Threatfire, is it worth it?

Discussion in 'other anti-malware software' started by Diver, Dec 23, 2007.

Thread Status:
Not open for further replies.
  1. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    When I install any software that remains resident (nearly all security software does) I run a benchmark with Super Pi to test for slowdowns. On my system, a notebook with loits of fanch hardware features, Theatfire increases the time for Super Pi to run by 3% to 4%. My system error logs also show some triggering of AV anti tampering features.

    The question (and topic) is it worth it to run Theatfire with these negatives known?

    I know that Threatfire has done well in some independent tests, but this is against known malware. The real test is if it finds stuff that signature based AV's miss at a high enough rate to be trusted.

    Has any Threatfire user around here found (and confirmed later) malware using Theatfire that a decent AV missed?

    In other words, has Threatfire ever saved your back side...
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    If that's your question, then yes. ThreatFire offers incredible protection in return for minimal user intervention. I don't personally recommend anyone else do this, but it's the only security software I run on my main machine - it works much better than any AV.

    If your question is the one posed in the thread subject, however, then no. You obviously don't see much malware if you ever have reason to doubt ThreatFire's effectiveness. No point in sacrificing system performance for protection you don't need.
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,123
    Location:
    USA
    FWIW, Threatfire received high marks in this review.

    http://www.pcmag.com/article2/0,2704,2191333,00.asp

    I prefer Mamutu which is similar and seems to have less impact on performance then TF. TF is free though, which is a big selling point (pun intended). Eventually I stopped using both and moved to SafeSpace since I think the CPU cycles are better dedicated to a sandbox. SS also drops browser privileges and has key-logger protection.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Is it worth depends on your set up.

    I like the concept of a sandbox as first defense and a behavioral blocker as a second line. This has proven adequate on several setups (XP and Vista).

    The CPU power of your PC also makes a difference. For instance a Athlon 3900 runs TF seamlessly, on the Athlon 3400 I bought A2 with IDS (IDS only is now Mamuto), because the slightly weaker CPU suffered to much from the first TF versions. Although those processors did not differ that much in power, TF was felt on the 3400, but did not seem to harm (performance wise) the 3900.

    The question is it worth the CPU cycles? This is a mixed bag answer, I have only infected our PC's, So really no security software has saved my back. For me it was a reason to drop black list programs like AV and AS (I use A2 as Mamuto, without scanning). Want to see a jump (reduction) in Super PI calculations, shut off the read or execute (so write only) check of your AV, buy a hardware router with SPI and forget software FW.

    Regards Kees
     
    Last edited: Dec 23, 2007
  5. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    Threatfire runs better with Firefox or Opera if you are worried about IE slowdowns while using it. I like Sandboxie over SS. SafeSpace bogs down my system, but it might run better w/out TF.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep TF runs well with Opera, also set history to use memory in stead of disk when you have +1 GB Ram on XP.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I think one question you have to ask yourself is, does running TF make any real noticeable difference in your overall system performance. What does that 1% increase really mean? Is it just a number, or do you actually see the difference?

    If there is no noticeable difference in performance with or without it, then I'd say go ahead and use it, what can it harm? And it just may do some good.

    When I ran it here on this old PIII 1 gig cpu, the impact seemed quite minimal, and therefore worth it. If it catches something that Avira might miss just once, then it was well worth it IMO...
     
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Some interesting ideas here. Mamutu, sounds like a name for a polar bear. The machine in question has a fairly fast 2 ghz Core 2 Duo CPU. That tip on history in memory seems interesting, I have 2 Gigs & XP. Is history needed at all? I guess I am not ready to turn off AV scanning on reads because then there is no automatic scan when a folder is opened. In many cases a suspect item is simply left alone for a while to see if it shows up in a subsequent signature file.

    I will have to check for any perceived slow down. Also, I wonder if the slow down is across the board, or simply due to something Super Pi does.

    Same old story, test, test, test. How many times to you see that one?
     
  9. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Mine too. And i was just running Safespace alone...
     
Loading...
Thread Status:
Not open for further replies.