Author Topic: Any Recommended Changes to the Security Programs I Use?  (Read 13125 times)

0 Members and 1 Guest are viewing this topic.

BRANDONN2008

  • Guest
Re: Any Recommended Changes to the Security Programs I Use?
« Reply #30 on: April 11, 2010, 07:24:52 AM »
Interesting, I installed Immunet, and it detects Threatfire is running fine.

Offline sg09

  • Full Member
  • ***
  • Posts: 175
    • Current Technology Discounts
Re: Any Recommended Changes to the Security Programs I Use?
« Reply #31 on: April 11, 2010, 07:59:01 AM »
@brandonn2010: Matousec's test is reliable in my opinion. You tell if it is biased why will it rate PC Tools Firewall 100% whereas both are from the same developer? If you want you can test CLT with PC Tools Firewall and Threatfire separately.
btw, I have seen that Immunet detects Threatfire in your computer, do you have Avast in it? Immunet detects Threatfire above Avast!!!
Anyone who knows how to loose can certainly learn how to win.

BRANDONN2008

  • Guest
Re: Any Recommended Changes to the Security Programs I Use?
« Reply #32 on: April 11, 2010, 08:57:56 AM »
Well I just think it's weird that so many people trust Threatfire and other sites review it greatly, but it gets a 5% by Matousec.

Also, as far as I can tell, Immunet only show Threatfire, which I don't think is as good as Avast!  :)

It seems to have a pretty small memory footprint (11mb RAM idling). It also has a simple UI, and almost seems like a HIPS, since it has an option to monitor application install and start.
« Last Edit: April 11, 2010, 09:00:03 AM by brandonn2010 »

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Any Recommended Changes to the Security Programs I Use?
« Reply #33 on: April 11, 2010, 10:03:23 AM »
Brandon, I think you're getting your applications slightly mixed up, which is not surprising, as some of the ones you are looking at have some overlaps in function.
They have different ways of achieving their protection.
First, Threatfire is not a firewall. It is primarily a behaviour blocker. This will monitor your system and alert to changes something might be attempting which are deemed unusual, and therefore, suspicious.
The version I'm using does not have AV built in, I think there was an AV component with at least one of the versions. It does make reference to the AV definitions to identify/confirm a known malicious process. It is closer to a HIPS than a firewall or an AV.

PCTools firewall (any firewall, in fact) at its basic level prevents unsolicited and unknown items entering the computer via any web -facing application. It also prevents unknown processes from connecting outbound until the user allows it. (Windows firewall does not have this outbound control.) It is essential to have a firewall present in your setup, and preferably one that can control outbound. PCTools (and a few others, such as Comodo with D+ and OnlineArmour) also have a HIPS-like component, which is where some overlap may occur with programs like Threatfire.

That said, I regularly get alerts from both programs when installing or updating certain software (mainly stuff that replaces system drivers and the like), but they do not alert to the same process at the same time. One might alert to the fact that something is trying to access system32 in a suspicious manner, while the other says nothing. Then the other might say "XXX is trying to use YYY to connect to the internet in a suspicious manner..." etc. So although there is some overlap, they are guarding different things.

Programs that rely on definitions such as Avast, Panda Immunet Protect etc are more like traditional AV programs, and will scan files as they arrive from the web for malicious content. Some of these also have a HIPS-like aspect, which is another way of saying heuristics. (There are a few different ways of creating heuristics. I don't know that much about it. Some run the file in a virtual environment to ascertain what it will likely attempt, some analyse the file structure to ascertain likely behaviour, there are different methods. FP rate is likely to be higher with something detected heuristically; it's nothing more than a good guess. Sometimes very good.)

So you're trying to compare oranges with apples, or cabbages, when trying to see how TF compares with other programs as tested by Matousec. So don't worry too much about that 5% rating. I haven't read the test, haven't been to the site for a while, actually, but I believe he would have been testing it against a a set of criteria it wasn't designed for. It's good at what it does. It wasn't designed to pass leaktests, though.

Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Any Recommended Changes to the Security Programs I Use?
« Reply #34 on: April 11, 2010, 10:45:38 AM »
Is ThreatFire similar to behavioral shield in Avast?

BRANDONN2008

  • Guest
Re: Any Recommended Changes to the Security Programs I Use?
« Reply #35 on: April 11, 2010, 11:36:09 AM »
@Tarq57, I did know Threatfire wasn't a firewall, just that both were tested by Matousec.

@Chris, they do seem similar since both monitor behaviors of programs. Does anyone know if behavior shield is working yet? Mine's still flat-lining.

Offline sg09

  • Full Member
  • ***
  • Posts: 175
    • Current Technology Discounts
Re: Any Recommended Changes to the Security Programs I Use?
« Reply #36 on: April 11, 2010, 12:01:33 PM »
@Tarq57: You are absolutely right... :)
Anyone who knows how to loose can certainly learn how to win.