A necessary security practice is having Antivirus and other Malware protection utilities installed on your Windows computer, but they need constant updating to be effective against the newest threats. Today we take a look at ThreatFire from PCTools which runs along side your current Antivirus utility to add protection against Zero-day attacks.
ThreatFire is unique in the way that it works. When you use your computer, programs run in the background telling your computer what to do. When ThreatFire detects malicious or suspicious activity, it immediately terminates the activity, isolates the offending program and notifies you with an alert. This is a completely free utility that will run alongside your existing Anti-Malware utilities without causing any conflicts and protects where traditional signature Antivirus applications don’t.
A “Zero-Day” attack is when unwanted malicious code exploits security holes in operating systems and/or other program applications. The security exploits are usually not known about by the vendor and haven’t been patched yet. The attack continues until a patch is created or until Antivirus signatures are updated so they can detect and eliminate the threat. ThreatFire employs ActiveDefense technology which uses behavior analysis that will protect your computer from threats before your Antivirus has updated the signature database.
The installation is straight forward and easy to do. It doesn’t conflict with any other antivirus or antimalware applications so there is no need to worry about disabling other protections.
After installation you will be protected against threats immediately. The first thing you will see is the World Wide Detection Map that shows some of the most recent threats ThreatFire has detected within the community.
When a threat is found you will get an alert screen where you will get additional information about the threat and decide what actions to take against it. Each type of threat is color coded for different types of threats. The Gray Alert is for potentially unwanted software.
The Yellow Alert show potentially malicious software.
The Red Alert shows that a malicious application has been disabled and quarantined.
Another cool feature is finding out more about the threat. Your default web browser opens and goes to the ThreatExpert page which contains a lot more detailed information regarding the threat that was disabled.
It includes plenty of different settings you can configure to your liking like the sensitivity level, updates, default actions…etc.
In Advanced Tools you can change Rule Settings and access a System Activity Monitor which is a handy utility to see what services and applications are running and get detailed information about them.
You don’t need to run any scans for ThreatFire to do its job (monitoring in real-time for active threats) but it does come with a Rootkit Scanner. A rootkit may contain several pieces and the Rootkit Scanner dives deeper into your system seeking out any hidden files, registry keys or other objects that may be part of one. You can schedule rootkit scans to occur on a regular basis.
It is very light on system resources while running in the background.
If you want to get extra protection for your PC you definitely want to try out ThreatFire. It runs virtually silently in the background until a threat is detected. We installed it on a fresh installation of Windows 7 and proceeded to attempt to infect the computer similarly to Asian Angel’s infected system in a previous article. We didn’t get very far because ThreatFire identified all of the malicious software before we were able to install it. Not everything came up as a Red Alert but it is nice to have ThreatFire identify Crapware like “my web search” and display a message so you can at least get more info on it before installing. This is a definite level of protection you should add to the Anti-Malware arsenal, and the coolest part is that it’s completely free for home users.
- Published 09/1/09