Threatfire provides sophisticated real-time antispyware protection


Threatfire provides real-time protection against spyware and other malicious threats. It employs sophisticated behavior-based technology that can determine a threat based what it does within your system, and is therefore well suited for unknown or brand new “zero-day” threats. It is also low on resource consumption.

If there’s something that I am constantly on the look-out for it would be a freeware anti-spyware program that (a) is low (or medium-low) on computer resource consumption, (b) provides real-time protection, and (c) does a good job at protecting against unknown threats. From what I’ve seen and read about Threatfire, it might be just that program.

I’ve been using this program for just over a week now, running in conjunction with an anti-virus program (AVG free edition), and no other antispyware product. Aside from this period of living with and observing the program, my primary source of info comes from an excellent PCMagazine review of Threatfire and research I’ve done on this program in various other places.

The main strength of this program is its behavior-based (heuristic) detection of malware, and at that it does a better job than many signature based security programs. The difference between behavior based and signature based detection is that the former determines that a program is malicious based on observing its behavior and what it is doing within your system, making it ideal for intercepting threats that are too new or too rare to have been detected by the makers of anti-malware software. In contrast, signature-based detection is where a security program is told what to look out for through periodic updates to its database. Here are some more notes on this program:

  • Background: Threatfire is released by PC Tools, makers of the excellent Spyware Doctor program. After acquiring Novatix and their”Cyberhawk” antispyware program, PC Tools based Threatfire’s behavior-based engine on that program’s technology.
  • Threat identification: once a potential threat is identified Threatfire will in fact check its signature against a database for quick identification in order to quickly quarantine it without user intervention (and the program will perform auto-updates). Note that Threatfire cannot identify a threat until it takes action; so, for example, a dormant trojan on an obscure file buried in a directory that is never accessed will not be detected (which shouldn’t be a problem since it will not be a threat either).
  • No configuration is required: all you need is to install and run. You will have to intervene periodically if a threat is detected and will be given the option to allow it if its a false positive (athough this is generally a rare occurrence). Threatfire can be ’taught’ that a certain program or programs are ok so it will ignore them from that point forward.
  • Resources needed: the various processes that Threatfire runs in the background consume approximately 10 megs of RAM collectively. This is one of my main reasons why I like this software and stands in contrast to the hundreds of megs used up by many other antispyware products. What this means to you is that unlike these other programs, Threatfire will not slow your system down.
  • Performance: for his review the PC magazine editor unleashed a battery of malware that Threatfire intercepted with a very high degree of success. The only programs which it was not 100% successful identifying were so called “rogue antispyware products” (i.e. apps that pretend that they’re antispyware program when they’re not). Aside from those Threatfire identified ALL other threats.
  • False positives: are always a concern for a behavior based engine, but Threatfire does well in this regard compared to other products like it. Although I did witness a number of false positives with Threatfire, they were notably less that my experience with Comodo’s BOClean (another comparable free product that is fairly good, although I much prefer Threatfire).
  • Before installing: make sure you have a clean system for best protection by performing both a virus and spyware scans. If you install Threatfire on a heavily infected system you will likely run into problems. Fortunately, there are many free products that do on-demand scanning very well, including Antivir Free, AVG Free, and Avast Home Edition for antivirus and Spybot S&D, Ad-Aware Free, Super Antispyware Free, and AVG Antispyware Free for antispyware. (Note: these antispyware products mentioned do not offer real-time protection as part of the free product, but in fact it is their on-demand scanning feature that you are interested in; Threatfire can handle the real-time aspect).
  • Offers on-demand rootkits scanning: for more on rootkits go here.
  • Safe mode: Threatfire reportedly doesn’t install and scan well in safe mode.

Differences between the free and paid versions: the paid “pro” version adds the ability to scan your hard drives for malware and the option of telephone customer support. On-demand scanning (in the Pro version) is not this program’s strong suite though and does not come recommended. Use another free security program for on-demand scanning (see “before installing” above).

Freewaregenius 5-Star Pick

The bottom line: this program adds an excellent layer of protection at very low system cost, and can well provide the real-time protection that many “free” antispyware products withold. Use it in conjunction with occasional on-demand system scans and you have the best of both worlds. I like that it is developed by PC Tools, a leader in the antispyware/PC security industry rather than some unknown developer. Highly recommended.

