Avast WEBforum

Other => General Topics => Topic started by: SpeedyPC on June 06, 2009, 10:12:24 AM

Title: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 06, 2009, 10:12:24 AM
Hi all, ;D

Just dropping by :D ;D while I'm cleaning up a friend of mind from work who has problem with his PC with a very nasty >:( bucket loads of virus, malware, adwares, trojans etc etc. And he was about 6 months behind the MS security update patch and I've spend the last 3hrs fixing his problem, he had Norton 360 security software and he hate it so bad and it a very long story to explain.

Okay everything is clean up MS is fully patch and up to date with Avast ;).

Now a question has anybody used ThreatFire v4.5.0.17 the latest  came out in May 27, 2009 cause I never used it, and I would like your feedback on the good, the bad and the ugly side of ThreatFire because he want to have this installed onto his PC and this is why I'm here to ask you about it before I give this to him.

ThreatFire Highlights:
• Persistent zero-day threat protection made easy for everyone — even novice users!
• Perpetually ready for the next malware outbreak, with no signature updates required.
• Runs in background without impacting system performance.
• NEW! ThreatFire now includes advanced protection features including malware quarantine and removal, rootkit scanner and custom rules settings in both the Free and Pro versions.
• Patent-pending ActiveDefense technology intelligently scans and analyzes computer processes to detect and block any malicious activity — without false positives!
• Highest level of out-of-the-box accuracy. No need to configure baffling, technical security settings: just turn ThreatFire on and start blocking malware.
• Protects against both known and zero-day viruses, worms, trojans, buffer overflows, rootkits and even some spyware.
• Works alongside your current security programs — there is no need to uninstall your antivirus, anti-spyware, firewall or other security program before installing ThreatFire.
• NEW! ThreatFire Pro includes PC Tools AntiVirus’s on-demand AV scanner, giving you added peace of mind so you can quickly and easily scan your PC for known threats.

SpeedyPC

Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 06, 2009, 12:16:39 PM
It certanly has a very very high level of detection on brand new samples. I'd certanly recommend running ThreatFire along avast! for extreme total protection.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 06, 2009, 12:41:44 PM
It certanly has a very very high level of detection on brand new samples. I'd certanly recommend running ThreatFire along avast! for extreme total protection.

RejZoR are there any Pro and Con about this software ??? ??? ???
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 06, 2009, 01:33:12 PM
Apart from a massive list of pros, i couldn't think of a single con...
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Lisandro on June 06, 2009, 01:45:58 PM
Not for me... thanks. Tons of questions to allow, resource taking, bad interaction with Firefox extensions... Never caught anything when running in my computer... maybe the major protection is just safe browsing. Well, just my opinion.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Tarq57 on June 06, 2009, 02:04:58 PM
I don't use the version you mention, but have used version 3.5 (which had problems with the Avast GUI) and 2X #4 versions, currently 4.1 which is on my computer now, with absolutely no ill effects.
Only popups  experienced have been when installing or running little known software. I tend not to encounter any genuine in-the-wild malware for some reason. Sites that are infected tend to be pulled up short by the Avast webshield before any unsavoury content gets to challenge TF's defences. (And I don't have a deathwish to bypass the Avast protection in order to test TF out; this is my working computer, not for testing stuff.)
Currently both TF entries in taksmanager total a rather meagre 8.5~ Mb, for what it's worth.
I have read that TF is certainly reasonably effective against zero day malware, but also that it is not perfect (what is?) and so one should not feel invulnerable just because it is there.
Consider it an extra layer that may save your 6, nothing more, nothing less. ;)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Lisandro on June 06, 2009, 02:09:09 PM
Maybe you're right Tarq, I just used an old version and it's not my intention make FUD.
Just that avast and the HIPS of Online Armour firewall are more than enough to me ;)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Tarq57 on June 06, 2009, 02:12:54 PM
Absolutely, I wasn't having a go at your opinion, far from it!
But I did realize that your past experience with TF - which wasn't a good one - was some time ago, so I thought I'd just put my 2p in.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 06, 2009, 02:19:58 PM
Tech,

Have you every thought about trying out the latest version again, I fully understand you had some bad experience with TF version 3.5 maybe the latest may have resolved the problem with Firefox ;)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Lisandro on June 06, 2009, 02:28:10 PM
Tech,

