ThreatFire, overkill with NOD32?

ThreatFire, obsolete with NOD32?

A lot of people here are using NOD32 alongside ThreatFire, like myself.
But, has it ever happened to someone ThreatFire detected a malware NOD32 didn't?

I mean: alright, they run fine together, are low on resource usage, but are there some instances ThreatFire actually complements NOD32, or does NOD32 just completely overlaps on ThreatFire's domain, making the latter obsolete?

 

Well, Wyrd has made the following post some time ago:

NOD 32 is a great start, but I wouldn't feel secure using its anti-spyware engine alone...combining ESET NOD32 with a few other security programs, such as CounterSpy and ThreatFire, your PC becomes a solidly-protected platform, since each one complements the others--NOD32 is predominantly an AV program, CounterSpy offers real-time anti-spyware protection, and ThreatFire is a behavior-based HIPS program that guards your PC from the execution of things that might creep somehow through the filters of the other security programs you have.

That's not unwise! But the question we got to ask is, if ThreatFire's really necessary in the big scheme of things?

 

It is not overkill. ThreatFire is a very nice application. A single application will not catch everything. A layered defense is the best defense against malware.

 

But, is ThreatFire really doing something that NOD32 isn't?
Isn't NOD32 using the same behavioral/heuristic approach?

P.S.: I think that, not being very paranoiac, NOD32 will just be enough for me.

 

See (Antivirus heuristics VS behavior blocker?):
https://www.wilderssecurity.com/showthread.php?t=183504

 

Re: ThreatFire, obsolete with NOD32?

These are two different tools. Nod32 is a top flight AV using signatures and heuristic analysis. You pay for it in $. What would help you is to study all the features of Nod32 it scans email attachments as they come in and go out for example.

ThreatFire is a FREE HIPS tool not based on signatures but uses an analysis of a programs behavior patterns to guess if it is a parasite exe. So IF Nod32 missed a parasite (and no scanner based on signatures can catch them all) then the HIPS should catch it on bad behavour.

So a user should have a good AV from the top tier, plus a HIPS and of course (and maybe first) a solid two way firewall.

So to answer your question TF a HIPS is not obsolete with Nod32.

I suggest you control the connect attempt outs with TF as it is a freebee and vendors have been using these to collect info at least by group for marketing reasons.

So in this case, you would turn off all connect out and sharing settings options and only update TF when you want too. Once per day would be more than enough.

Put in the ip's it uses for this update into your FW rule so TF can't connect elsewhere without YOU knowing it.

Hope this helps you.

 

a lot of this free stuff seems more like spyware than.. er well spyware? heard stories of zone alarm doing all kinds of things and as you say threatfire never gets of the phone on default settings. puts me off a little!