ThreatFire, overkill with NOD32?

Discussion in 'NOD32 version 2 Forum' started by twipley, May 22, 2008.

Thread Status:
Not open for further replies.
  1. twipley

    twipley Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    9
    ThreatFire, obsolete with NOD32?

    A lot of people here are using NOD32 alongside ThreatFire, like myself. :)
    But, has it ever happened to someone ThreatFire detected a malware NOD32 didn't?

    I mean: alright, they run fine together, are low on resource usage, but are there some instances ThreatFire actually complements NOD32, or does NOD32 just completely overlaps on ThreatFire's domain, making the latter obsolete?
     
    Last edited: May 22, 2008
  2. twipley

    twipley Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    9
    Well, Wyrd has made the following post some time ago:

    NOD 32 is a great start, but I wouldn't feel secure using its anti-spyware engine alone...combining ESET NOD32 with a few other security programs, such as CounterSpy and ThreatFire, your PC becomes a solidly-protected platform, since each one complements the others--NOD32 is predominantly an AV program, CounterSpy offers real-time anti-spyware protection, and ThreatFire is a behavior-based HIPS program that guards your PC from the execution of things that might creep somehow through the filters of the other security programs you have.

    That's not unwise! But the question we got to ask is, if ThreatFire's really necessary in the big scheme of things? *puppy*
     
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    It is not overkill. ThreatFire is a very nice application. A single application will not catch everything. A layered defense is the best defense against malware.
     
  4. twipley

    twipley Registered Member

    Joined:
    Feb 15, 2008
    Posts:
    9
    But, is ThreatFire really doing something that NOD32 isn't?
    Isn't NOD32 using the same behavioral/heuristic approach?

    P.S.: I think that, not being very paranoiac, NOD32 will just be enough for me.
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    See (Antivirus heuristics VS behavior blocker?):
    https://www.wilderssecurity.com/showthread.php?t=183504
     
  6. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: ThreatFire, obsolete with NOD32?

    These are two different tools. Nod32 is a top flight AV using signatures and heuristic analysis. You pay for it in $. What would help you is to study all the features of Nod32 it scans email attachments as they come in and go out for example.

    ThreatFire is a FREE HIPS tool not based on signatures but uses an analysis of a programs behavior patterns to guess if it is a parasite exe. So IF Nod32 missed a parasite (and no scanner based on signatures can catch them all) then the HIPS should catch it on bad behavour.

    So a user should have a good AV from the top tier, plus a HIPS and of course (and maybe first) a solid two way firewall.

    So to answer your question TF a HIPS is not obsolete with Nod32.


    I suggest you control the connect attempt outs with TF as it is a freebee and vendors have been using these to collect info at least by group for marketing reasons.

    So in this case, you would turn off all connect out and sharing settings options and only update TF when you want too. Once per day would be more than enough.

    Put in the ip's it uses for this update into your FW rule so TF can't connect elsewhere without YOU knowing it.

    Hope this helps you.
     
    Last edited: May 25, 2008
  7. stratoc

    stratoc Guest

    a lot of this free stuff seems more like spyware than.. er well spyware? heard stories of zone alarm doing all kinds of things and as you say threatfire never gets of the phone on default settings. puts me off a little!
     
Thread Status:
Not open for further replies.