Have you every thought about trying out the latest version again, I fully understand you had some bad experience with TF version 3.5 maybe the latest may have resolved the problem with Firefox ;)
Maybe... I think safe browsing habits does the job alone...
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: drhayden1 on June 06, 2009, 02:58:42 PM
SpeedyPC
Quote
Works alongside your current security programs — there is no need to uninstall your antivirus, anti-spyware, firewall or other security program before installing ThreatFire.
The last time i used Threatfire-in my windows security center it said i had two antivirus programs running
which i didn't feel at home with ???
Just like Garfield doesn't feel at home with (http://i40.tinypic.com/2vkz4uu.jpg)  
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 06, 2009, 03:06:00 PM
Ha ha ha ;D
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Tarq57 on June 06, 2009, 03:18:48 PM
drhayden1 , this is normal. TF is recognized by the security centre as an AV. There is an option during installation of TF (and subsequently in the program settings) to disable the reporting in the security centre, in order to allay the concerns of folk who (correctly) feel disturbed about the reporting of more than one AV installed.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: polonus on June 06, 2009, 03:25:44 PM
Hi SpeedyPC,

I have changed from ComodoBoClean that was discontinued as a stand-alone real-time scanner program to Threatfire. I am rather satisfied to have it. Only remember one hick-up, a real blurp really towards TDIMON.exe. Threatfire protested against me starting up TDIMON from systems internals. It protested against the fact that a device driver was loaded (normally this is a security risk where unknown proggies etc. are concerned), so I had to specifically allow that in the threat control center. The way it blocked it was so abrupt, it just set 0000: 00 00 00 00  in user32 and so I lost connection for both Firefox and SRWare's Iron browser for which I had a restart to restore the right workings. So make Threatfire remember these issues permanently in advance, because normally it does its job silently in the background, but when it has to act it acts with a lot of noise,

polonus
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 06, 2009, 04:17:49 PM
Not for me... thanks. Tons of questions to allow, resource taking, bad interaction with Firefox extensions... Never caught anything when running in my computer... maybe the major protection is just safe browsing. Well, just my opinion.

Sorry but thats bollocks. ThreatFire is not HIPS. I don't have clue where you got "tons of questions". Because i certanly didn't get any. Maybe one or two tops. Thats far from "many".
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Hard_ROCKER on June 06, 2009, 04:24:55 PM
If Polonus and RejZoR say it's good then i will check it out for sure. :)

@RejZoR: Does it work well on Vista x64, any probs ?

What is the difference beetwen the Free and the Pro versions ?
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 06, 2009, 04:46:41 PM
What is the difference beetwen the Free and the Pro versions ?

Darth here a link to answer to your question http://www.threatfire.com/download/ (http://www.threatfire.com/download/)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: cinchez on June 06, 2009, 04:58:39 PM
IMO, Threatfire is easily extinguished by malwares^^

In my past experience, The so called Threatfire detected malwares on my PC yet it said it cant remove them...weird...^^(thats about umm...a year ago, so maybe the latest version is good)

So thats y i found avast! in the 1st place and it totally ripped the malwares apart!^^

(No hard feeling for threatfire users, as i didnt intend to hurt u at all^^)Sorry if i did offend u^^

-AnimeLover^^

Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: drhayden1 on June 06, 2009, 05:06:09 PM
Quote
drhayden1 , this is normal. TF is recognized by the security centre as an AV. There is an option during installation of TF (and subsequently in the program settings) to disable the reporting in the security centre, in order to allay the concerns of folk who (correctly) feel disturbed about the reporting of more than one AV installed
OK Thanks-Reinstalled Threatfire and its not in the Windows Security Center Now ::) ;)
And i thought Threatfire had an Anti-virus so called scan included-all i see is it asks you to install their Free version of their program ::) ???
click on saywhat.jpg and open to view ::) ;D
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 06, 2009, 05:15:04 PM
Detection in Security Center is optional (can be controled from within ThreatFire).

There is still o final 64bit version but they are working on it. Or you can use the beta version. Just contact AChen on PCTools forums for access to ebta section.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Lisandro on June 06, 2009, 05:30:02 PM
ThreatFire is not HIPS.
Sorry, than. Lack of knowledge. Can you tell us a little more (in few words)?

I don't have clue where you got "tons of questions". Because i certanly didn't get any. Maybe one or two tops. Thats far from "many".
Well, if you got no questions at all (as you can set into ThreatFire settings) maybe it's just taking decisions by your own. Not that bad, just you won't see what it is happening.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 06, 2009, 05:37:36 PM
As i said, it's not a HIPS system but a behavior blocker. You can make it work like HIPS by ramping up the settings to Max but with default, it's behavior blocker. And as such it only warns on malicious actions. With version 4.5, they've also included online lookup for black/whitelist for even better protection and less false positives.
Been using and testing this program since the Cyberhawk days and it's really powerful, especially for a free program.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: rdmaloyjr on June 06, 2009, 05:59:56 PM
I don't see the need to burden my system with Threatfire, even if it's lite on resources.

