Sorry for yet another question folks. *

I understand that once registered, execution protection is enabled which if I understand it correctly protects the user every time a program starts up. *But what about stuff running in existing processes or memory? *Does it cover that as well, or is there another feature that covers it? *I guess I want a package that will do a couple basic things for me:

1. *protect me in real time should I either inadvertently download a trojan, or should a trojan somehow previously missed 'decide' to activate itself in a manner other than via the execution of another program.

2. *allow me to scan on demand

It's quite obvious to me that TDS-3 does #2, I'm less clear on #1 and what tools TDS-3 offers to protect me in real time.

Thanks

Rick

Wow that is a good qustion i think you can set it up so its runing in the back ground but its not compatiable with fire wall it leas *last i rember it wasnt.

Im a newby to so your qustion brought up a good point any one here know where are those tds people today there usealy here alot lol.

{QUOTE-> But what about stuff running in existing processes or memory? *Does it cover that as well, or is there another feature that covers it? <-QUOTE}

When TDS starts you can set it to do a full memory scan. *That should catch anything running in existing processes.

Yes, but what about AFTER that? *If I don't reboot my system more than once or twice a week, does that mean in the interim I have no real time protection?

Hi,

If you have Execution Protection enabled (and TDS-3 is running), you have real time protection! Everything that wants to run, will be first checked by TDS-3. Execution Protection is an "hook", that will first "send" everything, that wants to run, to TDS-3 for a checking on Trojans.
(Note: in fact the Execution Protection is a .dll file).

With Execution Protection enabled (and TDS-3 running), TDS-3 is an on-access scanner (and can also be used as an on-demand scanner)

Without Execution Protection enabled, TDS-3 is an on-demand scanner.

If i remember well, execution protection can't be intalled in the evaluation version; never had that problem as i registered.
You can always perform extra scans and checks with the system running, either manually or set a task to do it at certain hours for you.
Once running, it keeps protecting and alarming on new things, and the exec.prot. does check all time possible nasty files and keeps them from running.
You could protect the registry extra with the RegProt tool (free) which protects against unauthorised writing in the registry by trojans and such.
Further i'm really happy with the combination with WormGuard, which protects against worms code in files and from web sites and a lot more.

You might have seen there is a new version in the build, which is no reason to possibly hold back this moment, as registered users are updated for free.

FanJ.....thanks for the info. *I guess my question is, does execution protection also handle if something is sitting in memory and launches from THERE as opposed to launching an executable file. *Am I still protected? *

Hi,

If you let TDS-3 start up (with Execution Protection enabled; and with Mutex Memory Scan and Memory Scan and Trace Scan enabled) together with system start-up, then your memory will be checked. So, if nothing malicious has been found with respect to Trojans, your memory is then "clean". And after that Execution Protection will take care of your protection with respect to Trojans (of course together with your firewall and AV).

{QUOTE-> TDS-3 start up (with Execution Protection enabled; and with Mutex Memory Scan and Memory Scan and Trace Scan enabled) together with system start-up, then your memory will be checked. <-QUOTE}
So, after the initial start up process memory scan, process memory is not monitored thereafter?

blacksheep.....that's exactly the question i've got, and the possible problem i have with TDS-3. *I reboot my pc infrequently. *My concern is that somehow a trojan finds its way onto my system AFTER initial scanning and worms its way into process memory, then launches from there. *It sounds to me like in that scenario TDS-3 will NOT protect me. *Now, how plausible that scenario is? *I don't know. *I don't know enough about TDS-3 specifically, or trojan technology in general, to know if a trojan COULD get into memory after startup scanning without being detected. *But I'm not comfortable with what seems to be the response that after startup, there's no memory scanning of any kind taking place.

Soul_Flame as fellow newby i would just tell you this from the buttom of my heart .

JUST BUY THE D.A.M.N THING LOL=)

if you actualy have the money to just buy it.

you already know how to set it up and run it now all those other extra features are just exotic extras lol.

tds finds all kinds of nastys and alparently new stuff that is submited to them by trojan makers and proffestional trojan makers.

they have acess to all kinds of stuff so they can protect you from it if some one lets it out into cyber space.

i tell you what why dont you gimme your money so i can buy a full registered copy for my self ill tell you how it all works out lol.

just gime your credit card number and id pin number and ill be enjoying a full registered copy of tds lol you wont mine if i buy a little something something extra i had my eye out on tds worm guard drewlllll.

lol=)

but seriousely i would buy it if i could afford it=( tears in blazes eyes it sucks being broke

Tell me MrBlaze, many people have to care and put priorities unfortunately.
That's why the ultimate is done to make the best known program available and as affordable as possible for those who can use it. Even so, DCS does not use fancy advertisement paid by the users, most is word of mouth by happy users, who can be really critical. That's why also the beta-testing process is rather heavy.
Can you tell me if you were able to include the little script i posted for the configuration help, as i would like to know if this is possible in the evaluation as well.
I'm sure with your sense of humor you will love to be able to use scripting this way and in more serious ways as well.
I don't think the new versions will be cheaper, so if you can write to their sales and start trying to put aside what's possible to maybe have it ready the moment before your trial stops.

