Threatfire vs Mamutu vs Other HIPs

Im on Win 7 x64. Just wondering if Threatfire is still being developed? If so how does it stack up to Mamutu. Clearly the are both very similar. Im more concerned with resources, detail in the pop ups, configurability, etc.

 

mamutu gives more detailed popups, its also feels much lighter on my system. TF however is more configurable since u can create ur own detailed rules for it, and it is still being developed but at an extremely slow rate lol, dont expect to get many if any updates like u do with mamutu

 

As for ThreatFire still being developed I don't think any of us here know.

Mamutu lived for a very short time on my netbook due to conflicts with my setup but I did get a chance to look at the settings and alerts. The popups were very clear with detail. Each alert gave a short description of what the behavior was. Its white list/community protection really helped cut down the alerts. I only an alert on one program. As long as it does not conflict with your setup it should be a rather good choice.

 

Im thinking LnS with Mamutu would be a great choice. Im trialing Mamutu. Hoping in the next 30 days I can find some sort of give away.

 

Can you share what your ram usage/cpu usage with Mamutu is?

 

22.5Mbs from mamutu.exe and 25.5Mbs from a2service.exe and very very minimal IO read/writes and CPU usage. So minimal that Process Hacker doesnt even register anything in those columns.

 

Actually your ram usage will eventually drop (most of which would be transferred to VM use).

 

Yes, on a real machine I have currently only Firefox running and Task manager shows 860K for Mamutu.exe and 1608K for a2service.exe

 

Softpedia still has their big discount, something like a year at $10 and 3 years at $22.

 

Found one. Thanks though.

So any ideas on how long the before the usage dies down? Its not bad as it is. Its actually a very light setup, but its nowhere near whats been posted here.

 

I'd say between four days and a week. Seems to analyse how your current programs are behaving, new processes launching, and calms right down. I didn't change any settings. Excluded some large programs I knew were safe, such as photoshop, office, and security such as malwarebytes or whatever is running. Any safe games, can exclude those too. Messenger clients, windows processes, browsers, new programs can be left as monitored.

 

Ok. Not that it matters. I was just curious.

Now I have another question. If you go into the Mamutu processes tab you can set processes to be monitored there.

I right clicked FF and went into the settings there and checked the box at the bottom; Protect this application from process manipulations. What exactly does this setting do?

 

Taken from Emsisoft website.

Protect this application from process manipulations
Activate this option to prevent other processes from writing to the memory area of program X. Please note that some programs will only work correctly when this option is not activated. Only activate this feature when you are sure that program X does not require this functionality.

 

So basically its a software restriction so drive by downloads will be a moot point without sandboxing the browser?

 

I guess it's something like other programs cannot touch the software space. (Like closing the app, running background things through the app etc.)

BTW, this is just what i understand and should not be taken 100% seriously

 

http://www.youtube.com/watch?v=z4n5PtRoJi8
mamutu fails here
http://www.youtube.com/watch?v=hHHsrF-eiTI
threatfire fails here

 

That's the hard part of Mamutu, you gotta understand your pop ups like all other HIPS.

 

but it is a litle diferent cause a bb will alert after malware start behabing and a hips will alert about any type of process before getting infected and some times malware dont behabe like malware then a bb can be trick the only way out it is to have it set up to high to the max so it can acts like hips

 

I believe Behavior blockers shows pop ups before the malware can infect (It holds the processes same as Classical HIPS).

BTW, a BB is a type of HIPS if i understand correctly

 

maybe you are correct but i think that untill the process start behabing as malware then it will triger an alert but maybe i am wrong

 

Either BB or HIPS alert before an infection starts. Malware has to perform a action that changes/injects/alters a system file or object that completes its objective. The BB will notice that a process is doing something it shouldn't be doing. It will block the behavior and give the alert to the user. The hips will notice that a process is attempting to be changed and alert the user. The HIPS are "chattier" because a normal non malware file maybe trying to make a legit change and alert the user.

 

Indeed.
Unknown exe = Block and terminate. But if you allow it, maybe you will get infected.

 

But sometimes unknown exe are legit ones

 

However Mamutu has a very good white list and clear alerts which it what I liked about it.

 

Yeah, and they also have the decision thing which helps you decide
Though, it still needs lots of time, because some files are still not rated