topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 10:25 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: ThreatFire - aka Cyberhawk - free behavioural blocking  (Read 14298 times)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
ThreatFire - aka Cyberhawk - free behavioural blocking
« on: November 19, 2007, 07:53 AM »
Cybernetnews found another great app: ThreatFire. Free version available.
ThreatFire is dramatically different to traditional antivirus software. Normal antivirus products usually need to have first identified and seen a threat before they can provide adequate protection against it. The protection is then provided via a signature or fingerprint update, which must first be written by an antivirus researcher. This creates a large window of time where threats are undetected and can therefore infect your PC even when you have antivirus software installed.



2007-11-19_135106.png



from Cybernetnews.com

Installed it on two pcs, two scans found 2 hidden xml files in my temporary internet files which naturally shouldn’t be there - otherwise they came out clear. Am impressed with it not having any noticeable effect on performance on me, desktop search has a lot bigger slowdown then this. So even though I’m not running any realtime anti-spyware app, i now keep this running.

This kind of application can be useful to run in addtion to regular defenses as it blocks in behaviour not on definitions meaning it can block suspected activity without knowing what's causing it. You can also set your own rules if you care to get creative blocking certain processes for your own reasons.
« Last Edit: November 19, 2007, 07:56 AM by justice »

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #2 on: November 19, 2007, 11:42 AM »
It seems to be a nice complement to NOD32 or Eset Security Suite, which do not do behavioral monitoring. But... GAAA! It finds nothing on my systems :) Nothing finds anything on my systems, ever! How can I know what good an AV, antispyware, rootkit detection solution is if nothing is ever detected? I get false positives at best (Avira Antivir is great at findng false positives.)

Actually there's a serious note to that, because it seems to me that my simple (but persistent :) common sense is sufficient to protect me, and now with a NAT router with a built-in firewall I need not burden my machines with any additional protection. The only reason I still use a firewall is for egress protection. Plenty of install packages these days, usually built on InstallShield, try to make an outbound connection immediately on launch, and I take great pleasure in blocking them. Other than that, I must be living under a bubble, even viruses don't want my company :)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #3 on: December 04, 2007, 07:06 AM »
I still use this btw both on my work and home pc. I got a few suspicious reports - download managers logging keystrokes! - and one application incompatibility (linotype fontexplorer beta can't access the system font folder if Threatfire is not suspended -- but they're fixing that for next release after my report). I don't notice it running at all in terms of resources and it's a good complement to my antivir.

Lusher

  • Participant
  • Joined in 2007
  • *
  • default avatar
  • Posts: 46
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #4 on: December 23, 2007, 06:24 AM »
This is one of my current favourites. Have being using it back when it was cyberhawk in late 05, early 06.

I highly recommend it.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #5 on: July 03, 2008, 02:46 AM »
I'm giving up on threatfire
-
over the last few months it has on a number of occasions seized up when giving a warning notice (usually when I'm installing something)
The warning box often doesnt display properly, not showing the options (allow, quarantine, - from memory)
Yesterday it did show properly but when I clicked allow I got no response

Unfortunately the proplem then is that you cant actually kill the programme, not using process explorer at any rate and the only solution seems to be the restart button, which also didnt work properly yesterday so I had to pull the plug on everything & start again
Not nice to have to do that

ironically they have a survey on their website which I tried to do twice over that time adding a note about this problem
Both times the site froze when I finished survey but before it eh went through ...
They may have a forum or maybe I'll email them, but I'm not going to risk actually using it any more :(
Tom

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #6 on: July 03, 2008, 04:05 AM »
I'm not been using it for 6 months now as it just needed some polish in the way it blocked things, sorry to see you've had the same experience. It will always be hard though with the amount of exceptions to its rules i guess.

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,566
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #7 on: July 03, 2008, 04:38 AM »
For half a year I was running ThreatFire, but in the end I (too) removed it
as tranglos said, common sense is sufficient...


- need of course to point out that I am running NOD32 and Outpost Pro
and that I have stopped downloading from 'wherever' - only from trusted sites.

Grorgy

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 821
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #8 on: October 30, 2008, 07:52 PM »
Necromancer warning lol, but threatfire have released a new version, V4, released just very recently.  They claim to have fixed many problems with it. http://www.threatfire.com/updates/ 

I have always liked the idea of threatfire but found in the past that it interfered with bootup and seemed to slow things down a lot and I would remove it, this version, while only a few hours old on my laptop seems to be behaving much better.  Claims of reduced annoyances are yet to be seen bit so far so good.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #9 on: October 31, 2008, 05:53 AM »
Excellent. Will give it a try again.

biox

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 74
    • View Profile
    • Donate to Member
Re: ThreatFire - aka Cyberhawk - free behavioural blocking
« Reply #10 on: December 15, 2008, 08:34 PM »
Necromancer warning lol, but threatfire have released a new version, V4, released just very recently.  They claim to have fixed many problems with it. http://www.threatfire.com/updates/ 

I have always liked the idea of threatfire but found in the past that it interfered with bootup and seemed to slow things down a lot and I would remove it, this version, while only a few hours old on my laptop seems to be behaving much better.  Claims of reduced annoyances are yet to be seen bit so far so good.
I've tried v.4 and even desperately tried to make it work. It seems like the 'old' problem with AVG Pro hasn't been resolved. It was previously said that when Threatfire is added to the exception list of AVG it will work but for some reason the whole system still freezes on boot up at times. TF keeps showing 'initializing' and nothing but a hard shut down will help.

I've tried it on 3 computers with different set ups except for AVG is on all of them. Now I'm not so sure any more who the culprit is as AVG has given me quite a few false positives lately including FARR being a nasty trojan :o 

The firewall doesn't seem to be the problem. That's the only thing I'm pretty sure about.
Tried with:
Comodo FW, Webroot FW, Zonealarm FW, my AVG license expires in January. I might give it another try then.