Recently, in a thread titled "TDS-4 ?" I read a quote that said the following:

"1 1/2 years later... after Wayne said TDS-4 was coming soon, there is still no TDS-4 yet.

I am sure glad I ended up purchasing BOClean instead. They are at least upfront and honest on things. TDS are great at marketing and leading people on though, ill give em that."

I read every posting in that thread including Wayne - DiamondCS's reply. I must say that I've defended DiamondCS before and I will do it again. I think that DiamondCS is upfront and I'd like to think that they don't lead anyone on, falsely. However, this has raised some questions.

DiamondCS representatives suggest that people purchase TDS-3 with the understanding that when TDS-4 is released they will get a free upgrade. However now I'm reading about TDS-4 Pro, Guard, and Scanner. My question is will the registered owners of TDS-3 be upgraded to TDS-4 Pro that includes Guard and Scanner or are we going to have to purchases Guard and Scanner which DiamondCS considers to be "Seperate, New Products?" If the latter is true than I would say that the individual that posted the accusation may not be as far off as others and myself suggests.

My other question is regarding a different thread where I read that WG4 would be the 1st release of the new family. After reading the "TDS-4 ?" thread it seems that this is not true. What is the plan?

Speaking of plans, I think that DiamondCS is doing the right thing in taking their time to make reliable, powerful products rather than hurry to meet some predetermined deadline. Microsoft are you listening??? Anyway, I see no harm in keeping your loyal customers informed about the expected release dates of your new products. If your logic is that you don't want to let them down by having to delay it, I think that giving them a date then changing that date is better than keeping them in the dark. Furthermore, I would caution you on two things: taking your time releasing new software and focusing your attention on the competition that you know. When you're number 1 you have a tendency to focus on number 2. You may be knocked off by someone you wouldn't expect. With regard to taking your time I know that I said it's important to do it right, but there is a thing called first mover advantage and it's a powerful thing.

I am eager to hear everyone's feedback to my comments and questions. Thanks.

Hi there dallen,
Thanks for your feedback.

TDS3 has been available for quite a while now but it still has a primary detection list larger than that of any other anti-trojan program and it's still the only anti-trojan database that is released on a daily basis Mon-Fri - there's not a single trojan out there that TDS3 hasn't been able to handle, so although TDS4 will be great when it's available, it's not actually a necessity in that regard as TDS3 already fulfills all anti-trojan needs, but rest assured we're doing everything we can to make it available as soon as we can - that's in everyones best interests.

However, the delayed release of TDS4 is due to one important factor: advanced research. If you take a few moments to look at our Port Explorer, OpenPorts, and Process Guard programs, you'll see that while other anti-trojan companies haven't really released any programs other than updates to their scanner, we've been doing leading-edge research in the fields of port-to-process mapping and process protection, two very important anti-trojan 'subfields', but we're the only anti-trojan team/company that are actually tackling these issues. Another area is emulation - TDS4 will be the first and only anti-trojan system with emulation capabilities (allowing it to safely unpack and scan inside compressed executables), but this isnt an area anyone else seems to be researching either.

This is why other anti-trojan programs have been able to advance more quickly - they're not researching any other fields. TDS4 on the other hand will take a lot longer to develop than any other anti-trojan program because it's so much more advanced, but the end result will be worth it, I promise you that.

This research is critical to TDS4 and arms TDS4 with anti-trojan capabilities that you probably wouldn't think are possible at this stage, but this type of research can't be done overnight - there is no documentation for what we do, it's all a matter of laborious testing and analysis - very tedious and slow work (something like searching for gold in a mine without any lights on), but the reward at the end makes it all worth it.

We thank everyone for their patience and understanding, and look forward to being able to reward everyone with even more powerful and unique leading-edge software soon.

I do appreciate the response, despite the form letter approach. However, I will specify my two questions more clearly so they might be addressed.

1) My question is will the registered owners of TDS-3 be upgraded to TDS-4 Pro that includes Guard and Scanner or are we going to have to purchase Guard and Scanner which DiamondCS will consider to be "Seperate, New Products?"

