Internet Security 2.0

Posted 02/07/2008 at 1:43pm | by Paul Lilly

8

Comments

Print

PC Tools ThreatFire

Better than the competition - and free!

"Anything you can do I can do better.” We suspect PC Tools has a motivational poster bearing this catchphrase in its board room, because it appears to be the philosophy behind its ThreatFire security app. Just like AntiBot, ThreatFire uses a heuristic scanning engine to unearth malicious malware before it has a chance to grapple with the OS. But the similarities end there, which is a good thing.

Custom rules make it possible to thwart brand-new worms even before signature up-dates are made available, and the setup wizard will hold your hand from start to finish.

ThreatFire picks up the installation routine where AntiBot leaves off, and rather than throw a few arbitrary options at the end user, the app gives you customizable control over additional subsets of the application. If you’d rather not tinker, the default options will keep the set-it-and-forget-it folks protected, but power users will want to poke around the menus and tailor ThreatFire in ways AntiBot doesn’t allow, such as enabling automatic restore points before quarantining files. You can also schedule rootkit scanning at set intervals, just as you would with your anti-virus software. But we’re most enamored with the Advanced Rule menu, where you can set up custom security rules for virtually any kind of threat. If you want to create a rule that disallows any process from deleting or overwriting files in the Windows/System32 folder, you can do that and then configure exceptions for programs or processes that might legitimately need those types of privileges. Give your custom rule a name and description, and you can enable or disable it thereafter with a click of the mouse. And to add icing to an already tasty cake, ThreatFire’s wizard walks you through the process in plain English, so you never feel overwhelmed or unsure about what you’re doing. Bravo!

Color codes indicate the type and severity of attack. In this case, the yellow box warns that the screensaver we just downloaded might be up to no good.

Like AntiBot, ThreatFire runs quietly in the background, making its presence known only when it detects a threat. Pop-up windows are color-coded based on their severity, with red indicating an automatic eradication based on known malware and yellow signifying suspicious activity flagged by the heuristic engine. If you’re unsure of what to do, a hyperlink brings up a Google search of the offending file. Gray windows round out the color scheme and represent a potentially unwanted application (PUA). These processes share similar traits to spyware but may be required to run depending on the program they come bundled with. These too carry Google links, but this is one area in which we prefer AntiBot’s more detailed rundown, which tells us exactly what the file is trying to do.

Romping recklessly through the net, just as we did before, ThreatFire caught more threats than AntiBot did, preventing the same malware from altering our hosts file or killing IE’s Internet Options tabs. And did we mention ThreatFire’s free? Combined with the advanced options, it’s a clear winner.

Approved, Free!
www.threatfire.com