ThreatFire提供针对恶意软件和零日攻击的防护
A necessary security practice is having Antivirus and other Malware protection utilities installed on your Windows computer, but they need constant updating to be effective against the newest threats. Today we take a look at ThreatFire from PCTools which runs along side your current Antivirus utility to add protection against Zero-day attacks.
一种必要的安全措施是在Windows计算机上安装防病毒和其他恶意软件防护实用程序,但是它们需要不断更新才能有效地防御最新威胁。 今天,我们来看看PCTools上的ThreatFire,它与您当前的防病毒实用程序一起运行,以增强针对零日攻击的保护。
About ThreatFire
关于ThreatFire
ThreatFire is unique in the way that it works. When you use your computer, programs run in the background telling your computer what to do. When ThreatFire detects malicious or suspicious activity, it immediately terminates the activity, isolates the offending program and notifies you with an alert. This is a completely free utility that will run alongside your existing Anti-Malware utilities without causing any conflicts and protects where traditional signature Antivirus applications don’t.
ThreatFire在其工作方式方面是独一无二的。 当您使用计算机时,程序在后台运行,告诉您计算机该怎么做。 当ThreatFire检测到恶意或可疑活动时,它将立即终止该活动,隔离有问题的程序并通过警报通知您。 这是一个完全免费的实用程序,它将与您现有的反恶意软件实用程序一起运行,而不会引起任何冲突,并保护了传统签名防病毒应用程序所没有的地方。
A “Zero-Day” attack is when unwanted malicious code exploits security holes in operating systems and/or other program applications. The security exploits are usually not known about by the vendor and haven’t been patched yet. The attack continues until a patch is created or until Antivirus signatures are updated so they can detect and eliminate the threat. ThreatFire employs ActiveDefense technology which uses behavior analysis that will protect your computer from threats before your Antivirus has updated the signature database.
“零日”攻击是指有害的恶意代码利用操作系统和/或其他程序应用程序中的安全漏洞。 供应商通常不了解安全漏洞,并且尚未对其进行修补。 攻击将持续进行,直到创建补丁或更新防病毒签名,以便它们可以检测并消除威胁为止。 ThreatFire采用ActiveDefense技术,该技术使用行为分析,可以在防病毒更新特征库之前保护计算机免受威胁。
Using ThreatFire
使用ThreatFire
The installation is straight forward and easy to do. It doesn’t conflict with any other antivirus or antimalware applications so there is no need to worry about disabling other protections.
安装简单明了,易于执行。 它与任何其他防病毒或反恶意软件应用程序都没有冲突,因此无需担心禁用其他保护。
After installation you will be protected against threats immediately. The first thing you will see is the World Wide Detection Map that shows some of the most recent threats ThreatFire has detected within the community.
安装后,将立即保护您免受威胁。 您将看到的第一件事是“全球检测地图”,其中显示了ThreatFire在社区内检测到的一些最新威胁。
When a threat is found you will get an alert screen where you will get additional information about the threat and decide what actions to take against it. Each type of threat is color coded for different types of threats. The Gray Alert is for potentially unwanted software.
当发现威胁时,您将获得一个警报屏幕,在该屏幕中,您将获得有关该威胁的其他信息,并决定针对该威胁采取何种措施。 每种类型的威胁都针对不同类型的威胁进行了颜色编码。 灰色警报用于潜在有害软件。
The Yellow Alert show potentially malicious software.
黄色警报显示潜在的恶意软件。
The Red Alert shows that a malicious application has been disabled and quarantined.
红色警报显示恶意应用程序已被禁用和隔离。
Another cool feature is finding out more about the threat. Your default web browser opens and goes to the ThreatExpert page which contains a lot more detailed information regarding the threat that was disabled.
另一个很酷的功能是找到有关威胁的更多信息。 您的默认Web浏览器将打开并进入ThreatExpert页面,其中包含有关已禁用威胁的更多详细信息。
It includes plenty of different settings you can configure to your liking like the sensitivity level, updates, default actions…etc.
它包括许多不同的设置,您可以根据自己的喜好进行配置,例如灵敏度级别,更新,默认操作等。
In Advanced Tools you can change Rule Settings and access a System Activity Monitor which is a handy utility to see what services and applications are running and get detailed information about them.
在“高级工具”中,您可以更改“规则设置”并访问“系统活动监视器”,它是一个方便的实用程序,可以查看正在运行的服务和应用程序并获取有关它们的详细信息。
You don’t need to run any scans for ThreatFire to do its job (monitoring in real-time for active threats) but it does come with a Rootkit Scanner. A rootkit may contain several pieces and the Rootkit Scanner dives deeper into your system seeking out any hidden files, registry keys or other objects that may be part of one. You can schedule rootkit scans to occur on a regular basis.
您无需对ThreatFire进行任何扫描即可完成其工作(实时监视活动威胁),但它确实带有Rootkit扫描程序。 一个rootkit可能包含多个部分,而Rootkit Scanner则更深入地研究您的系统,以查找任何隐藏文件,注册表项或其他可能属于其中的对象。 您可以计划定期进行rootkit扫描。
It is very light on system resources while running in the background.
在后台运行时,系统资源非常少。
Conclusion
结论
If you want to get extra protection for your PC you definitely want to try out ThreatFire. It runs virtually silently in the background until a threat is detected. We installed it on a fresh installation of Windows 7 and proceeded to attempt to infect the computer similarly to Asian Angel’s infected system in a previous article. We didn’t get very far because ThreatFire identified all of the malicious software before we were able to install it. Not everything came up as a Red Alert but it is nice to have ThreatFire identify Crapware like “my web search” and display a message so you can at least get more info on it before installing. This is a definite level of protection you should add to the Anti-Malware arsenal, and the coolest part is that it’s completely free for home users.
如果您想为您的PC获得额外的保护,那么您一定要尝试ThreatFire。 它几乎在后台静默运行,直到检测到威胁为止。 我们在全新安装的Windows 7上安装了该计算机,然后尝试像上一篇文章中感染Asian Angel的系统一样感染计算机。 我们并没有走太远,因为ThreatFire在我们能够安装之前就已经识别了所有恶意软件。 并非所有内容都以红色警报的形式出现,但是让ThreatFire识别“我的网络搜索”之类的Crapware并显示一条消息是一件好事,这样您至少可以在安装之前获取到更多信息。 您应该在反恶意软件库中添加一定级别的保护,而最酷的部分是家庭用户完全免费。