Threatfire???

Discussion in 'other anti-malware software' started by Antimalware18, Apr 11, 2013.

Thread Status:
Not open for further replies.
  1. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    I know this product is dead but I used it back in 08 and really liked it and was wondering if anyone had a link to a download for it or a .exe they could msg me with. And also how would it do in todays malware landscape without updates?
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    You can get it from there
    -http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/Cyberhawk.shtml
    Some links to download are dead but this one is active...I tested it succesfuly 3 minutes ago :)
     
  3. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    Thank you :thumb: :thumb:

    Now my next question, any idea on how good this would do in today's landscape?
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    There is no upgrade for TF and update for anti-malware definition but mainly TF is...can be...a powerful system monitor/behaviour blocker...even something like HIPS...especially when you enable advanced settings and additional rules for registry, port listening, outgoing connection, special folders.
    It's only my private opinion but I have good experience with TF and I know that it's very customizable.
     
  5. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    -http://www.pctools.com/mirror/tfinstall.exe-
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But in that case, Comodo would be a better option. Throw everything out the window and make the rules yourself. At least it's more up to date than heavily outdated ThreatFire. And if we can believe them, they are planning to make an actual behavior blocker (not the current Autosandboxing that just carries the name of BB).
     
  7. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    As Kees1958 I have written some tutorials on how to fine tune Threatfire. Behavioral blockers were an innovation which seemed to be the way to go. The heuristics/cloud based reputation scoring and code emulation/sandboxing capabilities have replaced the added value of a seperate behavioral blocker, because OS (offering low rights sandbox) and AV's have evolved

    1. On-execution whitelisting/blacklisting
    Caching and hashing of PE's is so much more advanced that AV's are much better in distinguishing new code from existing code. Reducing general overhead makes it easier to apply a smart risk assessment and allow whitelisted, blockblacklisted and analyse grey-in-between.

    2. Detailed on-execution analysis of PE not on the whitelist or on the blacklist
    New executables are much more scrutenised than in the past. Static PE-analysis, Code emulation, Heuristics, reputation scoring will providethorough threat rating knowledge of this grey (not good not bad) executable. So same or even better risk assesment without the behavioral blocker disadvantage of letting the unknown PE run in the wild on your system.

    3. Behavior analysis in the sandbox
    Modern AV's are able to auto sandbox a suspicious executable based on above steps. Big advantage is that the AV is able to analys the behaviour of the suspicious executable in the sandbox.

    4. Smart "write through" sandboxing
    When the behavioral analysis does not show signs of suspicious behaviour, the installation can be deployed to the real system (write through sandbox).

    Today it is possible to have a very proficient security setup with a lean mix of for instance only:
    a. IP-filtering of your browser, complimented with for instance adblock plus (to keep you away from nasties)
    b. Sandbox of IE or Chrome (low rights container, unable to touch medium/high right processes/objects)
    c. EMET (mitigates arbitrary code execution in memory)
    d. ExploitShield (warns for drive by/downloading executable code through suspicious/exploit behavior)
    e. File download reputation scoring of Chrome or IE
    f. Avast file & behavioral shield (provides discussed protection of steps 1 to 4).
     
    Last edited: Apr 11, 2013
  8. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    Before you download Threatfire Oops' anyways I'd get some more opinions, that application has been known to have a mind of its own...*puppy*
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Thank you kees for another wonderful and very informative post.You seem very knowledgeable on software restriction policies etc and just wondered if i may ask you what your opinion is on CIS 6.I would value your opinion very much as this is my chosen security at the moment.Is it a solid enough suite at this present time.
    Thank you.
     
  10. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    ThreatFire is complete dead - no further developement, no support till over a year. is not secure any longer nor can prevent any actual malware.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    Lets leave comments and questions about CIS or Comodo products out of this thread. This thread is about Threatfire.

    Any of the other questions can be asked in another thread.

    Thank you.
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I had it installed on XP a few years ago. It was fine, until it wasn't ! It caused all sorts of problems to appear, resulting in my having to reinstall the OS :mad:

    One best left gathering cobwebs :D
     
  13. ght1

    ght1 Guest

    It's as dead as a dodo. :doubt:
     
  14. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    It was an excellent program in its day. Minus the fact a few people had some system/keyboard lockups, before sandboxie etc became popular, when visiting a dodgy site, it was good to see that little flame in the corner.

    Saved my bacon a few times! :cool:
     
  15. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    I've got it installed and running right now just fine. I'll say this, it might be dead and it might not be furthered developed. But to me for technology like Threatfire (BB/hips/hids) since it doesnt really rely on signatures I could honestly care less if its dead or not.
     
  16. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    617
    Location:
    Wembley, London
    Still got the installer here.
    Tempted to give it another try, used it before with great effect.
    Thanks for reminding me :thumb:
     
  17. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    RetroFire....:cool:
     
  18. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    for RetroThreats on RetroOSes :D
     
  19. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    Before installing Defensewall on my PC, I was using the last release of Threatfire. I had set it on level 4 and added custom rules provided by Kees1958. I totally agree with you. Even if it's not updated anymore, I don't mind at all since it provides solid protection even on these days.
     
  20. FOXP2

    FOXP2 Guest

    So, it's "not secure any longer nor can prevent any actual malware" or "it provides solid protection" and "(causes) all sorts of problems or "(runs) right now just fine."
     
  21. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    You are wrong:
    TF versus Sality - passed
    -https://safegroup.pl/artykuly/threatfire-vs-rozne-zagrozenia-t7169.html?hilit=threatfire#p171389
    TF versus Ransomware.Celas - passed
    -https://safegroup.pl/artykuly/threatfire-vs-ransomware-celas-t7179.html?hilit=threatfire#p171490
    TF versus large number of malware - passed
    -http://www.youtube.com/watch?v=pyRliGiJjt0&feature=youtu.be
    IMHO...TF it's still worth of attention.
     
  22. ght1

    ght1 Guest

  23. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    @ght1
    Haha...please!...this post is cutted from context...yous should look at earlier post...you see?... December 29th, 2010 and my is written 5 months later as provocation to refresh the thread.
    All my mentions/opinion about TF are similar...it's just great software.
     
  25. ght1

    ght1 Guest

    I see, let's install Threatfire. Today is the Wilders Threatfire Party. Come on ... :D :thumb: Hehe, but I remember the killed keyboard ...
     
Thread Status:
Not open for further replies.