can't say anything about the other software, maybe an e-mail to the support department of ThreatFire wouldn't be a bad idea?
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    The timing couldn't have been better on this.

    I had a hard drive (used) that kept rebooting, HDHealth reported nothing in the yellow zone at all, no reallocated sectors, nothing which would give rise to suspecting a hardware problem, however another analysis tool showed the S.M.A.R.T status couldn't be read and furthermore my system continually faild to recognize it after several attempts to jockey the PINS to Drive/Cable Select/Slave etc. It exhibited a brief clicking each boot up then P00F, rebooted. I gave up and returned it for one that wasn't so fickle or really failing.

    I know from experience that some softwares/files can make for HD problems but the ones mentioned above i really wouldn't expect are really at fault.

    If in doubt about the condition of your HD thoroughly check your HD with all tools you can pick up, observe your results, and retry those programs again and compare.

    And with mix and matching certain security programs, expecially ones that have not returned overwhelming support & popularity, especially mentioned in these forums :cool: can cause problems.
    I installed ST one of it's later versions and without warning it jumped into my other hard drive to build it's HIPS database and made all kinds of thrashing noises to the point that i was forced to pull the HD plug while it was running.

    The noise/thrashing ceased, but my other partition/drive suffered corruption which WAS NOT present before. I had to completely rebuild it again. Thanks for FD-ISR!! A wonderful recovery innovation.

    Very few developers, especially newcomers are not infallible people no matter how well intentioned, they can overlook items in coding or simply try to rush out a release before it's been thoroughly beta ready, and it's not beyond expectation to experience problems in them. Even fully released products like RollbackRX has been noted & reported user difficulty and issues.

    It's a matter of patience for both sides and vigilence to who exercises the most effort & concern to see to it that the end user receives the best possible fully tested product.
     
  4. Darth AkSarBen

    Darth AkSarBen Registered Member

    Joined:
    Feb 4, 2008
    Posts:
    109
    Location:
    Near Fennville, MI USA
    Well put EASTER, and I might add, that unless you are habitually going to site of question and downloading other "questionable" programs, the normal browsing to mainstream site, while using good antivirus / antimalwre programs will (read SHOULD) be more than adequate. My boss at the winery cruises all over the internet on a Windows XP machine with only Windows Defender, and his computer is not alone there at work.
     
  5. The_1337

    The_1337 Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    112
    they're different kinds of programs. threatfire detects specic behavior of malware and blocks, and then checks it with some signatures. geswall is a rulebased sandbox. they are both good to have on your computer.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Having been of the highest supporter when it was first introduced as CyberHawk, i've grown complacent to the point of no interest in it although since PC Tools has assumed control it's popularity seems to have skyrocketed with unwaivering support of it's present users.

    I only put forth this question, can someone count ThreatFire's drivers for me? At last count with CyberHawk they numbered at 4 active drivers which lead me to some reservations and doubts about it.

    This is critical because it reminds me of AV's which routinely load running processes and drivers in order to be as somewhat efficient as they are, but this is a Behavior Blocker and although my concerns to these could very well be discounted as normal, i really would like to know if ThreatFire still depends on 4 active drivers to carry out it's intercept concept.

    Thanks EASTER
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    RC Guy,

    With GeSWall and TF and a standard WIndows FW (inbound) and Avast you will be fine. Set Avast standard shield to check only at writes (not read and execution control).

    The easiests and strongest protection is achieved with a Policy Sandbox (DefenseWall or GeSWall) and a behavior blocker (ThreatFire, Primary Response Safe Connect and Mamuto).

    GeSWall has a free version and is a little lighter than DefenseWall (there was some difference but latest GW is hardly faster than DW). DW is the easiest to use (only payware).

    Same applies to behavior blockers. TF is the best (has an issue with allow or quarantaine and no deny or block option which reduces usability and uses the most CPU power). Mamutu is by far the lightest and available in a lot of languages and PRSC is the user friendliest (with a system load somewhere in between Mamuto and TF, but the weakest protection). So depending on your wallet, knowlegde and CPU strength/RAM of your PC you can choose the right package.

    With a policy sandbox and a behavior blocker, you can restrict you AV to check only at writes (Avast is the only freeware with spyware included and modules for P2P, Web, E-mail, Network, in this case you might consider to disable the standard shield completely). This will also make your PC considerably faster.

    When friends ask me what security software to buy, I always give them this advice: when you are on XP or Vista 32 bits: DefenseWall + Mamuto on old machines or users who speak English not so well, DefenseWall + TF on new dual cores with plenty RAM, when you are on Vista64 Hautesecure (free) + PRSC + UAC in quiet mode with VistaFireWallControl 1.2 (free)

    Reason for advising DW = it is totally quiet, Mamutu = available in Dutch + fast, Avast = Available in Dutch plus only fully functional freeware AV. In this way they pay 60 dollars initially and 40 dollars annual. This is reasonable for such string user firendly protection. When they say, but my friend uses freeware, I always tell them to ask their other friend (I just do not want the hassle of being smart and needing to assist friends all the time), why ask me when this friend can save them 30 to 40 euro's.

    This to give them reasonable security (I realise it is not the strongest, but it is the strongest for a noob security user) and make sure I do not get called (because software gives problems or pop-ups).

