ThreatFire - Should I or Shouldn't I

Discussion in 'other anti-virus software' started by jpcummins, Dec 27, 2007.

Thread Status:
Not open for further replies.
  1. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater

    I remember reading something about testing AV's for their ability with behavior based detection which involves running malware rather than flat file scanning which does not.

    There is an initiative to do this being pushed by Symantec, Trend and a few smaller AV labs.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Having services disabled means that few (if any) services are listening on ports, thus preventing remote exploitation. Once malware is installed, it can do whatever it wants (lowering IE security settings, disabling the built-in firewall, Task Manager and Regedit, writing to the hosts file), so having BITS disabled will do nothing to increase your security :)
    BITS can only be controled by a firewall with a strict ruleset (limiting remote ports and IPs) and/or a HIPS module.
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I haven't tried, but even if TF would catch it this is not an acceptable solution for me. Levels 4 and 5 produce too many FPs for ThreatFire to be usable.
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Really? What kind of FPs?
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Thank you lucas and Diver. In other words, malware (if allowed to run) can modify a service anytime and it doesn't matter if it's set to disabled, manual or autostart and then it can disable or autostart anything it wants. So I guess disabled services are mainly good for speed and limiting services listening on ports.

    I don't have any custom firewall rules, but I understand what your saying. Nothing normally isn't listening on a port except one program I have. I also don't have any rules for svchost or explorer in my firewall rules and only allow them out temporarily when needed. I guess that's the best I can do for now.

    Thanks again
     
  6. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    hi

    TF is good vut it mess up with some look like util like RADMIN...it block it and it took me time to understand the coz of the lame blocking


    cheers:)
     
  7. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    627
    Location:
    Terre Haute, IN
    I installed ThreatFire free on my system. The system became very slow and when booting up took forever for the icons to appear on the desktop. When I uninstalled ThreatFire everything went back to normal. Operating system is Windows XP SP2; firewall is Sygate Professional. Virus protection is Symantec AntiVirus Corporate Version, spyware is SuperAntiSpyware. In addition I am running SnoopFree Privacy Shield and WinPatrol. I had hoped to have ThreatFire as a compliment. I installed ThreatFire using level three without any advanced rules. Any ideas why I would be having dificulties? As always all replies will be appreciated and I thank you in advance.

    John
     
  8. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I have noticed on some system that the Threatfire service noticeably slows the pc down when it coexists with some other security tools. I have observed it enough to believe it is quite common since the last major update. Perhaps during specialized scans of several tools on the same components it has a sequence or timing issue.

    Try and disable or even uninstall some of the other tools and re enable them or re install them one at a time, until you identify the conflict...
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I had the same thing happen with Symantec, but no problems with TF. I suspect there may be some bad interaction there with Symantec. But it's just a wild guess, I suppose there's no way of telling unless you uninstall some of the apps one by one and try out all the combinations. Probably not worth all the effort though...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.