Author Topic: Having a layered defence could save you !  (Read 17967 times)

0 Members and 1 Guest are viewing this topic.

Waldo

  • Guest
Having a layered defence could save you !
« on: August 10, 2003, 12:56:04 PM »
Offcourse AVAST4 detects a lot of worms & trojans, but recently (after my own experience and some others in the forum ) it is clear that it does fail to detect some also.

Offcoure a Antivirus solution is originaly ment to deal with virrusses.

But nowadays most Av's detect trojans also.

I found out (the hard way) that having a layered defence (Anti trojan monitor) running can indeed save your ass, if your main Antivirus doesn't pick it up.

I personally recommend:

Anti-trojan V5.5 build 421 that detects 10261 Trojans and worms

I have the full version for alomts 2 years now, and it never had to do anything till yesterday > but boy, I was glad I had it running !

It has a "trojan guard/monitor" feature that can run resident also. verry light on resources. That blocks a trojan running.

It unpacks many archives.

They also have a support forum.

Just check there web page out,

http://www.anti-trojan.net/en/Home.aspx
http://www.anti-trojan.net/en/features.aspx
http://www.anti-trojan.net/en/kbhlp.aspx
http://www.anti-trojan.net/en/hlp55710.aspx (Guard)
« Last Edit: August 11, 2003, 06:18:12 PM by Waldo »

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Having a layered defence could save you !
« Reply #1 on: August 10, 2003, 01:17:07 PM »
Just for curiosity. Which Trojan did AT block and where did it come from?

Some other good ATs:
Trojan-Hunter(with forum,too) http://www.misec.net/

or TDS:  http://tds.diamondcs.com.au/
« Last Edit: August 10, 2003, 01:19:24 PM by raman »
MfG Ralf

Waldo

  • Guest
Re:Having a layered defence could save you !
« Reply #2 on: August 10, 2003, 06:20:53 PM »
http://www.avast.com/forum/index.php?board=2;action=display;threadid=838

Virus came from the monster of all P2p's > Kazaa (lite)  :)

TDS 3 : is indeed  a verry good produkt > recommended as well. But not so easy to use as the rest. Although it can be used "out-of-the-box".

Trojan hunter : a newcommer, but with verry good results.

Waldo

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Having a layered defence could save you !
« Reply #3 on: August 10, 2003, 06:25:23 PM »
Persons who uses Kazaa, neds at least Brain Version 1.01, with this nice piece of "software"  you do not really need a AT-Software. ;)
« Last Edit: August 10, 2003, 06:25:38 PM by raman »
MfG Ralf

Waldo

  • Guest
Re:Having a layered defence could save you !
« Reply #4 on: August 10, 2003, 06:27:15 PM »
Persons who uses Kazaa, neds at least Brain Version 1.01,

Thanks for the hint > Can I download it from Kazaa ? lol  ;D

I know that P2p is getting dangerous, and to be honest useless also. As most of the files are already infected anyway.

Using Kazaa is like going with a prostitute and don't using a condom > it's suicide on long term.

But sometimes (if your verry lucky) you can find good things.

Waldo
« Last Edit: August 10, 2003, 06:32:26 PM by Waldo »

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Having a layered defence could save you !
« Reply #5 on: August 10, 2003, 06:33:07 PM »
Thanks for the hint > Can I download it from Kazaa ? lol  ;D
<g> BTW: it is very easy to handle files from kazaa, by not download Software from it!:)

They are often infected with Malware( Virus, Trojan, Dialer and so on) , so no AV-programm will be able to find all of them. Even not for  Kaspersky with its "extended" Database (for adware, Dialer and other things)
MfG Ralf

Waldo

  • Guest
Re:Having a layered defence could save you !
« Reply #6 on: August 10, 2003, 06:41:20 PM »
Thats correct Raman, best thing to keep safe from the "source of malware" (Kazaa, etc) is not using it.

Everybody that plays with fire, WILL soon or later burn there vingers. Its just a mather of time.

Waldo

mr. bill

  • Guest
Re:Having a layered defence could save you !
« Reply #7 on: August 12, 2003, 06:57:15 PM »
Is it a good idea to use  an Anti trojan monitor even if you do not use P2p?

Waldo

  • Guest
Re:Having a layered defence could save you !
« Reply #8 on: August 12, 2003, 10:01:40 PM »
Is it a good idea to use  an Anti trojan monitor even if you do not use P2p?

Well, the risk of getting infected is reduced offcourse. But not compleet gone.

A lot of worms & trojans are spreading on e-mail users also.

