I have been a long time user of BoClean and have recently been reading a lot about TDS-3. I read so many good things about it, I purchased it last night. My question is: Is there ANY reason or advantage to run both TDS-3 and BoClean? I am not running TDS-3 all the time, just as an on-demand scanner. BoClean runs all the time as it uses much fewer resources. I guess my question is should I just ditch one or the other? Seems like it might be overkill.

My Security Software:

BoClean (resident)
TDS-3

AdAware Professional
AdWatch (resident)

PGP 8 (resident)
McAfee Virus (resident)
Anonymizer Total Net Shield (resident)
ZoneALarm Pro (resident)
Spybot Search & Destroy
HiJack This!
Evidence Eliminator (great program no matter what you think of their ad campaign)


Bases covered?

hi
one thing that you benefit from having boclean on is the real time memory scanning of it.. a feature which tds doesn't have. sure it scans memory mutexes when executed, but bocleans memory scanning is constant.
and your boclean benefits from tds, because it doesn't have a filescanner..

so basically this is a nice setup, although a bit overkill IMO..

it is possible to get a trojan past a filescanner(which tds's execution protection basically is), but when it's executed, the memory scanning of boclean will nail it(if it's a known trojan)..

wait till you see the next versions of both tds and boclean, when they're out there will be no need to use both.. then tds will have better resident protection ( not bad now..) and boclean will have a filescanner...

in addition to your at proggies your mcafee virus scan is one of the best av's in trojan detection( top3 IMO). your trojan protection is awesome... while no software is 100% protection/ or fool proof it would take a hacker considerable amount of work to get a trojan past your pc walls...

if i were to add something to your setup, it would be javacools spyware blaster.. that would compliment the adwatch component of your adaware..
spywareblaster is an utility that sets kill bits for known spyware in your registry, preventing spyware from ever installing.. http://www.javacoolsoftware.com/spywareblaster.htm

Is that feature of SpywareBlaster you mentioned similar to the immunize function of Spybot Search and Destroy? I already have that.

-{ Quote: " quoting: Kegel link=board=5;threadid=15572;start=0#msg97022 date=1067459416]
Is that feature of SpywareBlaster you mentioned similar to the immunize function of Spybot Search and Destroy? I already have that.
" }-

Hi Kegel,

Yes. It is similar, but SpywareBlaster´s database is a lot bigger.

Regards,

Pieter

here you can see what spybot's author PepiMK thinks of spywareblaster...from the immunize page of spybot s&d
edit: see where the line makes a strange curve? my cat wanted to sit on the laptop i'm using....

-{ Quote: " quoting: Kegel link=board=5;threaded=15572;start=0#msg97022 date=1067459416]
Is that feature of Spyware Blaster you mentioned similar to the immunize function of Spybot Search and Destroy? I already have that.
" }-
Yes I agree with Pieter Arnts in having Spyware Blaster in addition to Spybot. I also have Spyware Guard which guards and protects your browser and settings. The three together; Spybot, Spyware Guard and Spyware Blaster, I call the Three Musketeers of Spyware Prevention and Elimination.

I'd say that if you were only going to keep one anti-trojan product, it should be BOClean, hands down. I'll tell you why: If you should ever fall victim to one of the many buffer overrun vulnerabilities that occur in Windows and the applications that run on it, TDS will not help you until it's probably too late. Buffer overrun vulnerabilities let code execute without it ever being accessible to file scanners.

-{ Quote: " quoting: nameless link=board=5;threadid=15572;start=0#msg104549 date=1069900812]
I'd say that if you were only going to keep one anti-trojan product, it should be BOClean, hands down. I'll tell you why: If you should ever fall victim to one of the many buffer overrun vulnerabilities that occur in Windows and the applications that run on it, TDS will not help you until it's probably too late. Buffer overrun vulnerabilities let code execute without it ever being accessible to file scanners.
" }-
Yes I am leaning toward getting BOClean 4xx and the hell with 5.0. Also will probably get IEClean. After reading all the replies on GRC.

Nameless, will BOClean prevent buffer overruns?
Thought that was a part of windows protection updates to avoid that as much as possible and ALL software has to deal with it?

If they would be part of trojans, it's the TDS exec protection stopping any trojan before it can even execute, in the current TDS-3 already.