I'm trying to think what would be ably to try to get into memory? are these executables? then they're stopped immediately from possibilities to execute. Nothing against to scan memory and process memory space
as they can't get active in between, and with the scan they would be found, and if trying to write in registry there are the alarms, and as that is an action it would be stopped... etc...
For sure Wayne and Gavin will be able to tell this in more technical terms.

I keep it simple for fellow newbys example ((BUY IT))=)

Would someone who is registered and is using XP be kind enough to tell me how much RAM is consumed by running execution protection? *As a trial user, I'm unable to do so.

Thanks

Rick

:Dwow way better qustions then when i asked lol.

will i have 64 ram and it seems to run it ok even with my zone alarm so im guessing not that bad but if you come to wilders alot and you become a security junky like me it might be a good ideal to get *more then 300 ram lol.

for *all the cool security software in the free tools section.

i ought to make a list of newby *best softwares thers alot of one click your protected software at wilders.

im guessing you got that new monster windows xp with 128 ram starting if so then all i can say is you can run nortion and tds and a fire wall all at the same time but thats about it i sugest a ram upgrade so you can do way more stuff.

i personaly hate windows xp i love the way it looks but its only eye candy to many security leaks.

about 9 security updates at microsoft update web site.

so i definitly go for more ram if you plan on relly secureing that computer blame bill gates he sucks :D

Blaze......yeah, I've got 256meg of PC800 RDRAM, so I'm not concerned at this point about resources.

Actually, I think I read on the website that execution protection isn't memory resident, but is provided as a 'hook' which activates when needed. *Not sure how that works. *What confuses me then is I read about stuff like port scanning in real time and some other things TDS-3 does in real time and I'm wondering "do I have to leave the full TDS-3 app running all the time to get those benefits"?

:Dblaze drewlsss you got more then enough ram who cares if you run it in the back grond all day you lucky bastard im jealious.

yup i belive you do have to run it so it protects your ports you mean web surfing right if so yes but the amount of ram you got its no big deal.

i belive tds protects you perty well from trojans sending back a message to the hacker would you like frys with that cook lol.

but is it compatiable with zone alarm is the real qustion.

if you can run tds and zone alarm with no conflicts or stupit zonew alarm alerts from tds being active then helll yeahhhhhhhhhhhhh buy it. :D

Hello all,

That is my understanding too, that execution protection is not memory resident, but a "hook" (dll?) that activates as needed.

I use XP Home and on my system with all options checked (except sockets) including execution protection, TDS-3.2.1 uses 5,868 K of ram. *To me, that is minimal for the protection it offers.

Regards,
Kent

Kent, thanks for contributing. *Can you, or any other tds user, answer the following questions?

* *In order to get execution protection from tds, do you have to keep the main tds engine running live? *

* *If so, does this provide any other benefit apart from execution protection? *

Thanks and regards

Rick

forgot to ask one other question....

* *if the tds main engine must stay active to obtain any real time benefit, can it at least be minimized to an icon in the systray and get it off the main part of the task bar?

Rick,

* *In order to get execution protection from tds, do you have to keep the main tds engine running live? * I am pretty sure you have to but maybe someone else can clarify.

* *If so, does this provide any other benefit apart from execution protection? * I will leave this for the experts also.

* *if the tds main engine must stay active to obtain any real time benefit, can it at least be minimized to an icon in the systray and get it off the main part of the task bar? *Yes, you can minimize to either systray or taskbar, your choice.

Hope this helps a little,
Kent

{QUOTE-> Rick,

* *In order to get execution protection from tds, do you have to keep the main tds engine running live? * I am pretty sure you have to but maybe someone else can clarify. <-QUOTE}
right

{QUOTE->
* *If so, does this provide any other benefit apart from execution protection? * I will leave this for the experts also. <-QUOTE}
yes, but it all depends on what you want to do with TDS-3.

{QUOTE->
* *if the tds main engine must stay active to obtain any real time benefit, can it at least be minimized to an icon in the systray and get it off the main part of the task bar? *Yes, youcan minimize to either systray or taskbar, your choice. <-QUOTE}
right

In order to have Execution Protection, TDS must be running. *If the program is not active, the Execution Protection is gone. *I use a number of other features in the program (TCP listening, bridging, memory process checks, etc) so it provides other benefits at times.

The icon can be minimized to the system tray, taskbar or to movable "mini control window' on the desktop.

Ok, I think we're getting close to the info I'm after. *

Mem.....you said you use it for process memory checks. *My understanding was TDS-3 would only scan memory on demand. *Is there a way keeping TDS-3 active to also scan memory in addition to execution protection? * *Early on this thread I said I was concerned that something could launch from memory and possibly not be detected by execution protection since an executable was not involved per se, and that the only memory scanning was done on demand. *Is this not the case? *I'd be very pleased to see that TDS-3 can be structured to enable real time memory protection.