    Note on differenyt PC's we use GeSWall (XP) + TF, DefenseWall + Mamutu (XP), Haute Secure + PRSC (Vista64), so it is based on experience (and off course personal preference).

    Regards Kees
     
    Last edited: Feb 10, 2008
  8. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Kees1958 ,I have a question,if you don't mind. I have NOD 32, SSM paid, and Comodo firewall. On one of my machines I also have ThreatFire. I have DW but don't always enable protection. I only use DW when I am going somewhere I am not sure. All my computers are set up the same except for TF. With what I have do I gain protection with TF?
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    William,

    Remember what you are doing with the software you have

    DefenseWall
    This basically reduces the rights of threatgate applications like P2P (LimeWire), E-mail (OutlookExpress), Browser (Opera), et cetera to limited user. It does it in a very user firendly matter. DefenseWall has proven to be a very tough cookie, it can be set to handle DVD's/CD ROM's etc als as untrusted sources. This means that when you have a clean PC, you basically do not have to worry about draastic changes on your PC.
    Against UserMode based infections targetted at the registry (like Worms try to do) DefenseWall does not see it as it responsibility, neither the outgoing connections protection.

    Comodo
    When you use Comodo V3 in this mode https://www.wilderssecurity.com/showthread.php?t=199867, the two DW and CFP/D+ practically cover it all, because Comodo gives you the added registry protection and warns you when backdoors/trojans try their tricks to open the PC from within. Nice thing of the latest Comodo version is that it uses the safe programs (originally for teh FireWall) also for D+. So the buildin white and black list will assist you in making choices.

    SSM Paid
    Great Program, but this merely focusses on all risk vectors of you PC, so it sort of doubles everything D+ and DW already take care off. When you have invested a lot in creating your own dedicated registry and file protection with SSM Paid, keep SSM and drop Comodo then. SSM is a HIPS by design so Comodo will score better on leaktests etc. SSM on the other hand has set the standard in HIPSand you might cherish it like a vintage car still able to compete with the latest car models.

    ThreatFire
    This is a behavior Blocker, since you have two HIPS (Comodo's D+ and SSM) it does not really add much to your protection.

    SSM - will use your own behavior as a base line reference
    Comodo - will use your behavior and the black/white list as a base line reference
    TF - uses its own intelligence as a base line, so you will get less false poistives when trying new software.

    When both Comodo and SSM have stopped popping their warnings at you, TF will warn you only against real threats, while SSM and D+ will likely warn you of changes in your own behaviour.

    What to do
    The most balanced protection will be provided by DW and CFP, the user friendliest by DW + TF, DW + SSM would be my choice when you have a lot personal settings and effort put in to SSM. It is up to you, but you can cut down on HIPS.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Easter! i works good and is user friendly. It doesn,t matter whether it loads a single driver or a dozen of them unless they provoke troubles.
     
  11. daniel2007

    daniel2007 Registered Member

    Joined:
    Feb 14, 2008
    Posts:
    25
    RCguy,

    With all due respect to these esteemed colleagues, i'm with you.

    After installing TF, i started experiencing VERY strange performance and then, right in the middle of a dvd movie, the screen went black and i could hear the pc restarting. Just prior to the reboot, i could tell something wasn't quite riight. Everything started slowing down and looked sort of ..... like rubber (seriously, that's the best i can come up with.).

    A day later i woke to a second spontaneous reboot that must have happened over night (without any cpu taxing activity) so i uninstalled TF completely. Be aware that it leaves tons of registry junk behind.

    The proof is in the results. Zero reboots, zero slowdowns, all back to normal. TF is flawed.

    I had the newest version of TF plus v7.x Zone Alarm pro, v5.x Spy Sweeper (both paid) and XP Pro - nothing else. The dvd was running through ATI 9700 built-in player, which is a handful by itself. Even though the hd is rather old (wd 80gb caviar, 5400 rmp, ata), it is far from dying.

    So my advice is : when in doubt, last program out. Remove it and then see what happens.

    ~daniel~
     
  12. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hey, thank you all for all your replies and input. I still haven't caught up with everything that was posted, but there's a lot to read and a lot interesting stuff that was posted...including this S.M.A.R.T.(Self-Monitoring Analysis and Reporting Technology) status that I never knew anything about and that I need to read up on. But I wanted to comment on Daniel's post and say that because of another problem that I'm discussing in the "Help with recovering my "Health" Favorites folder" thread, I recently did a system restore which took my system back to a point before I had installed ThreatFire, and fortunatley for me, ThreatFire was no longer on my computer. And like Daniel's computer, I had noticed that my computer was no longer having the problems that it was having when ThreatFire was on it. Therefore, it appears that the culprit that was responsible for the problems that I was having on my computer has been found and that the "last program out" principle seemed to have applied in my case as I'm sure it applies in most cases. :)
     
    Last edited: Feb 26, 2008
  13. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    I believe you guys had problems with ThreatFire, but I just don't get it. I have used TF with all of these apps over the past several months and have never experienced any troubles. ZoneAlarm Anti-spyware, Spy Sweeper, Avast Home, SuperAntiSpyware, Avira, and Online Armor. I am currently using it with AVG Pro and CounterSpy, and again everything running smoothly. It does leave registry entries like Legacy drivers behind after uninstall, but nearly as many entries as Comodo Pro. Don't know what to say other than maybe it's because I use Windows XP?
     
Loading...
Thread Status:
Not open for further replies.