Threatfire????

[polonus]

Hi folks,

I am not beta testing this at the mo, so ask those that do. Waiting for the avast fw, until that is being brought in I will stay with Comodo fw and Comodo BoClean together with RUBotted that will do for me for now.
More and more every av vendor is moving towards the all-in-ones, just got a message that Comodo is going into Trusted Sites etc. Everybody is doing that. I would not like to put my eggs just all in one basket, I learned my lesson well where Symantec's over bloated monstrum was concerned. They just do not cover all of the malware theater, too many blind angles,

pol

[drhayden1]

Ask this question in Beta.
Maybe you are asking where the GUI section of the AS is?  There isn't any, it's all in on

just did-thanks
http://forum.avast.com/index.php?topic=33647.0

[Lusher]

But, about your problem, I never even though ThreatFire as being an antivirus, but if this is the case, it explains the conflicts with avast and other programs.

I found that there is this misconception that conflicts occur mainly because they are products of the same software class (e.g. between two antiviruses, between two firewalls etc) and that everything is fine if you use security software that you consider functionally different or that "doesn't overlap".

The theoretical problem with this idea is that as one becomes more aware of security software differences, and becomes better at distinguishing security software functions, one starts to think one can combine more and more. which makes very little sense if you think about it.

For example if all you had was a vague idea about "HIPS", you would just use one. Then you read maybe that castlecops page about "different class of security software", and you start using sandboxes and behavior blockers... Then someone tells you behavior blockers actually comes in 2 types... and you use them both because they are in "different class" and hence there is no overlap and hence no conflict...

The practical problem is this.

My own experience testing is that the possibility of conflicts between security software is very high even if they are supposedly of different types. A firewall can and does easily lead to negative interactions with antiviruses for example despite the fact that one is a firewall and one antivirus.

And by negative interaction I don't just mean blue screen errors, because these at least are easy to figure out. By that i mean they were fail to stop whatever they normally would if they were run individually.

The problem is even worse with hips-type software like threatfire, online armor, sandboxes etc etc

I have tested the following combos,

Comodo pro firewall 3 + threatfire
Online armor free +Threatfire

A lot of people are running these 2 combos because these are free products and by reading the descriptions you can make a case that they cover different areas. For example threatfire is a "smart behavior blocker" while OA and comodo's defense+ are "classical hips".

A simple test finds that running both combos results in a system where neither is able to block certain keylogger techniques. On the other hand, running any one of them alone will give you better results against keyloggers!!

In other words, adding more reduces your defenses! The user will never know since there is no error message, no crash etc.

And this is just one simple test. How many other negative interactions are there that one never notices?

I would add that many people are running even more by adding sandboxes.

Combos like

Comodo pro firewall 3 +Geswall + threatfire + antivirus  or
online armor + sandboxie+antivirus etc

are not uncommon, because "they don't overlap"

[rdmaloyjr]

Lusher,

I agree.

I use a minimum number of security applications that cover all the bases and "play well with each other".

If avast! 4.8 turns out to be as good or better than Spyware Terminator, I will remove ST on my laptop & turn off the antispyware module in ZAAS on my desktop, further minimizing my setup.

When the avast! Personal Firewall is ready I will replace ZA on both machines.   When the one year "patch Tuesday" free subscription to ZAAS expires I will need to replace it with aPF anyway, hopefully sooner.

[Lusher]

If avast! 4.8 turns out to be as good or better than Spyware Terminator, I will remove ST on my laptop & turn off the antispyware module in ZAAS on my desktop, further minimizing my setup.

When the avast! Personal Firewall is ready I will replace ZA on both machines. 

Another point that is often overlooked is this. Many people will tell you they will never use "suites" (or products will the same company). The rational given is that because it is from the same source, chances are they have similar weaknesses so if one fails, the others will fail as well. So people combine "the best of the breed" , AV from one company, firewall from another, sandbox from another etc...

This is not without merit, however, one of the main advantages of using products from the same company is that chances of negative interactions are less (less not none-existent, i can think of counterexamples).

While it is true that many HIPS vendors make an effort to ensure compatibility (because their products are complements), much of this is ad-hoc based on reporting by users.

[rdmaloyjr]

If avast! 4.8 turns out to be as good or better than Spyware Terminator, I will remove ST on my laptop & turn off the antispyware module in ZAAS on my desktop, further minimizing my setup.

When the avast! Personal Firewall is ready I will replace ZA on both machines. 

Another point that is often overlooked is this. Many people will tell you they will never use "suites" (or products will the same company). The rational given is that because it is from the same source, chances are they have similar weaknesses so if one fails, the others will fail as well. So people combine "the best of the breed" , AV from one company, firewall from another, sandbox from another etc...

This is not without merit, however, one of the main advantages of using products from the same company is that chances of negative interactions are less (less not none-existent, i can think of counterexamples).

While it is true that many HIPS vendors make an effort to ensure compatibility (because their products are complements), much of this is ad-hoc based on reporting by users.

I really prefer all my security programs are from different sources because if an attack on my computer is successful in knocking out a security program, it might not work on the others because of them being from other sources they will be too different for the same attack to afflict them.

If I do go all the way with avast! products, Opera, SpywareBlaster & WinPatrol are still from different sources.   Maybe I'll add a HIPS for my paranoia.

[Lusher]

If I do go all the way with avast! products, Opera, SpywareBlaster & WinPatrol are still from different sources.   Maybe I'll add a HIPS for my paranoia.

Well I would say winpatrol already counts as HIPS to some degree..

[bob3160]

Well I would say winpatrol already counts as HIPS to some degree..

IPS is probably a better description of Winpatrol. 

[polonus]

 Hi malware fighters,

I think the discussion is becoming rather interesting here, because of what the actual user wants to avoid, and also what the actual user likes to achieve. And let us not start from the wrong end here. I have a certain anti malware cocktail of proggies on my box, and it works in so far that I have only seen a couple of FP's and some tracking cookies over the last couple of years. First and foremost establish what are the dangers or malware vectors that you want to have protection against. We know that 99% of malware is directed against the Windows platform, that script and trust are the main endangering features to compromise a Windows platform, so we want to take prevention against these dangers through safe practices and using just a normal set of brains (certain activities can be harmful to our OS and we know it - pr0n P2P pIr4t3-sites). For the rest of the 10% that still can/could harm us we want defenses that will cover this range as widely as possible, so to see to optimally close the vulnerability gap. What is the best formula there, I think is a question of experience (I am not going back to Norton's bloatware)  and personal bias (I have this particular guru's word for it, so I use), or just simply the craze of the day (the landscape changes as fashion does),

polonus

[Lisandro]

I have a certain anti malware cocktail of proggies on my box, and it works in so far that I have only seen a couple of FP's and some tracking cookies over the last couple of years.

I think your safe browsing is the most important thing in this cocktail. You browse safely...

What is the best formula there, I think is a question of experience (I am not going back to Norton's bloatware)  and personal bias (I have this particular guru's word for it, so I use), or just simply the craze of the day (the landscape changes as fashion does),

Norton bloatware is not a formula and it's very far from anything best here...

[Lusher]

Well I would say winpatrol already counts as HIPS to some degree..

IPS is probably a better description of Winpatrol. 

Assuming one can even agree on what IPS means.