ThreatFire questions

I heard there are issues with ThreateFire and Firefox addons. I also recently opened SUPERANTISPYWARE and it detected it as a high risk so I allowed it, so I changed the ThreatFire detection settings to 1 (Low: Only detect known threats). Does this mean it won't detect my programs as threats and will it cause problems with Firefox addons anymore? It shouldn't because it says it will only detect "KNOWN" threats, am I right?

 

Yes there can be a conflict between Firefox and ThreatFire. I was wondering why I couldn't add any extensions when I Googled and found that you should disable it when installing extensions and then re-enable it again. I haven't tried adjusting the security settings in ThreatFire, so I'm unsure if it will solve your issue.

 

Do me a favor, try making the security level to 1 and install an extension. If it works perfectly then we just figured out something much easier then disabling it. Tell me how it goes.

 

It works when you set ThreatFire to "1" but then it only detects known threats, kind of defeating ThreatFire's purpose-to be able to use behavioral techniques to block unknown threats. You could try to create a rule in the "rule wizard" (advanced tools on the left, Custom Rule Settings button) to see if that will solve it while letting you remain safe.

 

An unknown threat is a threat that ThreatFire does not know about so the most threats are known right?

 

Most threats are known indeed but (most) unknown threats are detected and blocked through behavioural analysis, which only works from protection level 2.
Like mentioned before, it's little use having TF working at level 1 only to avoid certain installing/incompatability issues.

Only in the next release of TF, some of the issues with Firefox extensions will be solved, like syncing bookmarks with Foxmarks for instance.

 

I don't understand what your saying because threats are usually known. Let's say I download a file and in it is a known threat will ThreatFire delete it? Explain in more detail. If it does then how is that little use? Is level 1 better then not having the program at all and why?

 

TF is especially usefull against zero-day attacks, that means malware that has not been analyzed yet.
Normally an antivirus company will analyze new viri/malware, write a signature about the virus/malware and when you update your AV program you get the new signature, so the AV program can recognize the malware (signature based detection).
TF can detect new, unknown, threats/malware, through behavioural analysis.
It 'scans' what a program/malware will do (like editing the registry or startup program list) and if it detects 'bad' behaviour it will block the program.

Of course it's still usefull to have TF protecting you from known threats (at level 1) but the strenght of ThreatFire lies in it's behavioural blocking (from level 2 and up).
I just think it's a bit of a waste to not use the full potential of this program, that's all.
Cheers.