Main Area and Open Discussion > General Software Discussion

ThreatFire - aka Cyberhawk - free behavioural blocking

(1/3) > >>

justice:
Cybernetnews found another great app: ThreatFire. Free version available.
ThreatFire is dramatically different to traditional antivirus software. Normal antivirus products usually need to have first identified and seen a threat before they can provide adequate protection against it. The protection is then provided via a signature or fingerprint update, which must first be written by an antivirus researcher. This creates a large window of time where threats are undetected and can therefore infect your PC even when you have antivirus software installed.

--- End quote ---






from Cybernetnews.com

Installed it on two pcs, two scans found 2 hidden xml files in my temporary internet files which naturally shouldn’t be there - otherwise they came out clear. Am impressed with it not having any noticeable effect on performance on me, desktop search has a lot bigger slowdown then this. So even though I’m not running any realtime anti-spyware app, i now keep this running.

This kind of application can be useful to run in addtion to regular defenses as it blocks in behaviour not on definitions meaning it can block suspected activity without knowing what's causing it. You can also set your own rules if you care to get creative blocking certain processes for your own reasons.

PhilB66:
Pctools bought Cyberhawk and renamed it Threatfire.

tranglos:
It seems to be a nice complement to NOD32 or Eset Security Suite, which do not do behavioral monitoring. But... GAAA! It finds nothing on my systems :) Nothing finds anything on my systems, ever! How can I know what good an AV, antispyware, rootkit detection solution is if nothing is ever detected? I get false positives at best (Avira Antivir is great at findng false positives.)

Actually there's a serious note to that, because it seems to me that my simple (but persistent :) common sense is sufficient to protect me, and now with a NAT router with a built-in firewall I need not burden my machines with any additional protection. The only reason I still use a firewall is for egress protection. Plenty of install packages these days, usually built on InstallShield, try to make an outbound connection immediately on launch, and I take great pleasure in blocking them. Other than that, I must be living under a bubble, even viruses don't want my company :)

justice:
I still use this btw both on my work and home pc. I got a few suspicious reports - download managers logging keystrokes! - and one application incompatibility (linotype fontexplorer beta can't access the system font folder if Threatfire is not suspended -- but they're fixing that for next release after my report). I don't notice it running at all in terms of resources and it's a good complement to my antivir.

Lusher:
This is one of my current favourites. Have being using it back when it was cyberhawk in late 05, early 06.

I highly recommend it.

Navigation

[0] Message Index

[#] Next page