Problems with ThreatFire - "Fireball for ThreatFire"

Status
Not open for further replies.

LaserWraith

Level 1
Thread author
Feb 24, 2011
497
Fireball for ThreatFire

ThreatFire is behavior-based threat detection system from PC Tools. At least this claimed.

I paid attention on it only because of numerous bugs and incompatibilities it produces with any third party software (especially antirootkits).
And I was looking for a key to solve this. Like in case of AV products co-exists so-called Fake AV - mostly scareware, so obviously some sort of this must exists and in HIPS part.
ThreatFire is perfect example of FakeHIPS. And not only.

Continue reading (Recommended)


Screenshot in case the post is changed or removed: http://tinypic.com/m/e7xgna/1
 

bogdan

Level 1
Jan 7, 2011
1,362
Yes, i saw that article (was posted on rM too). Without the info on how it should be done the post looks like a rant against all HIPS products. The author seems to disprove the fact that they need to inject their own custom monitoring DLL into all running processes which potentially may affect overall system performance and stability. Nevertheless, he also created a tool that can bypass TF's protection and disable TF completely. So all that hooking, aside from affecting system performance, seems to be inefficient in the case of ThreatFire.

He also mentions that the insability of TF determined him to start this experiment.

I used TF some time ago and in my own experience it was a bit buggy. After a long time they've released a new version (4.7.0.48) but when I installed it it proved to be incompatible with sandboxie. I reported this to sandboxie and tzuk said that it will be fixed in 3.53.01. Currently the 3.53 version of sandboxie is in beta. At that time I wasn't able to register on TF-s forum to report this problem (the registration email never got to me)

Note that a tool created especially to kill a security app has nothing to do with real malware.

On the same forum they posted a tool that can bypass PrevX self protection.
 

LaserWraith

Level 1
Thread author
Feb 24, 2011
497
I once tried TF and it bogged my PC down. And...it didn't really help me much. Defense+ worked much better. :)
 

bogdan

Level 1
Jan 7, 2011
1,362
TF as behavior blocker might be easier to use, but Comodo made HIPS much more usable with D+ and the auto-sandbox. Still a pop-up with Allow/Deny that displays just once for an application is easier.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top