With all this, don't forget the coming v4 with new features, of which might be more in this direction too. We don't know yet what to expect.
There are some elements of WormGuard technology included in TDS-3 (no doubles with WG itself) for even more protection. I have them both running --WG is completely in the background unnoticable and not consuming resources, btw-- and ZAPro with that is still no problem, beside several other programs and functions.
I use TDS as a basic to look on the system and close unwanted connections (netstat) and a lot more.

Soul_Flame, I am not quite convinced that I understand what your concerns are but I will have a try anyway.

As a previous responder indicated, TDS3 can be set to scan various memory objects on launching. Hence you will have a known clean indication at this point and if Exec. Prot is enabled than you don't need to be concerned with something launching from memory later on as it would need to bypass the Exec Prot to get into memory in the first place.

Does this answer your concerns?

TDS is told to be very populair with people to protect them for their own kind to put it this way.

Hi Dan, thanks for posting on this thread. *

Let me put my remaining concern this way. *Is it possible
for something to, as you put it, "bypass the Exec Prot to get into memory in the first place."? *If this is categorically impossible, then I can rest assured that execution protection is sufficient when combined with memory startup scans. *

My concern is that something COULD get into memory after that initial scan, and then launch from there, thus bypassing execution protection. * *When I read Mem's post, it sounded like some time of ongoing memory scans is happening with his configuration. *

But anyway, I guess I'm looking for one of two things:

1. *either it's absolutely impossible for something to get into memory after the initial scan, and with TDS-3 still active, or

2. *there are real time options that will catch something executing from memory, and not from an executable file.

Either 1 or 2 will make me a happy camper. *I hope that makes sense. *Let me know if it doesn't, I'm still struggling to learn more about this technology.

Regards

Rick

Well, there are no absolutes but...

I believe your second option is about right. Unfortunately I am not too conversant with programming so Wayne or Gavin can offer a more decisive answer to the question but I believe that if something goes into memory in the form of "data" and that something refers to that "data" to launch it as "code" then it would have to do it via the Exec Prot hook which is written to prevent this sort of thing.

Dan

Rick,

As stated by Dan:
"Well, there are no absolutes but... I believe that if something goes into memory in the form of "data" and that something refers to that "data" to launch it as "code" then it would have to do it via the Exec Prot hook which is written to prevent this sort of thing."

It is my understanding that the different memory scans on startup gives you a "clean" system and by execution protection your system is monitored and therefore kept "clean". *For something to enter your memory it must be executed thusly going thru the "hook".

You ask:
"But anyway, I guess I'm looking for one of two things:

1. *either it's absolutely impossible for something to get into memory after the initial scan, and with TDS-3 still active, or

2. *there are real time options that will catch something executing from memory, and not from an executable file.

Either 1 or 2 will make me a happy camper. *I hope that makes sense. *Let me know if it doesn't, I'm still struggling to learn more about this technology."

As nothing is impossible, I beleive # 1 is accurate, and TDS affords you more protection than any other AT on the market *TDS makes things as nearly "absolutely impossible" as they come.

If I am wrong in any of my statements, I am sure I will be corrected, and I welcome it.

ALL things considered, you will not find a better AT than TDS-3.2.1 and when V$ is released it will be even better!!!

Regards,
Kent

Wayne responded to an email I'd sent him, and addressed this question directly. *Based on his response I"m satisfied that TDS will provide sufficient real time protection. *Moreover, I'm quite eager to see what features will be included in the new upgrade.

I will be purchasing a license for this fine product within a day or two. *Thank you to all who took the time to contribute information on this and other threads. *It's much appreciated.

Rick

We all are looking forward to v4 which must be astonishing and is still kept secret even for us! If it is now already the best, what will be the v4 even better?
Great that Wayne answered your technical questions satisfying.

Rick,

Glad to hear of your decision. *Wayne answering your e-mail personally is just one example of the great service that DiamondCS provides to their TDS users. *And as Jooske said TDS-3.2.1 is already the best, just wait for all the improvements and add-ons in v4 (which is a free upgrade to all registered users). *Plus as a registered user, you will have access to the private forum, a great service where many experts (and newbies) can answer any and all of your questions.

Again, I say welcome!!!

Regards,
Kent

puff...thanks for the welcome. *And reading your signature, I can't help but noticing I don't think you have enough security software loaded on your machine. *Wow, I don't even know what half of that stuff is. *I'm gonna get an education just researching the stuff you run, lol.

Anyway, i look forward to using this fine product and interacting with you folks on the private forum. *

Rick

Soul flame you got money=) if so buy it i know your doing shoping but to be honest no other trojan detector offers so much how ever if you just one a quick fix.

click your done just get the *trojan remover called the cleaner lol.

or go look at another trojan detector read the list of features and compare it to tds list of features after that only coment i have is

are there any more quistions i rest my case.

Looking forward to welcome all the new faces there too!