canetoad
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Mar-29-09 08:38 PM
Original message |
Another tool to fight Conficker |
|
Edited on Sun Mar-29-09 08:39 PM by canetoad
I downloaded and installed ThreatFire about a fortnight ago and am pretty impressed by it, especially in view of the threat of the Conficker worm. It runs nicely in tandem with Avast and only shows one process in task manager, using 3100kb of memory. Review here http://www.securecomputing.net.au/Download/126238,pc-tools-threatfire-40.aspxFAQ and download here: http://www.threatfire.com/faqs/PS. It's free :)
|
Duer 157099
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Mar-29-09 09:54 PM
Response to Original message |
1. I wonder if this is similar to Comodo's "Defense+" - part of the firewall suite |
|
In any case, I'll take a look at it, thanks
|
canetoad
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Mar-29-09 10:44 PM
Response to Reply #1 |
2. Don't know much about Comodo |
|
except that it seems popular. This ThreatFire does not seem to behave like a firewall in that it is not asking for permissions for programs to connect to the net.
|
Duer 157099
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Mar-29-09 11:48 PM
Response to Reply #2 |
3. I like Comodo. It has 3 "pieces" - Firewall, Antivirus and Defense |
|
I think the Defense does what ThreatFire does - it monitors activity, like changes to the registry, and asks if you want to allow it.
In any case, I've dl'd TF and installed it just to check it out. If it doesn't interfer with Comodo, can't hurt to have more protection I guess.
|
ConsAreLiars
(1000+ posts)
Send PM |
Profile |
Ignore
|
Mon Mar-30-09 02:29 AM
Response to Reply #1 |
4. Seems that Comodo's "Defense" function is quite different than ThreatFire. |
|
Edited on Mon Mar-30-09 02:29 AM by ConsAreLiars
Just ran a long install where Comodo was asking repeatedly if I wanted to this or that. ThreatFire never popped up. It seems, as it claims, to be looking for some sort of "behavior" that is more suspicious than changing a registry value when installing or updating software.
(edit typo)
|
Duer 157099
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue Mar-31-09 09:06 PM
Response to Reply #4 |
9. I set Threatfire's "Sensitivity Level" to the highest and I get the same alerts as with Comodo |
|
(Well so far, but I've only done a couple things).
Comodo's Defense is also very customizable, so that you can set it into training mode when you're doing very safe routine things, so it can learn those things and stop alerting you. TF may be the same.
In any case, as long as they don't conflict with each other and neither is a resource hog, I'll keep em both around and see how well they play together.
Thanks!
|
ConsAreLiars
(1000+ posts)
Send PM |
Profile |
Ignore
|
Wed Apr-01-09 01:37 AM
Response to Reply #9 |
12. Thanks for the information about setting different security levels in Comodo and TF |
|
Seems Comodo's default is PARANOID (fine by me despite the trouble), while TF is looking for signs that some previously permitted service or app has gone rogue. Seems like the training mode of Comodo is just more permissive. I'll agree with you and keep both running.
|
Duer 157099
(1000+ posts)
Send PM |
Profile |
Ignore
|
Wed Apr-01-09 03:03 PM
Response to Reply #12 |
13. Comodo had a steep learning curve for me |
|
For the longest time I just ran it without changing any settings or doing anything. Then I decided to try and figure out how it really works - I'm still very naive about some of it, but know enough, I hope, so that I haven't utterly defeated it's purpose.
Sometimes I'll run it in training mode because I'm doing something that results in lots of alerts but that I'm comfortable is safe - and then I forget to return the status to "Safe" (the setting I usually keep it on). So then I go into the settings and delete all of the entries (Defense > Advanced > Computer Security Policy) and start over, just to make sure something hasn't gotten by that shouldn't. PITA, yeah, but probably worth it.
|
hermetic
(1000+ posts)
Send PM |
Profile |
Ignore
|
Mon Mar-30-09 08:07 AM
Response to Original message |
|
I will tell my friends about this one.
I must say though, reading through the licensing agreement, it looks like you're not allowed to use this if you are on the no-fly list. B-)
You stay safe down there.
:toast:
|
canetoad
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue Mar-31-09 01:57 PM
Response to Reply #5 |
|
I had a read through the EULA and it's pretty dammed comprehensive!
cheers mate
:toast:
|
lpbk2713
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue Mar-31-09 07:32 AM
Response to Original message |
6. Well, I got all my MS updates up to date last night. |
|
That might help me be ready for April 01 if anything is really going to happen. I'm taking a sort of a wait-and-see approach. I have found that there are times when updates seem to do more harm than good. That is why I have them on 'notify' as opposed to 'automatic'. Good luck all.
|
canetoad
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue Mar-31-09 01:55 PM
Response to Reply #6 |
|
On the rounds of various usenet groups and forums I regularly see people crying because something is broken after an auto update. At the same time it is easy to determine which are the biggest threats that really need to be patched. I hate it when you have your computer and applications all tuned to be working like a well oiled machine then something unexpected happens to throw a spanner in the works. It may seem like more work but it has done well for me to have all auto updates turned off and only go looking for them as I really need them.
Oh, and it's April 1 here and nothing has turned up in the news about Conficker yet.
|
Holly_Hobby
(1000+ posts)
Send PM |
Profile |
Ignore
|
Wed Apr-01-09 12:51 AM
Response to Original message |
10. Can I just change the date on my computer to 4/2 |
|
to avoid the worm? Or is it smarter than I am? :) Thanks.
|
ConsAreLiars
(1000+ posts)
Send PM |
Profile |
Ignore
|
Wed Apr-01-09 01:21 AM
Response to Reply #10 |
11. That will accomplish nothing. |
|
It gets its activation orders from the net, not from your machine's date stamp. If your antivirus programs are current and running, you should be OK, but you may want to read through some of the discussion for more info: http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x5365866http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=242&topic_id=24192&mesg_id=24192
|
DU
AdBot (1000+ posts) |
Sun May 05th 2024, 09:54 PM
Response to Original message |