2) My other question is regarding a different thread where I read that WG4 would be the 1st release of the new family. After reading the "TDS-4 ?" thread it seems that this is not true. What is the plan? Will WG4 be released first, or not?

Thanks again.

Hi,

TDS-3 Professional users will get a free upgrade to TDS-4 Professional, or can choose one of the other programs. Exact details are not set, nor are prices. Please bear with us and decide when you see the available programs :)

Active Guard or Wormguard 4 ? They are having a race ;D

-{ Quote: "1) My question is will the registered owners of TDS-3 be upgraded to TDS-4 Pro that includes Guard and Scanner or are we going to have to purchase Guard and Scanner which DiamondCS will consider to be "Seperate, New Products?"" }-
Registered TDS3 users be be able to upgrade 100% free to any one of the three TDS4 programs, and which one they choose is entirely up to them. Many people using TDS3 today were upgraded 100% free from TDS2 also, so they'll be entering their ~6th year of using an anti-trojan that they only bought once, all those years ago. :)

In regards to the three types of TDS4 programs, people who like TDS3 just how it is will probably prefer TDS4 Professional. People who use resident/always-on anti-trojan scanners may prefer TDS4 Active Guard, whereas people who prefer on-demand anti-trojan scanners will prefer TDS4 Scanner. Regardless of which one you choose, it will provide complete anti-trojan protection (each can detect equally as many trojans), but in different implementations so that the user can choose exactly which program best suits their needs. And needless to say, if you own one of the TDS4 programs then the other two will become available at heavily discounted prices (including a bundle of all three).

-{ Quote: "2) My other question is regarding a different thread where I read that WG4 would be the 1st release of the new family. After reading the "TDS-4 ?" thread it seems that this is not true. What is the plan? Will WG4 be released first, or not?" }-
TDS4 Scanner, TDS4 Active Guard and Wormguard4 are both in similar, late stages of development (as they all share a lot of the new technology) so they'll all both be released at a similar time.

Best regards,
Wayne

Thanks for the quick response. As always your time is appreciated.

I am still unclear about the answer to my first question. We will get a free upgrade to TDS-4 OR one of the OTHER programs. I know that the amount of information regarding this matter is limited, but it seems by your answer that you are claiming that TDS-4, Guard, and Scanner are being considered "seperate, new products." Are you sure this isn't a deliberate division of what was implied would be included in the "Free Upgrade" that was promised to us in an effort to suck more money from the same customers that bought into the buy now and get a free upgrade campaign?

Again, I know that you haven't "finalized the details" yet, but it's beginning to seem that the claim by NewB when he suggested in an earlier thread...:

"I am sure glad I ended up purchasing BOClean instead. They are at least upfront and honest on things. TDS are great at marketing and leading people on though, ill give em that. "

...may have more validity that I gave it credit for. I have no choice but to wait and see. I know I won't be displeased with the power of your software. It's the power of your word that's in question.

-{ Quote: "We will get a free upgrade to TDS-4 OR one of the OTHER programs" }-
TDS-4 isn't one program, it's three very different ones, and you'll be able to upgrade to any one of them for free at your choice, and the two other TDS4 programs you can also purchase at heavily-discounted prices. Currently, if you use TDS3, youre using TDS3 Professional. TDS4 Professional is the main upgrade to the current TDS3 Professional, and if you'd like to upgrade to that from TDS3 for free, then you can. TDS4 Active Guard and TDS4 Scanner are extra, brand-new anti-trojan programs that dont even exist in public yet - there are no TDS Active Guard or TDS Scanner registered users, but if there were we'd offer them free upgrades also. However, rather than just offering TDS3 Professional owners a free upgrade to TDS4 Professional, we thought we'd give them the option of switching to Active Guard or Scanner instead, as they may prefer those scanners over TDS4 Professional. So, the choice is entirely theirs.

I posted the above before I had a chance to read Wayne's responses. I don't mind paying you a little more for all your hard work. I think a lot of light was shined on what to expect by Wayne's responses. I'm still confused between Scanner and Pro. I understand that Guard will be an "always on" scanner. Similar to many anti-virus programs today. However is there a difference between Guard and Pro? I mean would there be a need for both? Thanks for your time.