I think you come to other conclusions when you see the TDS-4 Active Guard and the other TDS-4 elements.
The largest trojan databases already and other nasties detection.

A buffer overrun/underrun will not usually insert a complete program. If an exploit like this is found, what usually happens is they get their overrun code to download/run another program which in turn does what they need.

In this likely case, TDS's execution protection will scan the file the overrun tries to run/download and hence no infection will occur. TDS also has an "on demand" memory scan (roughly the same thing BOCLEAN does) just it isn't running all the time, only when you scan.

TDS's execution protection (which is automatic) also SCANS files before they are executed which means if TDS detects it is malicious it won't run the file, whereas with BOCLEAN the malicious code is actually running before it kills it.

By the way there havn't been any successful "anti buffer overrun" programs, that is programs which protect from buffer overruns. So all anti-trojan/anti-virus software are susceptible to these style of attacks. These attacks however can only exist in software which has flaws in it. No DiamondCS software has had a buffer overrun/underrun vulnerability ever.

When a buffer overrun exists in a popular program like Outlook, IE, or Windows, that just means there is a possibility that a malicious program/user could inject code into that particular process and get it to run. So everyone who runs software that has buffer overrun vulnerabilities in it, is susceptible to these attacks. The only solution thus far is to not run software which has these vulnerabilities and make sure to update your operating system if one is found in it. TDS, BOCLEAN or any other anti trojan program isn't going to protect you any more or less in regards to buffer overruns.

-Jason-

-{ Quote: " quoting: Jooske link=board=5;threadid=15572;start=0#msg104603 date=1069921942]
Nameless, will BOClean prevent buffer overruns?
Thought that was a part of windows protection updates to avoid that as much as possible and ALL software has to deal with it?" }-

Of course BOClean can't prevent buffer overruns. The problem isn't restricted to Windows itself; it can happen (and has happened) with third-party applications as well. And some Windows and Insecure Explorer holes (http://www.internetnews.com/dev-news/article.php/3114171) remain unpatched. Even when they are patched, the problem is often only partially solved (because Microsoft doesn't appear to care). Patching is not a panacea; I think we all know that.

-{ Quote: " quoting: Jooske link=board=5;threadid=15572;start=0#msg104603 date=1069921942]
If they would be part of trojans, it's the TDS exec protection stopping any trojan before it can even execute, in the current TDS-3 already." }-

Not if they aren't saved and run on disk.

-{ Quote: " quoting: Jooske link=board=5;threadid=15572;start=0#msg104603 date=1069921942]
I think you come to other conclusions when you see the TDS-4 Active Guard and the other TDS-4 elements.
The largest trojan databases already and other nasties detection." }-

Where can I download TDS-4? Oh that's right, I can't.

-{ Quote: " quoting: Jason / DiamondCS link=board=5;threadid=15572;start=0#msg104604 date=1069922073]
By the way there havn't been any successful "anti buffer overrun" programs, that is programs which protect from buffer overruns. So all anti-trojan/anti-virus software are susceptible to these style of attacks. These attacks however can only exist in software which has flaws in it. No DiamondCS software has had a buffer overrun/underrun vulnerability ever.

When a buffer overrun exists in a popular program like Outlook, IE, or Windows, that just means there is a possibility that a malicious program/user could inject code into that particular process and get it to run. So everyone who runs software that has buffer overrun vulnerabilities in it, is susceptible to these attacks. The only solution thus far is to not run software which has these vulnerabilities and make sure to update your operating system if one is found in it. TDS, BOCLEAN or any other anti trojan program isn't going to protect you any more or less in regards to buffer overruns." }-

If malicious code is injected into process memory, why wouldn't a utility that could scan the memory of that process be able to catch it, assuming the malcode was known? Unless the Kaspersky and PSC folks are lying, or I misunderstood, this is what the "Scan memory" setting in KAV is for, and what BOClean is all about.