E-mail providers like outlook are vurnable to alot of exploits.

And most "online mail" >hotmail etc...are already scanned automaticly with antivirus software.  But this doesn't mean ALL the trojans are detected also.

So, the desiccion is yours. And a lot depend on your behavior.

Avast4 (and most recent scanners) detect alot of trojans, but sometimes they do slip trough the maze. And when this happens you will be glad if you have a "second defence".

The changes are small, this happens (if your a careful user) but never say never !!

It happened to me, and with a few other forum members also.

Waldo




« Last Edit: August 12, 2003, 11:18:47 PM by Waldo »

Amerk_5

  • Guest
Re:Having a layered defence could save you !
« Reply #9 on: August 13, 2003, 06:03:51 PM »
I was just researching Anti-Trojan 5.5 & I found this thread over at www.wilderssecurity.com.

Apparently it's no better than any other AV for catching trojans. Here's a quote from wizard, one of the mods.

Quote
Okay I made a quick investigation of AT-Watch with FileMon from Sysinternals. AT-Watch does not scan process memory. It just scans the files saved on disc and not in memory.

Therefore I consider AT to be useless like most antivirus software  against backdoor trojans because it has no unpacking engine and no memory scan. So how does it protect against packed/crypted trojans which are more than common these days?

AT is IMHO just an old fashioned anti trojan program where runtime packer were not used at all and the files remain "static"

Waldo

  • Guest
Re:Having a layered defence could save you !
« Reply #10 on: August 13, 2003, 11:49:52 PM »
Yes, i'm a regular visitor of the Wilders forum also, and yes, i have read this topic.

But this post from "wizard" goes about the unpacking capablities of the resident guard.

It's true that it only scans unpacked files and has no memory scan.

I never stated anywhere it does.

But it does block trojans & worms from running if there unpacked. (installed or executed).

On the other hand, the on-demand scanner does unpack and looks into archives.

Saying it's no good, is wrong. It saved me ! does this still makes the program useless? Don't think so.

Offcourse it would be better if the "guard" (on access) could scan unpacked files also, and maybe memory. But I don't think there are Anti-trojans programs around that can do this. (maybe TDS-3)

A trojan CAN'T run unpacked. So AT (guard) reacts "IN TIME" when you try to install the malware (as it's already or being unpacked then).

Waldo

Amerk_5

  • Guest
Re:Having a layered defence could save you !
« Reply #11 on: August 14, 2003, 02:58:11 AM »
I'm just reporting what I've found. I'm not a computer newbie by no means but I don't understand alot about trojans & viri. That's why I listen to other people & try to form my own opinion.

After reading your response I've decided to try AT. It is indeed very light on resources which is a very good thing as I'm always looking for software that's light on resurces. That's one of the main reasons why I switched my firewall from Sygate to Kerio.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re:Having a layered defence could save you !
« Reply #12 on: August 14, 2003, 05:19:51 AM »
Waldo, does Trojan Simulator can help in your tests?
If so, here is the link: http://www.misec.net/trojansimulator/
And a small Trojan list at http://www.dark-e.com/archive/trojans/index.shtml

Bye.
« Last Edit: August 14, 2003, 06:03:00 AM by technical »
The best things in life are free.

Waldo

  • Guest
Re:Having a layered defence could save you !
« Reply #13 on: August 14, 2003, 11:03:12 AM »
Waldo, does Trojan Simulator can help in your tests?
If so, here is the link: http://www.misec.net/trojansimulator/
And a small Trojan list at http://www.dark-e.com/archive/trojans/index.shtml

Bye.


"AT-watch" (guard function of Anti-trojan v5.5) immediatly reacts when running the trojan simulator.

And it gives the option to block it, ignore it, and gives the choise of starting a on- demand scan to delete the found "test-trojan".

Btw : about the simulator, i think i posted a thread about this a month or 2 ago in this forum  ;) thanks anyway for the help Technical !

 http://www.avast.com/forum/index.php?board=1;action=display;threadid=512

Waldo

« Last Edit: August 14, 2003, 11:08:28 AM by Waldo »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re:Having a layered defence could save you !
« Reply #14 on: August 15, 2003, 03:56:15 AM »
The ones who try TrojanCheck 5.0.4.1 (http://www.wilders.org/HTMLobj-925/install_trojancheck5041.exe) remember: there is a update bug in this version. The new (and by the author the last) TrojanCheck 6.0 is not so easy to download (broken links at the homepage). Beware of false positives too...  :-\
The best things in life are free.