-{ Quote: "I don't mind paying you a little more for all your hard work." }-
But you won't have to, that's the beauty of having three programs - the choice is entirely yours, and you can choose the exact setup that works best for you without having to pay for anything you don't need/want, and with a free upgrade to any one of the three TDS4 programs you'll have a total anti-trojan scanner for $0. It's entirely your choice if you also want to use another scanner as well, but even then you'd only be paying a heavily discounted price, not the full price (as you'd already be a TDS4 registered user).

-{ Quote: "I'm still confused between Scanner and Pro." }-
The three variations are...
Professional - this is similar to the current TDS3, but obviously uses the new scan engines etc. It has a lot of fancy utilities, script capabilities etc - a power-users delight. Not recommended for novice or inexperienced users, but it's the type of program that is only as hard as you make it - basic functionality is very easy to use, usually just a few clicks, but people are often daunted by how much capability is on offer from the large menu system.
Scanner - purely an on-demand scanner. Very powerful "under-the-hood", but we've tried to keep things as simple, easy-to-use, and intuitive as possible. Anyone with any level of skill should be capable of using it.
Active Guard - purely a resident, always-on scanner. Again it's very powerful internally, but also has been kept simple and intuitive to keep it as easy-to-use as possible. Anyone with any level of skill should be capable of using it.

Sound good? :)

Sounds great. I'm sure I'll learn more about each as they are released and decide what best works for me. Keep up the good work and I can't wait.

>Anyway, I see no harm in keeping your loyal customers informed about the expected release dates of your new products. If your logic is that you don't want to let them down by having to delay it, I think that giving them a date then changing that date is better than keeping them in the dark.<

See what you've been quoting in your first message yourself. When a possible date is mentioned, they're called unreliable, if they mention a date and have to change it they're not trusted either and called all other kinds of nasty names.

People forget all the new tools --of which several even completely for free!-- released along the line in the meantime partly using the new technologies is our impression reading Wayne's words carefully, so why so very impatient?

Wayne told over a year ago there would be three separate products and he told us not long ago we can even choose one of the three for free and now even there will be a bundling and reduced price for current TDS-3 users! It could have been "you have TDS-3 Pro and you get TDS-4 Pro upgraded, if you better like the others that's your choice and you'll have to buy them" but this is not the offer, we have the free choice for what we like most on our system and our needs and wishes, not getting for free what we might not like/need/want.
But i asure you i want them all so i won't make any problem, i'm just very happy looking forward to the coming new products on their own chosen time.

Now i ask you how many companies are giving you software and upgrade after upgrade for free so many years and even completely new products released along the lines for free and even more shareware for a reduced price with the one you got for free already?
Tell me, i don't know them.

I would prefer to pay a yearly "membership" if this goes on, for the honor to be among the first each time to use new tools and all for free, the two support forums and the private licensed TDS operators only area, the scripts, the 24/7 support, the education, the security on my system, all the fun with that, urgent support where the cause was not with DCS software at all, the family of DCS products users all around the world ensuring support to the best of knowledge all time around the planet and the clock, in sickness and in health, etc etc etc
My DCS family connection started 29 november 1999 so four years now.
In TDS-2 i put the menu option on power user immediataly to learn it all while in fact i'm still a novice in many areas, but i find it really hard to clean out and secure people's systems without the DCS tools by now.
Some people's kids born since that time now are on their first steps on DCS secured computers and won't know different, fortunately!
We'll write them a few nice msagent scripts to say "Hi!" to them.

I have also three questions:

1.
Will the emulation (generic unpacker) be included in TDS-4 Pro, the pure on-demand scanner, or both of them. In other words, will TDS-4 Pro offer everything the pure on-demand scanner offers (except the simplified GUI)? Will the memory scanner of TDS-4 Pro be as powerful as the memory of Active Guard?

2.
Is there any official (!) policy regarding free signature updates? Most other companies provide free updates only for a predefined period of time (or at least reserve the right to do so).

3.
Is there any way to purchase TDS anonymously? Is it possible to transfer a TDS license (program + keyfile) from one person to another? (I believe that in Europe standard software is considered transferable.)

TIA.