TDS4 is the single biggest anti-trojan project ever undertaken, even other anti-trojan developers wouldn't dispute that, and it's the culmination of over half a decade of anti-trojan research/development by no less than 4 people (myself, Jason, Gavin, Rod), as well as countless contributors. It can't be produced overnight, and to make it as strong as we planned we've had to do a lot of unique research and development in areas that most coders rarely dabble - there's no documentation for any of this so we're very much programming in the dark to make these things possible. To see some of the work that is a direct result of TDS4 research/development feel free to take a look at these programs:
http://www.diamondcs.com.au/portexplorer/
http://www.diamondcs.com.au/openports/
http://www.diamondcs.com.au/processguard/
http://www.diamondcs.com.au/index.php?page=apt
http://www.diamondcs.com.au/index.php?page=dellater
http://www.diamondcs.com.au/index.php?page=apm
http://www.diamondcs.com.au/index.php?page=asviewer

-{ Quote: "Where can I download TDS-4? Oh that's right, I can't." }-
No, but you can download TDS3 as well as all of the above utilities, each of which has 'donated' technology to TDS4. Then consider how many programs and unique technologies other anti-trojan companies have released over the last couple of years, and I think you'll be able to understand why it takes so long to develop a program like TDS4 (which will actually be three programs).

-{ Quote: "Unless the Kaspersky and PSC folks are lying, or I misunderstood" }-
It seems you've misunderstood, as the good folks at Kaspersky and PSC wouldn't lie about such a thing. There is a big difference between memory scanning and buffer overflow detection/protection, which is where you seem to be getting confused about this. TDS3 has memory scanning capabilities, more than any other anti-trojan (including process memory, resident mutexes, window/memory objects, etc etc), but these are currently on-demand features. TDS4's Guard will use these capabilities proactively.

Hope that makes sense. If you're still not sure, I know Kevin from NSClean would happily clarify BOClean's memory scanning for you or any other questions you have about his program, but, this is the TDS forum, not the BOClean forum, thanks.

Best regards,
Wayne

PS. IF a program ever did have such buffer protection capabilities, you can be assured it would be driver-based, which very few programs are :)

It would take a 3.0GHz machine roughly 30 seconds to scan all the virtual memory on a machine with around 50 processes and compare it to something else while it is doing this. And then you have to decide what is an overrun and what is normal "writing" behaviour. So unless you have some actual "proof of concept" that I have not heard of, it isn't feasible to detect these exploits currently.

Luckily though there is a fix in sight. Microsoft in its upcoming Service Pack 2, along with new CPU's from AMD and INTEL will be able to stop the majority of buffer overruns from occuring.

On an x86 CPU currently there is no difference between memory which is marked as READ or EXECUTE. Any memory marked as read can be executed, and vice versa. This is why these exploits exist. Memory which is MARKED as read and write only (not execute) is overwritten by an exploit in buggy code, then because this code is marked as READ (and hence on our CPU's it can also be executed without causing a problem) the CPU then executes this foreign code.

Windows XP SP2 and a new cpu will stop 99.9% of buffer overflows and exploits from occuring, so it may be a worthy addition finally. :) . Basically the only way you could get a buffer overflow to occur in this situation would be to have memory marked as execute on purpose. Since nearly all the arrays, strings, etc, you use as a programmer are only marked as READ and WRITE, not EXECUTE then this will fix nearly every program, even poorly coded ones from being exploited. They won't need to be recoded either, they will be fixed by default. Microsoft are putting more buffer overrun protection into their compilers to warn programmers when they occur, so these two things combined will only enhance the security of software in the future.

I hope this has been worthy to your knowledge nameless. :)


By the way, there is a difference between injecting by buffer overrun, injecting a DLL, and writing to the process memory of process through an API call. They each have the same goal, to modify the target process, but each is different, with some not to hard too detect and others impossible.


-Jason-

Everyone missed the most important point ;D

If you install Process Guard on a known clean system and configure it correctly, you get rid of the biggest danger - NT rootkits and forced code injection. NT hiding is the buzz in trojan writing circles and there are lots of "rootkits" both released and on the way. We thought it responsible to give the user a real solution.

Lets put it this way. Process Guard removes the powers of rootkit trojans and DLL injectors at the source. Beast was one of the well known popular ones ? cant even run it on a protected system.

But what about the beta of trojans like "Sinique" Those beta testing these tools are using them on someone arent they ? totally undetected. Once something is properly hidden by these trojans you wont find them for years.

