Problems with ThreatFire - "Fireball for ThreatFire"

Status
Not open for further replies.
LaserWraith

LaserWraith

Level 1
Thread author
Feb 24, 2011
497
Fireball for ThreatFire

ThreatFire is behavior-based threat detection system from PC Tools. At least this claimed.

I paid attention on it only because of numerous bugs and incompatibilities it produces with any third party software (especially antirootkits).
And I was looking for a key to solve this. Like in case of AV products co-exists so-called Fake AV - mostly scareware, so obviously some sort of this must exists and in HIPS part.
ThreatFire is perfect example of FakeHIPS. And not only.
Click to expand...

Continue reading (Recommended)


Screenshot in case the post is changed or removed: http://tinypic.com/m/e7xgna/1
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
Yes, i saw that article (was posted on rM too). Without the info on how it should be done the post looks like a rant against all HIPS products. The author seems to disprove the fact that they need to inject their own custom monitoring DLL into all running processes which potentially may affect overall system performance and stability. Nevertheless, he also created a tool that can bypass TF's protection and disable TF completely. So all that hooking, aside from affecting system performance, seems to be inefficient in the case of ThreatFire.

He also mentions that the insability of TF determined him to start this experiment.

I used TF some time ago and in my own experience it was a bit buggy. After a long time they've released a new version (4.7.0.48) but when I installed it it proved to be incompatible with sandboxie. I reported this to sandboxie and tzuk said that it will be fixed in 3.53.01. Currently the 3.53 version of sandboxie is in beta. At that time I wasn't able to register on TF-s forum to report this problem (the registration email never got to me)

Note that a tool created especially to kill a security app has nothing to do with real malware.

On the same forum they posted a tool that can bypass PrevX self protection.
 
LaserWraith

LaserWraith

Level 1
Thread author
Feb 24, 2011
497
I once tried TF and it bogged my PC down. And...it didn't really help me much. Defense+ worked much better. :)
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
TF as behavior blocker might be easier to use, but Comodo made HIPS much more usable with D+ and the auto-sandbox. Still a pop-up with Allow/Deny that displays just once for an application is easier.
 
Status
Not open for further replies.

Similar threads

Trident
    • +Reputation
    • Thanks
New Update Announcing End of Life for Kaspersky Engine in Harmony Endpoint
Replies
14
Views
1,244
Other security for Windows, Mac, Linux
Trident
Trident
vtqhtr413
    • Like
Crypto Opinions & News How cybercriminals launder dirty crypto
Replies
9
Views
918
Crypto News
Zero Knowledge
Z
CyberTech
    • +Reputation
    • Like
Malware News PSA: Watch out for these fake Safari and Chrome updates infecting Macs with AMOS
Replies
0
Views
1,281
Security News
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top