I want to tell you about an experience I had today with some antimalware called ThreatFire.
ThreatFire is published by PC Tools. It’s distributed free on CNET Downloads (download.cnet.com) and on its own site (threatfire.com/download). Promoted as “zero day malware protection,” ThreatFire supposedly can detect malware without using signatures. Instead, it monitors behaviour, what PC Tools calls “Active Defence.” This would make it useful in protecting against new threats, even on their first day in the wild (hence “zero day.”)
The first threat ThreatFire detected after I installed it was itself.
At least, it probably detected itself. I really don’t know. The name of the process ThreatFire warned me about started with TF.
ThreatFire could have been warning me of malware whose name might make a ThreatFire user think the software was reporting itself. ThreatFire was no help with that.
Clicking a link that would tell me more about the reported process opened my browser on a page of Google® search results, which I was left to mine for useful information. There were enough hits on the Google® search page to tell me that others had seen the process before and wondered what it was. (No one mentioned ThreatFire having discovered it.) This assured me that this was not a zero-day event. But that was as useful as the information got. (Except for the site that told me the process was related to ThreatFire. Or maybe it was malware in disguise. Gee, wish I’d thought of that!)
The Help link opened ThreatFire’s online help page and forums, but there was nothing obvious in the FAQ or in the thread listings about ThreatFire reporting itself as a threat, which, in the lingo, would be a “false positive.”
I tried to start a new thread in the False Positives area of the forums, to post my observation, but once I registered on the site, I was told I needed to respond to an email authorization that would allow me to post. It’s been a few hours now. No such email has arrived. Other sites usually get this done within minutes.
I decided to uninstall ThreatFire (for now, I thought). Actually, that went well, with all directories, icons, registry entries, and application data being removed. I’ll give it credit: That was one of the cleanest uninstalls I’ve ever experienced.
As a final step, the uninstall process opened my browser to a page that asked if I wanted to buy the upgraded product, Spyware Doctor with AntiVirus. The page didn’t ask why I dumped the freebie, but instead tried to sell me a product based on something I’d was getting rid of.
That may be chutzpah or good sales practice, but first (maybe) it might be wise to find out why the customer is heading out the door before trying to up-sell. Not that PC Tools is a good listener.
I took the time to tell them of my experience (after finding the corporate contact page on their site). That got an immediate email reply telling me that since I’m not a paying customer, they can’t help me with my problem and that I should consult the FAQ and forums (which, remember, I’d already found either wanting or inaccessible).
Since the form I’d filled out had no field for a customer number (which the email asked for), nor did it say that it was for use only by paying customers, I found the reply—which may have been automated—somewhat absurd and a lot insulting. Even if a human had dealt with my message and written the reply, obviously my message had not been read. (I replied to the PC Tool’s email saying as much. No response so far.)
ThreatFire may be the best piece of free antimalware out there. I’ll never know, because it (and other PC Tools products) won’t be installed on my machine any time soon.
(And, please, if you know how to get their attention, tell ’em so, and give ’em a link to this posting. Thanks.)