Power to the user, Process Guard is the single most important Win2K/XP/2003 security tool for the average user - dont forget installs then works silently using basically NO resources. Measuring resource usage is hard too :)

Thanks. By the way, I'm your customer, not your enemy. I bought licenses for WormGuard and TDS-3 eons ago.

As noted :)
An enemy never would have got so much thorough information i guess, imagine how much time the DCS team has given to explain it for all of us. All education we pick up in our life experience for our computers.
Another reason why we all love DCs so much, with the products, support, education, family, forums, security, and fun!

nameless,
-{ Quote: "I bought licenses for WormGuard and TDS-3 eons ago. " }-
And we look forward to offering you free upgrades to both TDS4 and Wormguard4 :). Anyway I hope you have a clearer understanding of buffer exploits and memory scanning, if you still have any questions don't hesitate to ask.

Cheers,
Wayne

-{ Quote: " quoting: Gavin / DiamondCS link=board=5;threadid=15572;start=0#msg104642 date=1069941476]
Everyone missed the most important point ;D

If you install Process Guard on a known clean system and configure it correctly, you get rid of the biggest danger - NT rootkits and forced code injection. NT hiding is the buzz in trojan writing circles and there are lots of "rootkits" both released and on the way. We thought it responsible to give the user a real solution.
" }-
Well, I haven't decided between BOClean and TDS yet. The trial run I gave TDS was certainly good. And if I understand right TDS-4 will have memory resident detection that can be turned on?
I plan on installing process guard soon and trialing WormGuard, I already downloaded it. In the meantime I have System safety monitor which has saved my bacon a number of times.

TDS-4 Active Guard you mean yes, which includes also the current exec protection besides that, so malicious code if it were there anyhow can't execute at all.
In TDS-3 at the moment we have the memory scans etc. with a press of the button or maybe somebody created a script with a timer to do it automatically more frequent.

Expecting to be able to try the AG out soon now.
Happy trialing the wonderful tools. It's a great combination!

Hello all.... I just purchased the "Action Pack" as well as Proccess Guard from DiamondCs yesterday. I guess I have to wait until Monday to have my order proccessed? Anyway.. I just wanted to know if when TDS-4 is finished, will it have a "Resident" and "On Demand" scanner? I know you all explain this to members of the forums a million times but I guess after reading so many threads I am still a little confused ::)..Sorry! And in regards to this thread... I have ZAP, NOD32, Adware 6, XCleaner, and soon ;D TDS 3, Worm Guard3, and the other cool programs included with the "action Pack" , and Proccess guard. I thought I would be Ok..with those programs.. but the Member who started this thread seems to have 3X the protection? ???

::) ::) oh.. and I forgot to mention I use Firebird and Thunderbird instead of IE and Outlook.... ;D.

Hi ArchAngel_B,
at the moment the resident part in TDS is the exec protection, scanning each executible before it is allowed to run and the various on demand scanners.
We don't know the design of the various TDS-4 components, but there will be an Active Guard as a resident scanner/protection, the Ppro and another Scanner. With those three you are complete in detection and protection for that part, in trojans, keyloggers, etc etc, WormGuard for the worms, scripts, PE for all connections, put with it the Process Guard you already did for protecting all programs on your system, and don't forget the CryptoSuite to protect the data and communicate in the safest way on internet.

Hi Jooske... Thanks for the info... I am really new to AT, AW, and programs like proccess guard. I only recentally got rid of a combined security solution (Norton Internet Security 2004) and have been setting up the "layered" security with dedicated programs for FW, AV, AT, ect. I am just amazed by how many people seem to run multiple prorams as back-up ... I have seen threads where people have three or more adware/spyware programs , two AV's...ect ::) I was just wondering if one of each is sufficient? ;) Anyway Happy New Year to You and the other Members! ;D

Yeah, and a happy new your to you too!

