ThreatFire Level 5

[Aventador]

I wouldn't feel safe using a product which has not had a new version release in almost 2 years. Do you drink expired milk?

 

[KelvinW4]

I think you are still pretty safe behind threatfire and sandboxie. Sandboxie has only rarely been exploited and is going through constant improvement and fixes and threatfire and detect some executions and network connections. It is almost like a HIPS at level 5.

 

[Gnosis]

I think I am pretty safe too. I know my config is controversial, but I feel safer with TF and Sandboxie than I have with any traditional realtime AV, or other realtime security.

Aventador has some constructive criticisms regarding my security set up. I wish someone would do a thorough test of Threatfire (SET TO LEVEL 5) against some popular nasties so we can clear this up.

 

[Aventador]

ZOU your missing the point. Threatfire is NOT a standalone antivirus solution. Never has and never was. It is a behavior blocker used to compliment your real time antivirus. The data base gets updated for on demand scanning only. No real time protection. Look over at Wilders, one of the top security forums and see if you find a member using it. You wont cause they know its not currently being developed. For a more FREE secure solution install CIS.

 

[Gnosis]

Threatfire is NOT a standalone antivirus solution. Never has and never was. It is a behavior blocker used to compliment your real time antivirus

I agree 100%. That is why I use Sandboxie in tandem.


If I had any desire to change I would install Avira, with Comodo's firewall, but I like what I have right now.

 

[Aventador]

Ok but what means of knowing if s file is clean or not do you have? None. What if you remove a fie from the sandbox which is infected? Your SOL. Sandboxie is not bullet proof unless it's properly configured. There are guides which can help you. Let me find some. Mainly on Wilders.

 

[KelvinW4]

He can always upload the file to virustotal or scan it with hitman pro, malwarebytes, and other on domand scanners. If it breaks out the threatfire has a good chance it will catch it running on lv 5

 

[Gnosis]

He can always upload the file to virustotal or scan it with hitman pro, malwarebytes, and other on domand scanners. If it breaks out the threatfire has a good chance it will catch it running on lv 5

Exactly. HitMan Pro is what I run most of the time (nearly every day). You are truly "on top in minutes".

 

[KelvinW4]

Yes that is what some people use in wilders forums. Just plain sandboxie and OD scanners. Threatfire is just really a plus/

 

[Gnosis]

I watched a couple of TF reviews on YouTube that were done less than a year ago. Both tests had it at level 3. It still did pretty good on one review. It did much better on the second review I watched.

I would really like to see a review of TF set to level 5. I only saw one review of it at level 4 and the guy running the test complained and knocked it back down to level 3 because he did not white list killswitch and a couple of other apps.

If someone does test it, set it to level 5 and white list anything other program that will be running along side TF for intelligence gathering purposes; such as, Process Hacker, or Killswitch. I think you will be surprised at what it prevents. At least 20 malicious links should give us a good idea.

I know that if winsevenholic would have set TF to Level 5 instead of leaving it at default level 3, it would have caught everything, or at least all but one:

 

[Gnosis]

I honestly don't know why anyone bothered testing TF if they cannot have sense enough to set it to level 5. I understand that level III is sufficient for people that run a traditional AV along side it, but.................When set at level 5, it is not more tedious than training a solid software firewall. Then you have all your legit programs white listed, and as a result, you have a wicked behavior blocker that is no longer tedious.

Another dunderhead: http://www.youtube.com/watch?v=8FzX_8O1mT4

 

[Gnosis]

Do you drink expired milk?

No. However, I do drink non-pasteurized milk.

 

[KelvinW4]

I can do a LV5 test soon when I have time.

 

[Gnosis]

I can do a LV5 test soon when I have time.

Excellent. If you find the time to make that happen, I would be extremely interested.

 

[Gnosis]

Just to give you an example of how sensitive level 5 is, I have whitelisted well over 100 items for TF.

 

[KelvinW4]

Sorry for terrible quality. I was in a rush that time. And the lagg at the end. Slow laptop :dodgy:
http://www.youtube.com/watch?v=fo1ZuMF1XtE&feature=plcp

 

[Gnosis]

Excellent. Thank you. I am going to watch it later, soon as I get some yard work done.

 

[KelvinW4]

Any recommendations on how I can improve on my testing?

 

[Gnosis]

Any recommendations on how I can improve on my testing?

You did the best silent review I have ever seen. It was a little slow, but happened to be the perfect pace to really soak in the review. The only thing that I would have done differently is to perform an on-demand scan with TF at the end, to see if the other two malwares that realtime missed could be detected and removed. Other than that, you did an excellent job. You might add some snappy European techno trance sound to the reviews.

Overall, I thought it did a heck of a job for being allegedly dead, or at least unofficially dead. That is the beauty of a good behavior blocker over signature based detection and is exactly why TF is recommended to complement your realtime AV or sandbox.

Thanks so much for taking the time to do a review for us.

 

[KelvinW4]

Yes threatfire did better than I expected. I was going to do a threatfire scan and malwarebytes scan but it was late and tomorrow was school so I just did a quick hitman pro scan. Thanks for watching.