Hi again cguest,
Thanks for your interest in TDS4. I'll try to answer your questions but obviously there's a lot that I can't say at this stage as not everything is set in concrete ...

-{ Quote: "Will the emulation (generic unpacker) be included in TDS-4 Pro, the pure on-demand scanner, or both of them" }-
Actually all three programs will have emulation, even the Active Guard. You may now be wondering "but why would a resident anti-trojan like Active Guard need to emulate anything, when the process would've already unpacked itself in memory?". Active Guard has execution protection so it can intercept the execution of a file before any code is actually executed, so if the file is packed it can then emulate the unpack code to the point where the main code section has been unpacked, at which point it can be scanned, and if a trojan is detected then the execution can be aborted, preventing any infection that would've otherwise occurred. This is much safer than actually allowing the file to execute and then scanning it while it's running, as that alone is all the trojan would need to start attacking the anti-trojan program (unless it's protected by our upcoming Process Guard program).

-{ Quote: "Will the memory scanner of TDS-4 Pro be as powerful as the memory of Active Guard?" }-
Yes, but in TDS4 Pro it will be an on-demand capability only.

-{ Quote: "Is there any official (!) policy regarding free signature updates? Most other companies provide free updates only for a predefined period of time (or at least reserve the right to do so)" }-
We haven't published a policy regarding this but we'd be happy to do so, although we haven't actually had any questions about this before (but that's not to say there won't be in the future). We've always provided 100% free database updates, no strings attached, on a daily basis Mon-Fri, with no time restrictions, but due to the high costs of providing database updates (it's very, very time-consuming - finding, unpacking, analysing, finding good ways to detect them, etc), which is probably why TDS is still the only anti-trojan with daily database updates! We may be forced to change that with TDS4 - maybe something like free updates released once a week, with the option to pay a small fee which would allow you to obtain the daily database updates.

-{ Quote: "Is there any way to purchase TDS anonymously? Is it possible to transfer a TDS license (program + keyfile) from one person to another?" }-
If you'd like to get somebody to purchase for you on your behalf that's fine, just get them to send us an email immediately after their purchase to let us know "I just ordered under <this name>, but I'd like the keyfile to be made out to <this other name> please", and we'll send you the keyfile under the requested name instead of the name of the purchaser.

Hope that helps,
Wayne

I guess my question somewhat emulates cguest's first one: is TDS4-Pro really an integration of ActiveGuard and Scanner, plus all the other powerful trojan detection tools similar to TDS-3 Pro?

Is the Pro version capable of both on access scanning (Active Guard or execution protection as in TDS3) and on demand scanning (Scanner)? If so, are both these functions exactly the same as Active Guard and Scanner? I guess what you mean by the latter 2 being new products is that you've never isolated these functions before? And I would also suppose that this is a move catered to the "set it and forget it" crowd like those using BoClean?

Whatever the case, just 2 things. I'm fed up with software and game developers releasing buggy products ahead of schedule, and promising stuff they never deliver on. So, DCS, take your time and release it only when it's ready. Those who deliver products on dates and development schedules are driven by corporate reasons, so those complaining about this and that delay can help yourselves to the vastly superior similar products available profusely elsewhere.....oh wait, there are none ::)

....Hey Wayne, you posted 2 minutes before I did (!), and I think you answered the technical question.....

Thought it would be delta updates (daily? weekly?) and once a month(?) a full update?

Jooske,
Yes that's correct, but delta updates aren't really related to funding the updates :)
Delta updates are smaller, 'cumulative' updates -- rather than downloading a full database every day which contains detection for every trojan, you just download that database once a month. Every other update is just a small update which just adds to the existing database -- it saves having to redownload the whole thing each day, so it saves both you the customer and us the vendor bandwidth and time :)

But that still doesn't solve the issue of funding daily database updates ... :)

Back in the early TDS2 days (mid-to-late 90s) there was maybe one trojan released every fortnight - it was easy to stay on top of them, so charging for database updates wasn't even something to consider. Today however as we approach 2004 we're seeing several trojans/variants released each and every day, so things have changed a lot - trojan collecting/analysing/detecting is now a fulltime job in itself, and there are literally thousands of trojan authors and programmers who make use of open-source trojans, so now unfortunately there's simply no way one man alone can do an adequate job with that, plus handle sales, email support, forum support, etc etc, and still somehow find time to research and develop, without making a lot of sacrifices -- there are only 24 hours in the day! So unfortunately it costs a lot of money to provide daily anti-trojan database updates in this day and age -- half a decade ago this wasn't the case, but I guess it's just another example of how fast trojans are evolving

Again though, none of this is set in concrete and we're still throwing a lot of ideas around in the air :)

Am I correct when saying that to have On Demand and On Access scan I need to buy (at a very discounted price) at least one product.