Version Tested:

Compatibility: Windows XP, 2000, 2003, and Vista.

Go to the download page to get the latest version (approx 14 megs). Also visit the Threatfire home page.

  • Pedro

    Great addition, thanks!

  • Joe

    I’ve been using it for a few weeks. It hardly ever gives me false positives – only when I first use something with suspicious functions, like Synergy needing to log keystrokes in order to use the keyboard to control a networked computer.

    One small error in your review: when I ran it up until a couple of months ago, Spybot had a real-time scanner (they called it the “TeaTimer”). I do wish ThreatFire had Spybot’s ability to watch for new entries in the various startup locations – for those installers that automatically place links in a startup folder or, worse, create registry entries to start at login.

  • Ive heard about Threatfire. Ive been waiting to hear about customer reviews.
    I know it will do well if the program uses low resource consumption, as that is the first gripe from lots of users that are using other programs.
    It being from PC Tools is a good sign.

  • Toni

    I have tried several versions of Threatfire, starting from the time when it was still called Cyberhawk. But it slows down my machine a lot. Some websites (legit sites that is) don’t work properly anymore and didn’t work at all. Too bad.

    Apparently it doesn’t occur on most computers.

  • rainman

    do you think its better than spyware terminator?

  • I also run AntiVir and Spyware Terminator and would like to here your recommendation. Threatfire or Spyware Terminator or both?

  • Fred Thompson

    Google has a free version of Spyware Doctor which you can download directly from
    They want people to use their automated downloader. I used URLSnoooper2 to find the direct link. (Shareware, sorry, but there are some recent IP Snifffers that look interesting.)
    Regarding Spybot, it has failed most of the recent hard tests, as has Spyware Blaster and a lot of the “old favorites.” One of their methods was to add entries to the system registry or hosts file to block “bad” URLs. That only works to a point because any list gets unmanageably long over time. I wonder if Threatfire is a repackaged Spyware Doctor SE to keep AVG from grabbing all the SE mindshare…

  • Fred Thompson

    AVG Anti-Spyware Free Edition DOES have real-time protection. Click on the “Shield” icon on the top of the status window…

  • Pandu E Poluan

    Hmmm… how does this compare with Comodo Firewall Pro v3’s Defense+ HIPS?

  • AVG FREE does have real time.
    Spyware Terminator is also very very good!

    re Pandu E Poluan..
    Spyware Terminator has HIPS defence. I disabled Comodo Firewalls Defence Hips as ST already had my settings and it was doubling up. if your a security freak, good for you. If you want to use your computer, then one HIPS defence is enough.

  • Ali

    Threatwire works totally different than Antivir, Spyware Terminator or AVG Antispyware. PCTools recommens threatwire recommends to use their program on top of these traditional anti spy and antivirus programs, because both methods combined give a real strong protection.
    Threatwire filters on suspicious behaviour, while the traditional antimalware programs filter on long lists of known malware.Therefor Threatwire doesn’t have to update everyday but is less likely to miss zero-day threats.

    The HIPS future of Comodo is also behaviour based as far as I know. The problem with behaviour based programs is that they can generate lots of falls positives. Therefor the user can be asked too many allow/deny question. I heard Comodo can be rather talkative. The trick of a good HIPS-based protection is that it doesn’t generate too many false positves. Threatwire manages to do just that.

  • olly

    @ Joe Have you tried Winpatrol?

  • Will test this. For a proactive spyware protection, go find Spyware Blaster. Use it myself and never had a spyware problem since. Just keep it constantly updated.

  • ender

    I would also be interested in knowing how threatfire and spyware terminator are compared!

  • Prabhakar Goud

    I’d been using Spyware Terminator for a long time and has never had any problems with it except that it’s not as lite as Threatfire is on the system resources. In that case, I’d like to use Threatfire, but is it overall as good as Spyware Terminator is.? Please suggest.

  • andrew

    i swear by norton internet securities 2008 and i run spydoctor spysweeper and spybot search and destroy

  • Samer

    Re: Spyware Terminator
    Spyware terminator has been my default recommended antispyware program for a long time. Recently, however, two friends of mine were complaining of their slow computers and I gave them the offer to reinstall Windows for them and set them up with all freeware programs. This is where I felt Spyware Terminator was not going to be a very good fit, since (a) these computers did not have a lot of RAM, and Spyware Terminator took up more than 100 megs in memory, and (b) these 2 people were not computer savvy and did not want to deal with the many prompts whereupon Spyware Terminator would ask for a user intervention/decision. It was at that point that I started searching for another antispyware option that would be lighter on resources and Threatfire is the program that I found.

