What's Wrong with Threatfire?

Discussion in 'other anti-malware software' started by dw426, Jun 26, 2008.

Thread Status:
Not open for further replies.
  1. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Why, when it supposedly "detects a threat", does it NOT tell you what that threat is? Also, why don't files that you ask it to kill and quarantine NEVER show up in the detected threats NOR the quarantine list? Does it just not like my system or what the heck is wrong with this supposed "great security addition"? What good is a security app that just kills/deletes/quarantines whatever it pleases and then doesn't even bother to tell you why it did it?

    I'm not especially good with trying to figure what's bad and what's good, but I also don't want some program deciding for me and not at least give me a general idea of what the problem is. This is at least the 4th time I've tried this program out, maybe it's good, I don't know, all I do know is when it's installed, my system noticeably slows and the program just does whatever the heck it wants to. I posted this mostly as a rant but also in the hopes maybe someone could give an idea of why it acts like it's keeping national security secrets every time it detects something.

    Edit: Well, I found out why it did it, though only by starting up Internet Explorer afterward. After removing what was deemed to be a safe program by Avira, SAS Pro and checking the EULA against EULA Analyzer, I found that the program damn near destroyed Internet Explorer. Luckily the files remained in the Recycle Bin and since restoring them it SEEMS to be working fine again. I still stand by my rant though, Threatfire could have told me a hell of a lot more than just "detected malicious behavior, allow/quarantine".
     
    Last edited: Jun 26, 2008
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I didn't have any problems with ThreatFire, I just don't like the blacklist part.
    Does Mamutu also have a blacklist part ? I need a behavior blocker without AV and without questions, if possible.
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    If you find one, let me know please. I'm perfectly fine with HIPS as a concept and as a good tool to use, but it's still just too difficult for me to figure out what all the pop-ups mean when HIPS does tell me what went wrong, and I'm completely stupid when it comes to figuring out what to do when HIPS doesn't give enough information
     
  5. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I think PRSC/NAB and Mamuto both do not use signature scanning.
     
  6. ola nordmann

    ola nordmann Registered Member

    Joined:
    May 6, 2007
    Posts:
    89
    I like ThreatFire, and considering the price tag it's a real bargain of an "intelligent" HIPS :)

    The AV is on-demand only, so you don't have to use it unless you really want.

    (There are probably better AV scanners out there anyway ; )
     
  7. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    The av also scans files that the behavourial blocker found suspicious before it alerts you.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    PRSC/ NAB has a small black list too.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK Guys, thanks alot for your input. I will dream about it first and then decide what to do. A behavior blocker would be my 4th security software. :D
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That makes two of us. Maybe we are too smart to use HIPS. ;)
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Could be :) I'm afraid the real answer in my case though is that, at least right now, HIPS might as well be quantum physics to me, lol.
     
  12. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    while it is completely your business, i am more than a little curious as to why (and i realise this is a character flaw, but i prefer a rational over emotional reason..please) you dislike blacklisting.

    i personally like whitelist and blacklist apps like Prevx2 (damn i used the P word) as i believe they reduce potential FP's and pop-ups. but as i am not technically strong, i very well could be missing something. do you what you do well Eric, enlighten me.


    Mike
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    After doing a little research into Cyberhawk (early versions) and then my short trials of TF where i ran into the same issues as most others, i might be wrong but going back to later Cyberhawk versions where they went from (3) drivers over to (4) i think that's where the most trouble lies. In Cyberhawk (3) driver apps, the program performs exceptional for me. If i install an early version beyond that with the (4) drivers, thats where my system begins to experience chokes & issues. I seen the same (4) drivers are also implimented into TF, and combine that with the extras they've added, i been reading more disappointments and concerns on an ever growing basis and some users dumping it altogether.

    I'm no programmer, but it doesn't take one to make an inventory of what an app uses to carry out it's designed purposes, and for better or worse, right or wrong, i've settled on that conclusion because with the CH (3) driver implimentation, i get instant results, immediate termination of the source offending file (usually dll injections), and complete stability with absolutely no slow downs or burps whatsoever.

    I would say it's time for them to trim the fat a bit, and take some stock from early CyberHawk versions to better TF and reduce it's load and issues.