So to have the same functionalities TDS-3 has (on demand and Execution protection) I will need to pay something?

new DCS products ? mhh some of them sounds interesting, e.g. the active guard and the new generation of TDS, but i have a question what kind of user interface will the new TDS will have, like the one of TDS-3 or a new one ? (maybe a nice screenschot would be nice, but i think it is like 3DRelams the next screenshots comming 2065 ;) and what about the signatures, i read a lot (mostly here ;) ) that TDS has (some) 'weak' signaures. Have the new TDS better signatures ?

Sisko,
We're still debating whether or not to remove execution protection from TDS4 Professional, but that's the only aspect that might be removed - everything else will simply be enhanced.

"elsa",
Thankyou for your interest in TDS4. The TDS4 Pro interface will be similar to the TDS3 Pro one, but TDS4 Active Guard and TDS4 Scanner will have very different interfaces, with a whole new refreshing look and feel about them - this is important as Scanner and Active Guard in particular are designed to be easy to use. Sorry, no screenshots at this stage.

And no, TDS3 doesnt have weak signatures, the only person you read that from here was one of our competitors (so I'm sure you can guess why they're saying that). All of our signatures are hand-picked after comprehensive analysis, and we have many different classes of signatures also - TDS3 is able to detect trojans in more ways than any other anti-trojan program. This is in stark contrast to some of the other anti-trojan programs out there which use signatures taken from fixed locations in a file (no human analysis required - "dumb" signatures). They're the weak signatures you should be worried about, and no, we certainly don't use anything like that.

Regards,
Wayne

Wait so what you are saying is that if I were to purchase TDS-3 right now and in order to have the same functionality in TDS-4 as I would have in TDS-3 then I have purchase additional scanners? (on demand and real time?).
Thus it boils down to this:
If you purchase TDS-3 you get free upgrade to on demand scanner but for real time you have to pay? (well ok discounted but still you have to pay, thus it's not really a free upgrade from TDS-3 capabilities to TDS-4).

And boy I really hope that you keep the daily or bi daily updates free since haveing weekly updates kind of discourages me from buying...it will be something along the lines of Norton's WED update (but at least you can download a manual update from Mon-Fri from their website).

Norton asks a yearly payment too, don't they?

I guess if exe protection is on one or in Pro and Active Guard both, we only need to install it once and i am happy with the idea of it running at first windows startup immediately! There's a kind of exec protection in WormGuard too if i remember well (?)
Also i guess we'll use the same radius database one d/l for all three at a time.
Looks like Gavin is going to need a colleague for some parts of the job! And somebody for updating the websites with all those new tools each time!

I recently purchased TDS-3 because it has a good daily updated scanner AND a real time guard in the form of execution protection.
I presumed the free upgrade to TDS-4 would be for an updated version of the same. :(

Cheers,

Trev.

"helloworld",
-{ Quote: "Wait so what you are saying is that if I were to purchase TDS-3 right now and in order to have the same functionality in TDS-4 as I would have in TDS-3 then I have purchase additional scanners?" }-
No, I didn't say that! I'll repeat what I just said :)
We're still debating whether or not to remove execution protection from TDS4 Professional, but that's the only aspect that might be removed - everything else will simply be enhanced.

In other words, if you liked TDS3 Professional, youll love TDS4 Professional! However we do know that some people do like the execution protection available from TDS3, so again - it's not set in concrete as to whether or not we'll remove it from TDS4 Pro, but that's the only thing that might be removed. We'd appreciate more user input on this :)

Can I please ask are you currently a TDS3 registered user, and if so, do you use Execution Protection? We've found that only a minority seem to use it, with most TDS3 users just using TDS3 for on-demand scanning, which is the main reason for us considering removing Execution Protection from TDS4 Pro. But again, this isn't set in concrete yet!

