ThreatFire Level 5

[Gnosis]

I am really pleased with Threatfire. I use it to complement Sandboxie, as a few of you already know. I always keep it at Level 5 since I do not use any other realtime protection such as Avira, Avast, AVG, Norton, Kaspersky, etc.

Threatfire at level 5 is a whole other animal than it is at level 3. Novice users might prefer level 2 or 3 when running it along side a real time AV. I like level 5 because it is not only an aggressive behavior blocker, but it acts like a software firewall as well. When Windows updates XP, I know about each little behind-the-scenes activity. It is no different when Dr. Web wants to extract scan statistics from my usage of their product; Threatfire informs me of PUP(s) and then is capable of blocking that action. I feel like anything that runs in the background will be exposed with Threatfire AV at level 5. That is the piece of mind that I pursue incessantly, yet not obsessively.

 

[madyrocksin]

how is it different from Paranoid mode in HIPS ???

 

[Tom172]

Level 5 would drive me up the wall. Security for me is a balancing act of staying protected yet not being intruded by alerts and warnings 24/7.

 

[Gnosis]

Level 5 would drive me up the wall. Security for me is a balancing act of staying protected yet not being intruded by alerts and warnings 24/7.

I could not agree with you more, Tom, but I must say that as you learn what is safe and "whitelist" it, you will never know TF AV is there unless a real threat is present and causing malicious symptoms that alert TF's behavior blocker, or a legit program that you just added to your PC needs to be white listed. It is not a whole lot different than setting up a software firewall, and you get the behavior blocker as well.

Most tests of TF AV are done at default level 3. If it was tested against malware behavior at level 5, it would be a whole other ballgame altogether.

how is it different from Paranoid mode in HIPS ???

As I understand it TF AV is a behavior blocker, not a host intrusion prevention system (HIPS)--not technically anyway, but I guess for slang you could accurately call it a host intrusion detection system (HIDS).

 

[madyrocksin]

ohk thanks

 

[D Bone]

Is Threatfire still being developed? I didn't think it was.

 

[MrXidus]

Is Threatfire still being developed? I didn't think it was.

I've heard many things such as Symantec taking the power behind ThreatFire and incorporating it into Norton and most of PCTools staff are now working for Symantec.

With Symantecs intervention, ThreatFire seems dead. Also, That same webpage design has been there since 2008. http://www.threatfire.com/

 

[D Bone]

As much as Windows has changed since the last TF update, I would say it has to be lacking something, somewhere.

 

[Gnosis]

D Bone Wrote: Is Threatfire still being developed? I didn't think it was.


I've heard many things such as Symantec taking the power behind ThreatFire and incorporating it into Norton and most of PCTools staff are now working for Symantec.

With Symantecs intervention, ThreatFire seems dead. Also, That same webpage design has been there since 2008. http://www.threatfire.com/

As much as Windows has changed since the last TF update, I would say it has to be lacking something, somewhere.

I am glad you all touched on this. I can say that I get new updates most days, so someone is supporting it. Everyone thinks it is dead because "Threatfire" looks to be abandoned. But you must search "Threatfire AV". If you search most software sites with that you will see that it is indeed up to date.

It is important for me to remind everyone that PC Tools does not endorse the way I use Threatfire AV as a stand alone. They actually promote it to be used along side your AV, whether it be Avira, Avast, AVG, Kaspersky, or Norton.



Notice the version number for 2008 on the left side of the page at this link: http://www.threatfire.com/

Then look at the version number here: http://www.pcworld.com/downloads/file/fid,64144-page,1-c,antivirus/description.html

And then here: http://download.cnet.com/1770-20_4-0.html?query=threatfire&platforms=Windows&tag=srch&searchtype=downloads&filterName=platform%3DWindows&filter=platform%3DWindows

It may not be a high profile program that PC Tools or Symatec makes a big fuss about when they improve or update it, but someone is giving me fresh updates, and new versions have been released over the last few or four years.

I like Threatfire most of all because when the super rootkits and viruses that Iran, the US, and others are developing get out into the wild, I will not be relying solely on signature based products that will fail miserably during that scenario. There is something about a behavior blocker that is more and more appealing every day in this brave new world of ours.

 

[Deleted member 178]

what about the resources usage, CPU & RAM working set?

TF was reputed to be a resource-hog.

 

[Gnosis]

what about the resources usage, CPU & RAM working set?

TF was reputed to be a resource-hog.

Not at all, in my experience. One of the reasons I have liked it is because it never makes anything hang or slows anything down. It is the quietest and most efficient real time security I have ever witnessed.

 

[Deleted member 178]

Could we have a screenshot?

 

[Gnosis]

 

[Gnosis]

 

[Gnosis]

 

[Gnosis]

The program size is 19.16 MB.

 

[Plexx]

The program size is 19.16 MB.

Out of curiosity, how much did you tweak the services and OS?

 

[Gnosis]

Out of curiosity, how much did you tweak the services and OS?

Threatfire is the only thing that I allow to be in the startup folder via msconfig.

The following are the only services I have running according to msconfig: Windows audio, background intelligence transfer service, CryptSvc, DCOM server process launcher, DHCP Client, DNS Client, event log, COM + Event system, HID input service, IMAPI cd burning, server, Mozilla maintenance, Windows installer, Plug and Play, remote procedure call (both), Security accounts, Sandboxie, Task scheduler, system event notification, SHELL hardware detection, System Restore, terminal services, windows time, themes, Windows management instrumentation, automatic updates, USB 300, Wireless zero.

Other than that I have done a couple mods in the registry; one to force all programs shut when I click "shutdown" or "restart", and another to adjust page fault settings for quicker shutdown and startup. I have also terminated "error reporting" except in the event of a catastrophic OS failure, or crash.

My system takes about 35 seconds from powered off to internet access. That is not bad for this old thing.

 

[Gnosis]

I just installed a database update for TF. I usually get updates every day, but this is the first in a few days.

 

[D Bone]

I've never used TF, so when you say that you installed a database, is it like a typical AV where you hit update, or do you have to go to the website and download and install the updates?

Also, I went to the TF website and the download is described as:

ThreatFire Version Information

Current Version: 4.7.0
File Size: 8.59 MB
Release Date: November 25, 2009
Operating System: Windows® 7, Vista™, XP, and 2003

November 2009 was a long time ago!