So here’s the question.
If 52 percent of the nearly 40,000 samples of new viruses, worms, Trojans and other types of Internet threats identified every day, only last 24 hours, how do security applications that rely on a definition database to identify malware files (most anti-malware applications), keep up with this onslaught?
The simple answer is; they don’t.
The relentless evolution of these increasingly more powerful, and destructive attacks, against computer systems, has disclosed a gaping hole; a vulnerability to zero-day threats in many users’ Internet security defenses.
Zero-day threats are those that are defined as malware that has been written and distributed to take advantage of system vulnerabilities, before security developers can create, and release, counter measures.
So where does this leave you?
Without tools that will identify and eliminate these malware threats, you run the risk of infection by these constantly evolving zero day security risks to our computers, and operating systems.
One such free, powerful tool, reviewed here previously, is ThreatFire from PC Tools – the developers of the highly regarded PC Tools Internet Security 2010, which blocks malware (including zero-day threats) by analyzing program behavior (if it looks like a crook, and acts like a crook, it’s probably a crook), instead of relying only on a signature based database.
ThreatFire works together with your signature based security applications, to increase the effectiveness of your total security arsenal.
When ThreatFire detects a behavior based threat, it goes into analysis overdrive by comparing the threat against its signature database; those threats that are recognized by the database are quarantined immediately.
Unrecognized threats, or unrecognized behaviors, are assigned a calculated risk level (set by the user), at which point the user has the option of confirming, or blocking, the action.
A good example of the effectiveness of this application was made clear to me, recently, while I was checking all of the ports on my home Windows machine. ThreatFire immediately advised me that the Port Checker was attempting to send email from port 25.
Of course it actually wasn’t, it was simply opening it for testing purposes. But if this port was being opened, and was being used by malware, ThreatFire would have identified this danger by its behavior, and given me the necessary warning.
The following chart gives a good indication of how ThreatFire can supplement your existing security applications. (Chart courtesy of ThreatFire)
Fast facts:
Persistent zero-day threat protection made easy for every one – even novice users!
Displays detailed data on all running processes and allows you to terminate any process on demand.
Malware quarantine and removal, rootkit scanner, advanced custom rules settings and more!
Patent-pending ActiveDefense technology intelligently scans and analyzes computer processes to detect and block any malicious activity – without false positives!
Runs in background without impacting system performance.
Highest level of out-of-the-box accuracy. No need to configure baffling, technical security settings: just turn ThreatFire on and start blocking malware.
Perpetually ready for the next malware outbreak – detects malware by watching for malicious behaviors.
Enhanced user interface elements provide more technical details on alerts and interactive reports in ThreatFire’s main control panel.
Automatic updates run silently in the background so ThreatFire is always up-to-date.
Protects against viruses, worms, Trojans, spyware, keyloggers, buffer overflows, and rootkits – even if the threats are brand new and have never been seen before.
Works alongside your other security programs – in most cases you can use ThreatFire with your other antivirus, anti-spyware, firewall or other security programs.
If you read “An Anti-malware Test – Common Sense Wins”, on this site, you’ll note that during this one year test, ThreatFire was a primary security component on the test machine. In fact, each of my home machines is protected against infection by ThreatFire.
I highly recommend ThreatFire as a critical component in your overall Internet security toolbox.
System Requirements: Windows 7 32-bit and 64-bit, Windows Vista 64-bit, Vista 32-bit, Windows XP SP1, SP2 or SP3 (Home, Pro & Media Center Editions), Windows 2003, Windows 2008.
Download at: ThreatFire
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
I use Defense Wall Hips Bill……does this do the same thing?
I know its uses virtualization….
Hey Marcus,
Threatfire *is* a *H*ost *I*ntrusion *P*revention *S*ystem (HIPS). Defense Wall is both an isolator, and a *H*ost I**ntrusion *P*revention *S*ystem combined. So, while there are similarities there are some differences.
I don’t think there’s any advantage thought, in installing ThreatFire on your system.
Bill
Thanks Bill…appreciate the reply
ThreatFire is a behaviour blocker, not a HIPS.
Google around for the difference (even if, to my surprise, there is little around about both).
If you have a well designed HIPS, like Comodo or Online Armor, you won’t need a BB.
But if you want a program with less hassle (there will always be some) you can combine ThreatFire with a free AV and WinPatrol and you’ll have a top notch security combo.
Just make sure you know what you’re doing.
Hi Jose,
While it’s true that ThreatFire is not “strictly” a HIPS application, in the years I’ve been using this application (since the days it was known as CyberHawk), it has performed essentially the same function. I’m surprised that since you mentioned having Googled this issue, that you didn’t mentioned the number of reviews that in fact, refer to this application as HIPS. Or the number of forum entries in which ThreatFire is discussed as a HIPS application.
As well, I’d like to reiterate that ThreatFire is a welcome addition to any security setup, even a setup that includes Comodo, or Online Armor. 25 years+ experience has taught me, there is no such thing as the perfect application.
Thanks for your opinion.
