Threatfire provides sophisticated real-time antispyware protection

40
224

Threatfire provides real-time protection against spyware and other malicious threats. It employs sophisticated behavior-based technology that can determine a threat based what it does within your system, and is therefore well suited for unknown or brand new “zero-day” threats. It is also low on resource consumption.

If there’s something that I am constantly on the look-out for it would be a freeware anti-spyware program that (a) is low (or medium-low) on computer resource consumption, (b) provides real-time protection, and (c) does a good job at protecting against unknown threats. From what I’ve seen and read about Threatfire, it might be just that program.

I’ve been using this program for just over a week now, running in conjunction with an anti-virus program (AVG free edition), and no other antispyware product. Aside from this period of living with and observing the program, my primary source of info comes from an excellent PCMagazine review of Threatfire and research I’ve done on this program in various other places.

The main strength of this program is its behavior-based (heuristic) detection of malware, and at that it does a better job than many signature based security programs. The difference between behavior based and signature based detection is that the former determines that a program is malicious based on observing its behavior and what it is doing within your system, making it ideal for intercepting threats that are too new or too rare to have been detected by the makers of anti-malware software. In contrast, signature-based detection is where a security program is told what to look out for through periodic updates to its database. Here are some more notes on this program:

  • Background: Threatfire is released by PC Tools, makers of the excellent Spyware Doctor program. After acquiring Novatix and their”Cyberhawk” antispyware program, PC Tools based Threatfire’s behavior-based engine on that program’s technology.
  • Threat identification: once a potential threat is identified Threatfire will in fact check its signature against a database for quick identification in order to quickly quarantine it without user intervention (and the program will perform auto-updates). Note that Threatfire cannot identify a threat until it takes action; so, for example, a dormant trojan on an obscure file buried in a directory that is never accessed will not be detected (which shouldn’t be a problem since it will not be a threat either).
  • No configuration is required: all you need is to install and run. You will have to intervene periodically if a threat is detected and will be given the option to allow it if its a false positive (athough this is generally a rare occurrence). Threatfire can be ’taught’ that a certain program or programs are ok so it will ignore them from that point forward.
  • Resources needed: the various processes that Threatfire runs in the background consume approximately 10 megs of RAM collectively. This is one of my main reasons why I like this software and stands in contrast to the hundreds of megs used up by many other antispyware products. What this means to you is that unlike these other programs, Threatfire will not slow your system down.
  • Performance: for his review the PC magazine editor unleashed a battery of malware that Threatfire intercepted with a very high degree of success. The only programs which it was not 100% successful identifying were so called “rogue antispyware products” (i.e. apps that pretend that they’re antispyware program when they’re not). Aside from those Threatfire identified ALL other threats.
  • False positives: are always a concern for a behavior based engine, but Threatfire does well in this regard compared to other products like it. Although I did witness a number of false positives with Threatfire, they were notably less that my experience with Comodo’s BOClean (another comparable free product that is fairly good, although I much prefer Threatfire).
  • Before installing: make sure you have a clean system for best protection by performing both a virus and spyware scans. If you install Threatfire on a heavily infected system you will likely run into problems. Fortunately, there are many free products that do on-demand scanning very well, including Antivir Free, AVG Free, and Avast Home Edition for antivirus and Spybot S&D, Ad-Aware Free, Super Antispyware Free, and AVG Antispyware Free for antispyware. (Note: these antispyware products mentioned do not offer real-time protection as part of the free product, but in fact it is their on-demand scanning feature that you are interested in; Threatfire can handle the real-time aspect).
  • Offers on-demand rootkits scanning: for more on rootkits go here.
  • Safe mode: Threatfire reportedly doesn’t install and scan well in safe mode.

Differences between the free and paid versions: the paid “pro” version adds the ability to scan your hard drives for malware and the option of telephone customer support. On-demand scanning (in the Pro version) is not this program’s strong suite though and does not come recommended. Use another free security program for on-demand scanning (see “before installing” above).

Freewaregenius 5-Star Pick

The bottom line: this program adds an excellent layer of protection at very low system cost, and can well provide the real-time protection that many “free” antispyware products withold. Use it in conjunction with occasional on-demand system scans and you have the best of both worlds. I like that it is developed by PC Tools, a leader in the antispyware/PC security industry rather than some unknown developer. Highly recommended.

Version Tested: 3.0.1.3

Compatibility: Windows XP, 2000, 2003, and Vista.

Go to the download page to get the latest version (approx 14 megs). Also visit the Threatfire home page.