Each scanner has their own databases and ways of detection, so people probably want to make sure if the one misses something there is still another change of a nastie to be caught, as long as the scanners are not keeping themselves busy scanning each other's databases.
You might like to have a look at JavaCool's tools as well for browser protection and more.
The good part of this forum is free tools are recommended where possible and where necessary shareware, but in all cases you know the programs are worth their money and really useful as well you are very close to support for them.
Somehow many computers these days turn into systems with a growing amount of security programs as the current time urges us to install.
And besides the installed scanners people go for online scans as second opinions etc.
You don't have to run all scans each day again: some good resident protection and the one tiime using the one program and the other time another for your scans, about once a week a TDS full system Scan and if nothing strange happens you should be ok.
You uninstalled the Norton 2004 total solution? Didn't you like it and feel better with the new programs?

Hey Jooske...

Actually, Until recentally, I was unaware of the different types of protection avaliable. I only discovered AT's and such programs while reaserching security solutions. My computer came with Norton installed and the "main Stream" media lead me to believe that was all the protection I needed. But to answer your question... No I was displeased with Norton. I had several virus and trojan infections and NIS2004 could detect the infection but not clean it. Also I can understand the concept of seperate companies "specilizing" in certain fields such as AV, AT, adware/spyware, ect. I just like to keep things "simple" ..LOL ;D Its funny?scary how many people have never even heard of AT software... And I never hear/read about it iin the main stream internet sites... Its kinda cool having people to talk to at this hour..LOL 8)

will so what if it over kill blaze show no mercy to big nastys

TDS 3 totaly configured for war add that with boclean and soon ill be buying process guard when i get the chance mawhaaaaa :D


why be all nice to trojans why snipe them off cleanly when i can nuke them with a nukeler warhead and make sure nothing survives in the knowen area lol


lets see with dimond registry protection 2,0 a deck out tds 3 and boclean and hta stop and a few freebies from dimond cs norton system works a firewall and a modified firewall with a decked out internet explorer settings

i spank them mawhaaaaa mawha

these are only the frostying on my pc he he he

once i add process guard lol ill be looking like just bring it lol

i also got worm and port

soon i shall see all know all and auto kill everything that walks and crawels on this pc with out my permistion

hm maybe i have to much time on my hands lol

Blaze, you will be all in the clouds with the coming TDS-4 families and i like to read -once it's there for public- your experiences with the TDS-4 Active Guard. Think it is designed to do exactly what you wanted so much all that time and asked for.
We didn't see you in the CcryptoSuite chat yet! How is THAT possible? (which is but one part of that new and very nice program)

IM WAIT TILL JASON DEVELOPES CRYPTO SUIT MORE I ALREADY INSTALLED IT ONCE IT WAS ACTUALY PERTY COOL INTERFACE AND CLEAN


AH hh darn caps

anyways it looks very promising hey can the chat fuction work with other instant messengers

Blaze, we are already so very happy and proud to have our own individual encrypted chat, no other obscure unknown far away servers or uninvited intruders, just our own private place on that whole big internet!

Just a few days ago Jason / DCS released a new CS version, and you know you can update it easily.

so in a sense its kinda beta cause jason has been updating it with more cool stuff and tweaks

im waiting for the encrpt full cd thing that would be cool lol

with crypto strong encryption it be awsome to burn a full coated encrypted cd with password protection lolim put some money in an acount soon so i can buy processs guard

unfortinitly the credit card in dads name im have to have galvin or some one send me a key with my name instead of my dads name

i hate doing that but wayne and galvin always helpme out with the changes

There's not any reason to wait, just start enjoying it.
Think the way is to make the purchase and copy the numbers or data, whatever you are typing there and email all tha immediately after to sales@diamondcs.com.au pr support@diamondcs.com.au so they know it's you and what is wanted.
You know you can have the new update as soon as available each time, not any reason to wait, as Jason builds each time new items in it.
It's most certainly no beta at all, it is just that we happy users love so much to have more items included, why do you think it's not just a crypto-tool but a whole SUITE? more to come in future.

All programs will get their new items and upgrades, so in the meantime enjoy using what there is!
We're in the cryptochat right this moment.

well, I'm certainly going to have to check out crypto Suite. Still on a holding pattern re: TDS 4 vs BOClean. Will order Process Guard soon though. question: Worm Guard will still be separate Program or will it be incorporated with TDS4?

WG-4 will be a separate program as it is now too.
At the moment TDS-3 has some WG elements included but WG is more specialized in it's own field and working in very different ways.
TDS-4 Active Guard will do what you're looking for, working besides TDS-4 Pro.