Bill
Hey Bill,
I wouldn’t be surfing the internet without Threatfire. I have been using it a long time now, after seeing a review by yourself last year about it. What I really do like about it is the sensitivity level adjuster, if I think something fishy is going on, I up the sensitivity level and feel a little safer. I think it is a must have for anybody serious about their security.
Cheers
Hey Mal,
“I think it is a must have for anybody serious about their security.” – I absolutely agree.
I have little patience for people, who think they know what users should run on their systems without knowing anything about the users, the users requirements, or surfing habits. The driving principal should always be – when in doubt; go for overkill.
Best,
Bill
I cannot match 25 years experience. I’ve tried ThreatFire along Comodo and OA, and it works fine.
But I think that a BB (Behaviour Blocker) has no use beside a HIPS.
The same with so-called sandboxes (as in the new Comodo V4).
The only Suite that I find works for both average users and above average users is NIS (wich I don’t use because I know enough to have my safety for free).
And that brings me to the obvious conclusion: learn your machine, and your browsing.
Walking the Net is like walking the Street; you’ll have to know your walking.
Thanks Bill for a wonderful Weblog.
Jose.
Hi Jose,
“Walking the Net is like walking the Street; you’ll have to know your walking.” – you’re absolutely right of course. The problem is, as I see it, the average user has no idea that your statement is correct. They don’t see the dangers that you see. They don’t have the experience you have. So, that leads to an imbalance in terms of what works for you, and what a typical user requires to stay safe on the Internet.
A previous commenter, which I’ve since removed, attempted to make the point (in a rather rude way), that typical users don’t need the type of protection while surfing that net, that I normally recommend. He seemed to think that since he doesn’t need it, no one else should either.
You and I, may not need all the bells and whistles as we surf the Net but, most assuredly, an average users does. As I said to Mal – The driving principal should always be when in doubt; go for overkill.
BTW, I agree that the “so-called Comodo sandbox” is not worth the effort. A stand alone sandbox, or an isolator like GeSWall, is a much better approach.
Good to hear from you again on this.
Best,
Bill
Bill,
I have to agree with you on this… Most of the people I am around that use PCs, who are everyday computer users (at home) have no idea what the dangers on the street (internet) is truly all about, or even what we are talking about. I do know this though… They depend on people like us to point them in the right direction.
Rick
Hey Rick,
Couldn’t agree more. Which is why, you and I, and others like us, will continue fighting the “good fight”.
Bill
Hey Bill,
Good point on the “know it all” people who think they have all the knowledge about what we should be running on our systems. And overkill is better than underkill, I couldn’t care less if Threatfire never alerted me to threats, but I want it there if there ever is one.
Cheers
Hey Mal,
Sorry, you didn’t get to see the comment I was referring to (not Jose – he’s a regular commenter). The comment pissed me off so much that I had already deleted it. Only the third time I’ve ever done that.
Have a great weekend.
Best,
Bill
Bill,
I’ve been using Threatfire ever since you first recommended it. It is a mainstay on all of my PC’s, uses minimal system resources and is like having a watchdog that is watching for anything and everything.
Rick
Hey Rick,
You and I have discusses layer security so many times, that I’ve lost count. Each time we do so, ThreatFire is always part of that layered approach.
Just as I wouldn’t walk naked down the middle of the street; I wouldn’t surf the net without ThreatFire.
Bill
Hi Bill,
As you’ll know from previous posts I’ve got rid of McAfee Internet Security after being a customer since starting using computers (10 years). Main reasons are widespread criticism by those who know best and the huge amount of memory required.
My set up now comprises Immunet Protect, Threatfire and Malwarebytes, with SuperAntispyware for regular one-off scans.
BTW I used Revo Uninstaller with a moderate scan to remove McAfee; not a good idea as Windows would not start afterwards! Anyone uninstalling McAfee should use Add/Remove Programs followed by the McAfee Consumer Products Removal tool. More info on http://service.mcafee.com/FAQDocument.aspx?id=TS100507. It will save a lot of heartache!
Kind regards
John
Hi John,
Thanks for this.
No doubt about it – uninstalling an AV can be very tricky. I’ve had exactly the same experience as you, and I suspect there are quite a few of us with similar tales.
Good to hear from you.
Best,
Bill
Hi Bill,
I also use threatfire for at least 2.5 years, but I’ve been wondering lately, do they stop developing it, the reason why I’m asking this because I’ve read quite sometimes ago that Symantec has taken over PC Tolls as the developer of Threatfire & as you can see it for your self the version seems to stop at 4.7 at the year 2009
Thanks in advance
Hey Blueberry,
Yes you’re right Symantec did buy PC Tools, but that was years ago. Each company has kept its own identity – each serves a very different market and don’t really compete against each other.
No, I have not heard that ThreatFire has stopped development. It is in fact, a mature technology, and I wouldn’t expect to see changes anytime soon.
Bill
Pingback: Free AppRemover 2.2 – Removes Stubborn Security Applications « Bill Mullins' Weblog – Tech Thoughts
Pingback: Computer Settings Hijacked? Hijack Them Back With Free HijackThis « Bill Mullins' Weblog – Tech Thoughts