Threatfire vs Mamutu vs Other HIPs

Discussion in 'other anti-malware software' started by whitedragon551, Jan 22, 2011.

Thread Status:
Not open for further replies.
  1. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Im on Win 7 x64. Just wondering if Threatfire is still being developed? If so how does it stack up to Mamutu. Clearly the are both very similar. Im more concerned with resources, detail in the pop ups, configurability, etc.
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    mamutu gives more detailed popups, its also feels much lighter on my system. TF however is more configurable since u can create ur own detailed rules for it, and it is still being developed but at an extremely slow rate lol, dont expect to get many if any updates like u do with mamutu
     
  3. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    As for ThreatFire still being developed I don't think any of us here know.

    Mamutu lived for a very short time on my netbook due to conflicts with my setup but I did get a chance to look at the settings and alerts. The popups were very clear with detail. Each alert gave a short description of what the behavior was. Its white list/community protection really helped cut down the alerts. I only an alert on one program. As long as it does not conflict with your setup it should be a rather good choice.
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Im thinking LnS with Mamutu would be a great choice. Im trialing Mamutu. Hoping in the next 30 days I can find some sort of give away.
     
  5. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Can you share what your ram usage/cpu usage with Mamutu is?
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    22.5Mbs from mamutu.exe and 25.5Mbs from a2service.exe and very very minimal IO read/writes and CPU usage. So minimal that Process Hacker doesnt even register anything in those columns.
     
  7. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    Actually your ram usage will eventually drop (most of which would be transferred to VM use).
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Yes, on a real machine I have currently only Firefox running and Task manager shows 860K for Mamutu.exe and 1608K for a2service.exe :)
     
  9. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Softpedia still has their big discount, something like a year at $10 and 3 years at $22.
     
  10. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Found one. Thanks though.

    So any ideas on how long the before the usage dies down? Its not bad as it is. Its actually a very light setup, but its nowhere near whats been posted here.
     
  11. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I'd say between four days and a week. Seems to analyse how your current programs are behaving, new processes launching, and calms right down. I didn't change any settings. Excluded some large programs I knew were safe, such as photoshop, office, and security such as malwarebytes or whatever is running. Any safe games, can exclude those too. Messenger clients, windows processes, browsers, new programs can be left as monitored.
     
  12. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Ok. Not that it matters. I was just curious.

    Now I have another question. If you go into the Mamutu processes tab you can set processes to be monitored there.

    I right clicked FF and went into the settings there and checked the box at the bottom; Protect this application from process manipulations. What exactly does this setting do?
     
  13. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Taken from Emsisoft website. :thumb: :D

    Protect this application from process manipulations
    Activate this option to prevent other processes from writing to the memory area of program X. Please note that some programs will only work correctly when this option is not activated. Only activate this feature when you are sure that program X does not require this functionality.
     
  14. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    So basically its a software restriction so drive by downloads will be a moot point without sandboxing the browser?
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I guess it's something like other programs cannot touch the software space. (Like closing the app, running background things through the app etc.) :rolleyes:

    BTW, this is just what i understand and should not be taken 100% seriously :D
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Last edited: Jan 23, 2011
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    That's the hard part of Mamutu, you gotta understand your pop ups like all other HIPS. :D
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    but it is a litle diferent cause a bb will alert after malware start behabing and a hips will alert about any type of process before getting infected and some times malware dont behabe like malware then a bb can be trick the only way out it is to have it set up to high;) to the max:D so it can acts like hips
     
  19. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I believe Behavior blockers shows pop ups before the malware can infect (It holds the processes same as Classical HIPS).

    BTW, a BB is a type of HIPS if i understand correctly :rolleyes:
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    maybe you are correct but i think that untill the process start behabing as malware then it will triger an alert but maybe i am wrong;)
     
  21. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Either BB or HIPS alert before an infection starts. Malware has to perform a action that changes/injects/alters a system file or object that completes its objective. The BB will notice that a process is doing something it shouldn't be doing. It will block the behavior and give the alert to the user. The hips will notice that a process is attempting to be changed and alert the user. The HIPS are "chattier" because a normal non malware file maybe trying to make a legit change and alert the user.
     
  22. MinDokan

    MinDokan Registered Member

    Joined:
    Sep 16, 2010
    Posts:
    44
    Indeed.
    Unknown exe = Block and terminate. But if you allow it, maybe you will get infected.
     
  23. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    But sometimes unknown exe are legit ones :D
     
  24. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    However Mamutu has a very good white list and clear alerts which it what I liked about it.
     
  25. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah, and they also have the decision thing which helps you decide :rolleyes:
    Though, it still needs lots of time, because some files are still not rated :D
     
Loading...
Thread Status:
Not open for further replies.