    EASTER
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    True,

    I complained at PC Tools that the way TF works, a restore point should made before quarantaining to correct errors (1st / top image setting). See pic, after this change, you can set TF to decide more for you (2nd / bottom image settings)
     

    Attached Files:

    • TF.JPG
      TF.JPG
      File size:
      117.5 KB
      Views:
      8
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Thanks for that tip Kees, I appreciate it :)
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857

    You can also press the "learn more from this threat" link in the pop-up. It will generate a Google search. (Note I have set protection level to 4, this seems to generate a warning sooner, and drags less correction with it, causing less damagae to existing programs: in simple terms, you reduce the risk of quarantaining your browser when a malware is targetting it, but could faced some/little more pop-ups). Because TF fires earlier, less has to be corrected, level four also seems to have a positive effect on CPU usage (I have not encountered the down side of generating more FP's at level 4)
     
  17. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Your posts Kees should be made a sticky! Excellent tweak!
     
    Last edited: Jul 4, 2008
  18. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hi there Kees, yes, I knew about the "Learn more" option, but more often than not the threat Threatfire would report was labeled "Unknown" which made a Google search pretty hard to do :)
     
  19. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Well Kees1958, I appreciate all the help you gave me regarding Rising and such, but my system just hates HIPS it seems. After running Rising overnight, it started giving me reboots (much like DriveSentry still does). I just can't keep messing around with this stuff and crashing the system over and over again. So, here is what I have done;

    1. Took out GesWall and put SBIE back on.

    2. Added Threatfire and set it to Level 4 along with changing the default actions per your post earlier in this thread. I do notice much less slowdown now.

    3. Took out Rising and put Avast Home back on. What can I say, AV Comparatives aside, I like this AV. It's easy on the system and covers web scanning and P2P, the two areas I consider very important these days.

    I decided to leave Returnil off since, if I read correctly one of your posts, two virtualizations are not necessary. I'm going to be adding Opera today so my browser safety is in check I believe. I'm not sure what the deal is, but it seems like the more "hardcore" security I put on this thing, the more troubles I have. My current set up buzzes right along. I'm always open to more advice, but like I said, the more protection I seem to add the worse things perform. I don't know, what do you think of the set up I have now?
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Avast + ThreatFire + SBIE = near digital fort Knox, so you are okay do not worry ;)
     
  21. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    That's good to hear, thank you :) Now maybe I can sleep better tonight instead of being in bed worrying about settings, which I did, lol.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I'm trying my best to cozy up to TF, and some of you seem to express complete confidence in it so i'm asking for some of your opinions.

    Aside from incompatibility issues with a few apps, do you find it effective? I mean have you tested it locally on your system with both leaktest samples and/or real malware? And are you pleased with it's results.

    Also, theres been mentioned CPU taxing with TF, is this a sporatic random experience or do you notice any over strain on the CPU while it's engaged?

    One more question. Can you verify TF uses (4) drivers to accomplish it's purpose or (3)?

    Thanks EASTER
     
  23. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    @Easter

    I have TF on two systems and I haven't noticed the slowdown that some users report on either of my systems. I have never had it interfere with any programs on my computers either with the exception of one. The only program I have had it interfere with is LockNote and it only does it on one of my systems for some reason. I have to suspend TF when I want to use LN on that system.

    Also, TF does use four drivers.
    TFDrivers.jpg
     
  24. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    My main issue with Threatfire , is that i hate the network module. I can feel it adding lag time to browsing. I hate it, i hate it, i hate it. And if you disable it, you get repeated errors in the XP Event Viewer. I wish they would simply make it possible to disable the damn module in options.

    Otherwise Threatfire isn't particularly CPU hungry.
     
  25. rolarocka

    rolarocka Guest

    Yes threatfire slows down my system a bit but i do have an old athlon xp 3200 so i notice every minimal slowdown caused by software. I dont think you will notice any slowdowns at all with an quad core. I have seen threatfire doing a better job than traditional AV's. Threatfire was allways a few hours and sometimes a few days ahead of those AV's and their signatures.
     
Loading...
Thread Status:
Not open for further replies.