Avast!, WinPatrol & OA keep me safe doing and going anywhere online that I want to go. :)

OA would be overkill over ZA Free except it's lighter than ZA Free. ;)

The big thing is being careful of what you download, Threatfire wont protect from being stupid or ignorant (http://dictionary.reference.com/browse/ignorant). ::)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Hard_ROCKER on June 06, 2009, 06:37:50 PM
Thanks guys, i'm gonna try it out. :)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: bob3160 on June 06, 2009, 07:13:20 PM
ThreatFire 4.1.0.25 is working fine on Windows 7 no conflicts
doesn't show up as an anti virus either .
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Hard_ROCKER on June 06, 2009, 07:22:20 PM
That's good to know Bob, thanks for the info ! ;)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 06, 2009, 08:16:51 PM
ThreatFire shows in Security Center only if you enable it to do so in its settings.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: bob3160 on June 06, 2009, 11:14:43 PM
ThreatFire shows in Security Center only if you enable it to do so in its settings.
ThreatFire shows in Security Center only if you enable it to do so in its settings.
As you'll see from the screen shot, that's not the case in Windows 7.  :)
(http://img.photobucket.com/albums/v190/bob3160/th_ThreatFire.jpg) (http://img.photobucket.com/albums/v190/bob3160/ThreatFire.jpg)
Click image to enlarge
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Lisandro on June 07, 2009, 12:02:56 AM
it's behavior blocker
For instance... what?
Which is suspicious for it?
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 07, 2009, 08:57:20 AM
Okay I've add Threatfire onto his PC.

Here are the list I've put onto his PC and it very light weight.

1. Avast Home Edition free
2. Threatfire free
3. SUPERAntiSpyware Free Edition
4. Malwarebytes' Anti-Malware free
5. SpywareBlaster free
6. Firefox along with NoScript, WOT and Finjan. free
7. CCleaner free
8. Comodo just the firewall the latest free version

And I'll try out threatfire later and thanks for your feedback and your support ;D
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 07, 2009, 10:33:50 AM
ThreatFire shows in Security Center only if you enable it to do so in its settings.
ThreatFire shows in Security Center only if you enable it to do so in its settings.
As you'll see from the screen shot, that's not the case in Windows 7.  :)
(http://img.photobucket.com/albums/v190/bob3160/th_ThreatFire.jpg) (http://img.photobucket.com/albums/v190/bob3160/ThreatFire.jpg)
Click image to enlarge

Windows 7 is still in beta and ThreatFire also doesn't officially support this OS (yet). So i see no problem. That feature works fine in XP and Vista.

it's behavior blocker
For instance... what?
Which is suspicious for it?

Um, malware? I thought you understand the concept of behavior analyzers and blockers.
Behavior blockers track what every program does and if they detect behavior that is common for malware, they prevent it, rollback the changes and alert the user. So if something tries to add itself into system folder, add system entry, starts listening to specific ports and tries contacting IRC server, behavior blocker will most probably jump on it.

The good is that behavior blockers are basically immune to packers and crypters and provide excellent 0-day protection without regular updates. The only downside is that they aren't exactly effective against Fake AV's where you just need signature detection.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Lisandro on June 07, 2009, 11:10:42 AM
Thanks RejZor.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: George Yves on June 07, 2009, 11:33:23 AM
I want to "add a spoon of tar in a jar of honey".

ThreatFire sees two types of threats: unknown (not in its db) and known (already in its db). When TF detects an unknown threat its user can define - either to allow or to deny and quarantine; when it detects a known threat, it quarantines the threat immediately and only inform the user that so and so was detected and quarantined. But what should the user do if any TF's "known threat" appears to be a false positive?

For example, I have ClamWin Portable on USB that I use when on a business trip. Before every trip I update ClamWin's database and I tried to do so after I installed TF. I failed to update the database this time. ThreatFire detected freshclam.exe (the program in ClamWin that updates its db) and immediately quarantined it as a "known threat" - Worm.Win32.AutoRun.ahep.

