0

When reading the German Federal Office of Information Security recommends Chrome on Chrome Blog, they link to best practices guide:

Today the BSI, Germany’s Federal Office for Information Security released a best practice guide for Windows users as part of their overall guidelines and recommendations for Cyber Security.

With the help of Google Translate, I found that they along with traditional Antivirus products like those from MS, Avira or Avast recommend a tool called ThreatFire.

I've never heard about it and on theyr home page they state:

ThreatFire is dramatically different to traditional antivirus software. Normal antivirus products usually need to have first identified and seen a threat before they can provide adequate protection against it.

...

By implementing sophisticated real-time behavioral analysis ThreatFire is able to stop never- before-seen "zero-day" threats solely by detecting their malicious activity.

Sounds good, especially when German's Federal Office For Information Security recommends it and that their other recommendations are quite good and I agree with them.

But i find little information about threatfire on superuser.com except that the user kai recommends it along with traditional AV.

But if it's already better than AV, should I need AV also? And what others know about this software and its effectivness?

Improve this question
5
  • 1
    Many Anti-Malware products use "sophisticated real-time behavioral analysis" and look to see virus/malware like behavior and not just identify a pattern
    – Dave M
    Commented Feb 10, 2012 at 17:57
  • 1
    All I know is that PC Tools ThreatFire is so paranoid about what it allows to run, that I've seen it completely break backup software that relies on Volume Shadow Copy. That may be good or bad, depending on your viewpoint.
    – Shinrai
    Commented Feb 10, 2012 at 17:57
  • 1
    It's marketing hyperbole. (There's an AV product called Norman that uses "sandbox technology" to do the same thing your ThreatFire claims to do; essentially it looks for behavior rather than matching literal definitions, and quarantines things that are behaving in virus-y ways.) AV is AV is AV and it's big business. None of them can guarantee protection.
    – goblinbox
    Commented Feb 10, 2012 at 18:26
  • 3
    There is nothing special about ThreatFire. Of course fair to say its one of the worst products on the market, its not even tested against everyone else, it really isn't an anti-virus.
    – Ramhound
    Commented Feb 10, 2012 at 18:59
  • Wasn't it all those German Siemens scada controllers that got hacked due to weak backdoor passwords? So much for German security advice.
    – Moab
    Commented Feb 11, 2012 at 2:16

1 Answer 1

Reset to default
1

Unfortunately this is somewhat of a marketing turn of phrase by the makers of ThreatFire. All modern Anti-Virus companies make use of "realtime monitoring" - it's called heuristics. Basically if you're browsing the web and just after visiting a dodgy website Internet Explorer suddenly starts dropping files onto your machine and trying to call CreateProcess() on them, any anti-virus worth their salt will start jumping up and down, regardless of what zero-day exploit may have been used to attack the browser in the first place.

The thing to remember is that although zero-day exploits are the "sexy" end of hacking, they are the most uncommon way for your machine to become compromised - the most common being running an application you just downloaded from the Internet and then clicked "Yes" to give administrator permissions to, followed closely by being exploited through well known exploits by having unpatched software on your machine (that's not just Windows Updates, it's also running the latest version of your browser with as few browser plugins all at the latest possible version).

Running an Anti-virus really isn't about stopping your machine getting hacked by zero-day exploits. It's about stopping well-known malware from installing rootkits on your machine and making off with your credit-card details, and frankly it doesn't matter whether you're using ThreatFire, Sophos, Symantec or Kaspersky, they all do pretty much the same thing of detecting known malware strains and applying heuristics to catch new threats.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .