SEARCH

How-To Geek

ThreatFire Provides Protection Against Malware and Zero-Day Attacks

A necessary security practice is having Antivirus and other Malware protection utilities installed on your Windows computer, but they need constant updating to be effective against the newest threats.  Today we take a look at ThreatFire from PCTools which runs along side your current Antivirus utility to add protection against Zero-day attacks.

About ThreatFire

ThreatFire is unique in the way that it works.  When you use your computer, programs run in the background telling your computer what to do. When ThreatFire detects malicious or suspicious activity, it immediately terminates the activity, isolates the offending program and notifies you with an alert.  This is a completely free utility that will run alongside your existing Anti-Malware utilities without causing any conflicts and protects where traditional signature Antivirus applications don’t.

A “Zero-Day” attack is when unwanted malicious code exploits security holes in operating systems and/or other program applications. The security exploits are usually not known about by the vendor and haven’t been patched yet.  The attack continues until a patch is created or until Antivirus signatures are updated so they can detect and eliminate the threat.  ThreatFire employs ActiveDefense technology which uses behavior analysis that will protect your computer from threats before your Antivirus has updated the signature database.     

Using ThreatFire

The installation is straight forward and easy to do.  It doesn’t conflict with any other antivirus or antimalware applications so there is no need to worry about disabling other protections.

1nstall

After installation you will be protected against threats immediately.  The first thing  you will see is the World Wide Detection Map that shows some of the most recent threats ThreatFire has detected within the community.

1-TFMAIN

When a threat is found you will get an alert screen where you will get additional information about the threat and decide what actions to take against it.  Each type of threat is color coded for different types of threats.  The Gray Alert is for potentially unwanted software.

tf-alert

The Yellow Alert show potentially malicious software.

Alert

The Red Alert shows that a malicious application has been disabled and quarantined.

2-alert

Another cool feature is finding out more about the threat.  Your default web browser opens and goes to the ThreatExpert page which contains a lot more detailed information regarding the threat that was disabled.

2-TF more detail

It includes plenty of different settings you can configure to your liking like the sensitivity level, updates, default actions…etc.

1-TF Settings

In Advanced Tools you can change Rule Settings and access a System Activity Monitor which is a handy utility to see what services and applications are running and get detailed information about them.

1-TF adv

You don’t need to run any scans for ThreatFire to do its job (monitoring in real-time for active threats) but it does come with a Rootkit Scanner.  A rootkit may contain several pieces and the Rootkit Scanner dives deeper into your system seeking out any hidden files, registry keys or other objects that may be part of one.  You can schedule rootkit scans to occur on a regular basis.

2-TF Sched

It is very light on system resources while running in the background.

sshot-2009-08-28-[23-42-13]

Conclusion

If you want to get extra protection for your PC you definitely want to try out ThreatFire.  It runs virtually silently in the background until a threat is detected.  We installed it on a fresh installation of Windows 7 and proceeded to attempt to infect the computer similarly to Asian Angel’s infected system in a previous article.  We didn’t get very far because ThreatFire identified all of the malicious software before we were able to install it.  Not everything came up as a Red Alert but it is nice to have ThreatFire identify Crapware like “my web search” and display a message so you can at least get more info on it before installing.  This is a definite level of protection you should add to the Anti-Malware arsenal, and the coolest part is that it’s completely free for home users.

tflogo

Download ThreatFire 4.5

Brian Burgess worked in IT for 10 years before pursuing his passion for writing. He's been a tech blogger and journalist for the past seven years, and can be found on his about me page or Google+

  • Published 09/1/09

Comments (11)

  1. Shail

    Not For x64

  2. steve75

    Have same problem, doesn’t work for x64

  3. OneMore

    not for Spectrum 128k neither

  4. gunn0r

    Great article, although I prefer all-in-one solutions like Sunbelt Software’s Vipre:
    http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/
    Best AV+AntiSpyware application I have ever used :)

  5. Ron

    Nice program, but it breaks Toshiba’s DVD Player Program… :(

  6. Mysticgeek

    There is a x64 version which is in beta … you can get it by signing up for their beta program and downloading it there. I guess there are some goofy license requirements for the 64-bit Windows.

    Also, I am currently beta testing version 4.6 which installs fine with 32 & 64 bit versions.

  7. Dodot

    Does Avira v9’s Anti-Spyware capabilities compare well with threatfire?

  8. Caleb

    Will this give Google Chrome a red alert?

  9. Jim

    I tried this a while back and it slowed my system quite noticeably. If you say it’s light on resources I’ll have to give it another try

  10. Calle@jobbdator

    Threatfire somehow disturbed my LAN access – could not access my sjared resources (XP, Mac and NAS). Inactivating it did not help, but uninstalling Threatfire solved the problem. More info here http://www.pctools.com/forum/showthread.php?p=213130#post213130 and here http://www.sevenforums.com/network-sharing/24139-cannot-access-shared-resources-used-work-internet.html

  11. Nevi

    Yes if your set up should be free,Threatfire is great.If you have a NAT router,you only need a GOOD antivirus (this mean NO AVG).,Avira and Avast are good.
    If you dont have a router with the excellent protection that give,make sure you use a software firewall like Online Armor or Outpost,with a HIPS.
    Threatfire act like a HIPS if you dont use a software firewall,because you have a router.
    If you want that lil extra protection,look into “Immunet”,a little malware defender.It dont use any resouces.

Enter Your Email Here to Get Access for Free:

Go check your email!