-{ Quote: "And boy I really hope that you keep the daily or bi daily updates free since haveing weekly updates kind of discourages me from buying" }-
Im assuming that if youre using an anti-trojan program you're also using an anti-virus program? If so, your anti-virus program probably already requires you to subscribe for database updates. For example, if you use the Kaspersky anti-virus scanner then youve probably either got a Platinum, Gold, Silver or Bronze subscription ... :)

Back in the mid-to-late 90s when remote access trojans first came of age (when the only anti-trojan programs available were our TDS2, BOClean, The Cleaner, and Lockdown), trojans were only being released maybe once every week or two. As such, it didn't cost much time to analyse and add detection for them. Now in 2003 where trojans are being released on a daily basis it's costing a lot of time and money to provide daily database updates (we're still the only anti-trojan company that has daily updates, and due to the rising number of trojans being released I can't see that changing). Other anti-trojan "companies" (with all due respect I have to use that term loosely as virtually all of them consist of just 1 person so I feel strange calling them "companies") may use this to attack us by saying "forget what they say, we'll keep offering free database updates", but they don't spend anywhere near as much time, money, or human resources as we do on database updates and trojan collection/analysis so it's not really a fair comparison.

There are basically two types of programs in this regard ... most programs (probably 99% of software) can be developed, released, and then left "as is" - they don't need many (if any) updates. Typically, you'd pay for this kind of program up-front, and every now and then when a new update became available you'd be able to download it for free. On the other hand, there's a small group of software that requires daily maintenance, such as anti-virus and anti-trojan programs. Your one-off up-front fee will probably cover database updates for the first year, maybe two years, but that's about it - after that period it will actually cost the vendor to provide you with database updates, and that may send the vendor bankrupt. This is the main reason why virtually all anti-virus software today requires some form of subscription so that you can download database updates.

Most software doesn't require daily maintenance, but I hope you can understand why anti-virus/anti-trojan scanners (and a few other similar types of programs) require daily updates by their developers.

Thanks for your feedback,
Wayne

I understand your concern and I know that it takes time and money to peform daily updates. Thus daily is not necessary as long as you update it at least once every 3 days (bi daily would be better).
No I have not used Exec Protection since I am not yet an TDS-3 owner, I am looking into purchaseing it but I am awaiting TDS-4 and it's final options. But I did gave the TDS-3 a trail run (w/o exec protection). I must say it is a very good program but I would like exec protection to be present. Also does exec protection uses up resources? or is it only as the name states Exec Protection (Thus uses up resources when an given monitored extension executes?).
Currently for my real time scanner I am using BoClean and I must say as simple as that program is, it does it's job (it cought few trojans that Nod32 Kav or Nrtn let through (on demand scanned w/ Kav and Nrtn while Nod was real time)). And I like their updates, sometimes they are daily and sometimes once every three days and now with the .11 version I don't have to manually update it.
The missing part of BoClean is the on demand scanner since I would like to scan a file before I execute it (just in case). That's why I am looking over to TDS-3. Of course I will continue to use Boclean as my real time scanner. THus Exec protection is not a be all funciton, but it's extremelly welcomed in my purcheaseing decision (I would rather have a layered protection then none).

Wow. I just found my 1st trojan with TDS. I want to know what I should do. TrojanDownloader.Win32.CPR is the name. It's ironic that as I start to knock DiamondCS I need their help.

"helloworld",
Yes, I understand your concerns and they're all very valid points. :)

-{ Quote: "Thus daily is not necessary as long as you update it at least once every 3 days (bi daily would be better)." }-
Yes, I only said "every week" for now as an example, but whether it's every second day or every week or something else is still yet to be decided.

-{ Quote: "Also does exec protection uses up resources?" }-
TDS3's execution protection and TDS4's execution protection are both very different, but they're both very low on resources. Execution protection essentially only comes into play when a program is executed - at all other times it's basically using 0% CPU.