I went to PortableApps.com forum and read there that freshclam.exe should be put on whitelist. But as I have said - "known threats" can't be allowed in TF. Then I went to PCTool's forum and tried to register there and report this FP - I was prompted that the registration letter was send to my e-mail and my account would be activated after I click on a link in it. Three days have passed and I got no confirmation letter. I tried three different e-mails with the same result - no letters. So now if I want to update ClamWin I should suspend TF.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 07, 2009, 11:55:56 AM
Actually thats not the case anymore for version 4.5. This version is not using signatures anymore, except signatures for behavioral part (so they can update behavior rules on the fly).
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: George Yves on June 07, 2009, 12:23:22 PM
Actually thats not the case anymore for version 4.5. This version is not using signatures anymore, except signatures for behavioral part (so they can update behavior rules on the fly).
And what? Why I can't get the confirmation e-mail? Why I can't freshclam.exe and other FP on their whitelist?
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Tarq57 on June 07, 2009, 12:37:28 PM
I have a slightly different opinion concerning this.
In the event of a FP, most software can be configured to offer the user an option to ignore it.
Not so with the version of TF I use: the options are "quarantine", or "quarantine and notify". That's it. (No option to just "kill the process", or "ask me what to do".
Which makes the FP issue a deal breaker for a lot of would-be users. Has been talked about at length on the PCTools forum, the company appear not open in the slightest to changing the options.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: bob3160 on June 07, 2009, 04:51:40 PM
Actually thats not the case anymore for version 4.5. This version is not using signatures anymore, except signatures for behavioral part (so they can update behavior rules on the fly).
And what? Why I can't get the confirmation e-mail? Why I can't freshclam.exe and other FP on their whitelist?
Try again and this time check your spam folder. Their reply to you is probably in there.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: George Yves on June 07, 2009, 06:25:15 PM
Try again and this time check your spam folder. Their reply to you is probably in there.
I have been checking my e-mail addresses for three days already - no letters from TF forum. I went back to the forum - all my accounts are still awaiting confirmation.

I gave them 3 addresses (one at mail.ru and two at gmail.com) and got 0 responses. Could anybody help me to get in touch with TF forum administration?

==============

Oh, at last! I gave them the fourth address and got the confirmation. But all the three previous mailboxes are still empty.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: RejZoR on June 07, 2009, 07:18:25 PM
They are not exactly active on weekends...
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 08, 2009, 11:00:05 AM
Hi all,

I've decided to install threatfire onto my PC ;) after a while when I was fixing my friend PC.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: Vladimyr on June 08, 2009, 01:43:23 PM
Three days have passed and I got no confirmation letter. I tried three different e-mails with the same result - no letters.


If you're waiting on PC Tools, (rather than ex-Novatix in the US) they won't be back on deck until AM on Tuesday June 9 AEST (GMT+10) due to holiday Monday.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: polonus on June 08, 2009, 01:52:51 PM
Hi SpeedyPC,

In ThreatFire you have various options: allowed, denied, quarantined. If you have something allowed and regret that you can remove that item - those items there. If something was denied, you can restore,

polonus
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: silvertones on June 08, 2009, 02:01:50 PM
They've dropped support for Windows 2000 which I run. Version 4.5 will not work. They refuse to do anything about it.
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 08, 2009, 02:27:16 PM
Hi SpeedyPC,

In ThreatFire you have various options: allowed, denied, quarantined. If you have something allowed and regret that you can remove that item - those items there. If something was denied, you can restore,

polonus

Thanks for the heads up polonus as I'm learning a bit more about threatfire ;)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 08, 2009, 02:37:21 PM
Drhayden1 on that screen shot picture as I can see you are using XP, may I ask what software addon did you used those icons layout at the top of your OS screen cause I like it looks really cool ;D
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: drhayden1 on June 08, 2009, 02:46:04 PM
http://www.filehippo.com/download_rocketdock/
Used it for a long time and like it better than objectdock which some others use :)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: SpeedyPC on June 08, 2009, 02:56:41 PM
http://www.filehippo.com/download_rocketdock/
Used it for a long time and like it better than objectdock which some others use :)

Thanks buddy ;)
Title: Re: Has anybody used ThreatFire v4.5.0.17 the latest
Post by: dell boy on June 08, 2009, 04:58:45 PM
used for a long time, great tool alongside avast, dont know where this "many" popups come from, ive never had ONE on my laptop, however when i put it on my mums computer when cleaning it popped up few times for LEGITIMATE reasons and was blocking actual malware, and thankfully it saved got rid of a keylogger, the result was similar to what that guy said about tfimon except this time it was real.
i recommend it fully, has handy rootkit scanner and process viewer and other stuff.
to be honest i forget its there unless i see it in task manager