    There are 2 advantages, I feel, for using Threatfire over Spyware Terminator (a) it uses much less RAM, (b) it doesn’t ask for nearly as many user decisions. (It also performs well and has relatively few false positives). However, if you are using Spyware Terminator, can afford the RAM, and feel good about the protection that it offers (and I’m sure many people are in this situation because Spyware Terminator is a great program) then by all means keep using it.

    As for the question of whether Threatfire performs as well as Spyware Terminator, my guess is that it does.

  • ender

    thanks a lot for your quick reply, samer!
    i think, will be switching to threatfire, because as much as i am ok with spyware terminator, to be honest, its a bit annoying me with prompts.

  • I use both Spybot search and Destroy, Spyware terminator, and find that ST freezes my pc when I open certain MS office files and certain apps.
    I will certaninly give Treatfire a try.
    Regards and thanks for the info.

  • cicom3nd3z

    There is a way to test antispyware apps. Check Test files (exe) try to modify registry keys in the same way a spyware would. Threatfire failed to protect RunOnce keys. Spyware Terminator failed on even more keys. Spysweeper passed all tests. But this might not be conclusive. It just shows that you can’t rely on a single product for prottection.

  • boony

    A good program, and one I recommend to anyone looking for a backup for their blacklist (signature based} security.
    I personally use a classic HIPS (ProSecurity) which is 100% whitelist. It denys/queries everything until you choose to allow it, unless you use Learning Mode (I won’t, too paranoid). A terrific P.I.T.A. at first, as you are queried about every process, autostart, registry modification, network access, etc., but I’ve spent too much time on PacMan’s Portal, Google, CastleCops, and Bleeping Computer checking every process and path to give it up now.
    For those not obsessive and paranoid, Threatfire is great.

  • Free is always nice, but I think I’ll keep running Prevx on my system, even though it’s not free. 🙂

  • i need your software serial no how i get this

  • i once install threatfire when it still in beta state, and it screw up my system(i already forget what it is, but it made me reinstall the system).
    haven’t tried the new version btw…
    so just put light value of my ranting will ya…

  • Roger

    I installed Threatfire on a Dell Dimension 3000 running Windows XP SP2. One of TF’s routines soaked up 98% of my processor cycles, so I pulled TF from my machine. Has anyone else run across this sort of situation, and how did they deal with it?

  • a guy

    ThreatFire slowed my pc down alot i could tell right after i installed it… i got rid of it… stuck with Spyware terminator good reliable protection, I would go with (AVIRA, COMODO FIREWALL, SPYWARE TERMINATOR, but thats just my opinion….

  • Jeremy

    I found this software to slow my machine. Not only did it get slower but when I tried to ctl alt del and shut down the program it would not let me even though I was administrator. I don’t like anything that takes my admin rights away. It has caused me problems on 4 different machines. I do not recommend

  • Samer

    Are you by any chance using the new version of AVG antivirus (v.8)? I have found that these two programs together slow the system down.

    I am now testing it with Avast and the corportate version of Norton (which I have to use by decree for my work computer). So far so good.

  • Tima

    I use Threatfire and Avast free antivirus for some time now on my vista home premium notebook and it seems to be working pretty well. Yes, i had some problems with firefox extensoins after installing Threatfire, that even made me change Firefox for Opera, but i am sure that worth it and now i am good protected against internet threats.

  • ash

    EMSI anti spyware program namely a2 square has been detecting tfn as a suspicious file and asks for deeper examination. i have both a2 square anti spyware and tfn running in my system. recently a2 square has been finding tfn as suspicious in deep scan mode. I wonder why?

  • Tom

    I installed ThreatFire recently, but have since uninstalled it because every time I open a Microsoft Office document (*.doc, *.xls) or Web page in Internet Explorer my 1.66GHz Core Duo laptop with 1.5GB RAM took 2-3 times longer than before I installed it. This is unacceptable for me. So far I’m happy with the performance of COMODO Firewall, which offers basic spyware protection.

  • Get a Mac! LOL