Your current antivirus program may offer plenty of protection, but new, unknown threats still could slip through. That's where PC Tools' ThreatFire comes in.
Now in version 3.5, PC Tools ThreatFire is a free utility that adds an extra layer of protection to the security software you already have. It blocks an impressive number of threats through behaviour-based analysis. As can sometimes happen with security tools, however, it caused some system lockups in our testing.
The new edition of PC Tools ThreatFire, released in May, adds an on-demand signature-based scanner, a mostly just-for-fun world map that shows detected threats, and a useful system-activity monitor that provides a good deal of information on the programs and services running on your PC.
To identify a malware threat based on a positive signature match - which is still the primary method that most antivirus programs use - a lab must first obtain a sample of the malware and create a full signature for it. It that window of time, before a signature is available, your machine could be infected with the virus. By contrast, proactive detection such as behavioural analysis can detect and block brand-new threats without signatures, thereby providing immediate protection. Most antivirus programs supplement signature scanners with some type of proactive detection, but not all are as effective as ThreatFire.
In independent tests conducted for PC Advisor by AV-Test.org, a German security-program testing operation, PC Tools ThreatFire's performance was outstanding. It correctly identified 18 of 20 new, relatively unknown malware samples by looking purely at factors such as where the program came from, what changes it made to files or the system Registry, and whether the program attempted to send information to the Internet. It successfully blocked 17 of those 18 (one sample stopped ThreatFire before the block could occur), and it successfully cleaned 16 of those blocked (it left part of one infection behind).
What's more, PC Tools ThreatFire didn't register any false alarms in AV-Test.org's run-throughs; this is a definite plus, since proactive, nonsignature protection is often prone to false alarms.
Version 3.5 adds PC Tools' signature-based scanner, formerly available only in the pay for Pro version. Since it isn't real-time protection, it won't scan every new saved file, so you will need to schedule it or activate the scan manually. The free version also requires that you keep its community features (which send anonymous detection info to PC Tools) enabled in order to continue receiving no-cost updates; doing so improves threat detection for all users, and there's no good reason to disable it. The Pro 3.5 version of PC Tools ThreatFire allows you to disable the feature, but unless you're running a business, you have no need to shell out for Pro. The free version of ThreatFire 3.5 is for home use.
The anonymous detection data also provides info for PC Tools ThreatFire's new Threat Detection display. Red dots on a global map show infection points for selected malware and adware threats.
Although the map is interesting, the new system-activity monitor is more useful. For the programs and services that are currently running, the monitor displays in-depth background info, such as the author, the command line, a list of open windows and modules, and other details for all processes. You can stop a process, or kick off a Google search for more information on it, with a right-click on the process name.
Other changes in PC Tools ThreatFire 3.5 include better default options for handling alerts. For one thing, you can now instruct the tool to automatically quarantine, allow, or prompt whenever it encounters a suspected threat or potentially unwanted program (known threats are always quarantined). This version of ThreatFire also has improved master boot record scanning.
NEXT PAGE: system overhead