Another tool to fight Conficker

I downloaded and installed ThreatFire about a fortnight ago and am pretty impressed by it, especially in view of the threat of the Conficker worm.

It runs nicely in tandem with Avast and only shows one process in task manager, using 3100kb of memory. Review here http://www.securecomputing.net.au/Download/126238,pc-tools-threatfire-40.aspx

FAQ and download here: http://www.threatfire.com/faqs/


PS. It's free :)

In any case, I'll take a look at it, thanks

except that it seems popular. This ThreatFire does not seem to behave like a firewall in that it is not asking for permissions for programs to connect to the net.

I think the Defense does what ThreatFire does - it monitors activity, like changes to the registry, and asks if you want to allow it.

In any case, I've dl'd TF and installed it just to check it out. If it doesn't interfer with Comodo, can't hurt to have more protection I guess.

Just ran a long install where Comodo was asking repeatedly if I wanted to this or that. ThreatFire never popped up. It seems, as it claims, to be looking for some sort of "behavior" that is more suspicious than changing a registry value when installing or updating software.


(edit typo)

(Well so far, but I've only done a couple things).

Comodo's Defense is also very customizable, so that you can set it into training mode when you're doing very safe routine things, so it can learn those things and stop alerting you. TF may be the same.

In any case, as long as they don't conflict with each other and neither is a resource hog, I'll keep em both around and see how well they play together.

Thanks!

Seems Comodo's default is PARANOID (fine by me despite the trouble), while TF is looking for signs that some previously permitted service or app has gone rogue. Seems like the training mode of Comodo is just more permissive. I'll agree with you and keep both running.

For the longest time I just ran it without changing any settings or doing anything. Then I decided to try and figure out how it really works - I'm still very naive about some of it, but know enough, I hope, so that I haven't utterly defeated it's purpose.

Sometimes I'll run it in training mode because I'm doing something that results in lots of alerts but that I'm comfortable is safe - and then I forget to return the status to "Safe" (the setting I usually keep it on). So then I go into the settings and delete all of the entries (Defense > Advanced > Computer Security Policy) and start over, just to make sure something hasn't gotten by that shouldn't. PITA, yeah, but probably worth it.

I will tell my friends about this one.

I must say though, reading through the licensing agreement, it looks like you're not allowed to use this if you are on the no-fly list. B-)

You stay safe down there.

:toast:

I had a read through the EULA and it's pretty dammed comprehensive!

cheers mate

:toast:

That might help me be ready for April 01 if anything is really going to happen. I'm taking a sort of a wait-and-see approach. I have found that there are times when updates seem to do more harm than good. That is why I have them on 'notify' as opposed to 'automatic'. Good luck all.

On the rounds of various usenet groups and forums I regularly see people crying because something is broken after an auto update. At the same time it is easy to determine which are the biggest threats that really need to be patched. I hate it when you have your computer and applications all tuned to be working like a well oiled machine then something unexpected happens to throw a spanner in the works. It may seem like more work but it has done well for me to have all auto updates turned off and only go looking for them as I really need them.

Oh, and it's April 1 here and nothing has turned up in the news about Conficker yet.

to avoid the worm? Or is it smarter than I am? :) Thanks.

It gets its activation orders from the net, not from your machine's date stamp. If your antivirus programs are current and running, you should be OK, but you may want to read through some of the discussion for more info:
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x5365866
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=242&topic_id=24192&mesg_id=24192