Number 301 - June 2008
ThreatFire, Free Zero Day Malware Protection
by Randy Esdon,
Big Blue and Cousins, Victoria, BC, April 2008


   I've recently discovered another excellent free security application that I think everyone should be running if they use MS Windows as their operating system of choice. PC Tools has bought a product called "Cyberhawk" tweaked it and re-branded it as "ThreatFire". They have given out a free version of it with the ability to upgrade to the Pro Edition for about $15. Now what makes this anti-Malware program so different is that it's designed to protect a computer from a zero day infection. ThreatFire is not an Anti-virus product and should not be used in place of one. ThreatFire should only be used as an additional layer of protection in addition to a normal anti virus application. ThreatFire aims to alert you to a suspicious behavior of malware that is attempting to install on your computer. ThreatFire alerts you to things such as adding a registry key to start-up a program or modifying your Hosts File. This can be useful to detect brand-new malware for which there is no signature definition yet available for detection by traditional methods.

   Some of the features that ThreatFire lists are:

   
  • Comprehensive protection against viruses, worms, trojans, spyware, rootkits, keyloggers and buffer overflows

    •    
  • Real-time malware detection--no signatures required

    •    
  • Immediately and permanently shuts down destructive processes

    •    
  • Automatic updates

    •    
  • Home and business use

    •    
  • Malware quarantine and removal
    		•

       
  • Rootkit scanner - ability to schedule and customize

    •    
  • Advanced custom rules settings, fully configurable

    •    
  • Built-in web search for additional information on threats


    •    One nice thing about ThreatFire is that while the default settings will keep the "set-it and forget it" type people protected, there are customizable settings that the advanced users can tinker with to do extra stuff. Things such as enabling automatic restore points before quarantining files and scheduling rootkit scanning at set intervals. You can also use an Advanced Rule menu to set up a custom security rule. In this menu you can create a rule that disallows any process of deleting / overwriting files in the Windows/ System32 folder. Then you can configure exceptions to that rule for a legitimate process that might need to modify files in those folders. ThreatFire has a set of plain English wizards build into it that explains how to do this sort of stuff, so it's not as daunting as it sounds. ThreatFire also has colour-coded pop-up windows that will alert you to the severity of the threat. Red indicates an automatic deletion based on a known malware. Yellow indicates suspicious behavior and you should use the built in hyperlink to do a search on the offending file. Grey indicates a Potentially Unwanted Application (PUA) that displays similar behavior to malware but may be required in order to use the software that it came bundled with.

       Tested by PC Magazine in October 2007, ThreatFire beat out Norton's Antibot and Spysweeper for speed and detection. It currently holds PC Magazine Editor's Choice award for signature-based anti-spyware. I recommend that you read PC Magazine full review at the following URL: http://www.pcmag.com/article2/0,2704,2191336,00.asp If you're interested in trying ThreatFire, you can download it from their website .

       Copyright (C) 1990-2008 by Big Blue and Cousins: The Greater Victoria Personal Computer Users' Association. www.bbc.org
      Number 301 - June 2008