-{ Quote: "THus Exec protection is not a be all funciton, but it's extremelly welcomed in my purcheaseing decision" }-
You're spot-on in that it's not a be-all function, but yes it's a very powerful capability. Really it comes down to individual needs/wants - some people only want on-demand scanning, others only want resident/automatic scanning, and some want both. So to meet these needs/wants, we've broken TDS4 down into three programs :)

As wayne asked :) And as a DiamondCS moderator & TDS user I would prefer that execution protection is kept in TDS4, I think that it would be the most harmonious solution.

-{ Quote: " quoting: dallen link=board=5;threadid=16166;start=15#msg100577 date=1068572372]Wow. I just found my 1st trojan with TDS. I want to know what I should do. TrojanDownloader.Win32.CPR is the name. It's ironic that as I start to knock DiamondCS I need their help." }-

Hi dallen,

You may want to start a new thread with the specifics of this issue to get the best help with it.

Pilli,
Seeing as TDS4 Active Guard is a resident-only scanner, and TDS4 Scanner is an on-demand-only scanner, it'd make sense that TDS4 Professional had both capabilities so we're not ruling that out :)

Dallen,
It's currently 2am here in Perth and I'm about to leave the lab but I've left Gavin a note (he's more familiar with the CPR trojan than I am) and he'll get back to you later in the morning at a more respectable hour with more information about this trojan :). Until then, 1) if the file is running, terminate it's process, and 2) move it to another folder so that it can be analysed later - that should be all that's required to neutralise the trojan.

Best regards,
Wayne

Thanks Wayne.

I replied to an IM from dallen: here is the gist of the text in my reply:

Regarding updates I can see how much of a strain that can put on a small company like DCS and I can understand that a premium for daily updates may follow that of other AV & AT companies.

One of the things that DCS is good at is customer support and, to me, that is worth it's weight in gold.

DCS also provides a range of free utilities which obviously requires yet more resources, Wayne has stated that he intends to keep the ratio of freeware to payware the same. Let us not forget all of this added value

For the trojans:
i created a special folder to put the suspicious stuff in, zip them, submit to the lab and waiting for their answer.


For the exec protection:
i've TDS always up because of that function and it has stopped a few times some programs from running; suppose when i see it in the taskmanager it has just stopped something too even when i don't see popups for it. (guess that needs another thread? as i think it's my aggressive firewall blocking all popups)
I don't mind in which program it is, as long as i have it somewhere available and if possible all time.
The many win9x series users which systems are more vulnerable for security risks then the nt/2000/xp series will be really gratefull for every extra bit of protection.
If it's a problem make it an extra stand alone tool for registered users of one of the three (four? five?) programs.

1. Execution Protection

Personally, I do not think that this feature is important but others do. The problem with removing it from TDS-4 is that all existing TDS-3 users will lose this feature (or certain other features) depending on whether they upgrade to TDS-4 Pro (or another TDS-4 version). I understand that an upgrade is required since there will be no more updates for TDS-3. That's why I recommend not to remove execution protection from TDS-4 Pro. People may get angry.


2. Signature Updates

An official update policy would be helpful since you cannot determine the value of a scanner w/o knowing how long you can use it.

I consider it quite important that manual updates will still be available. Personally, I would never use a scanner's autoupdate function.

Maybe it would be a fair compromise to offer weekly updates for free (for a guaranteed minimum period) and daily updates for cash? For private users it is typically not that important to get daily updates. (Remember, we are talking about trojans. Usually, they do not instantly destroy your computer.) Corporate users require daily updates and have enough money to pay for them.

However, if TDS-4 were to use rotating signatures a weekly update procedure would compromise security.


3. Anonymous Purchase

Would be great if there were a way to do so. I don't like to be registered with anyone.

I have been following this discussion with a lot of interest and now I'm confused. In 3 I thought that Execution Protection was needed to catch trojans when they try to execute. Am I wrong ? I for one want something to keep watch over things .

-{ Quote: " quoting: WilliamP link=board=5;threadid=16166;start=30#msg100628 date=1068586014]
I have been following this discussion with a lot of interest and now I'm confused. In 3 I thought that Execution Protection was needed to catch trojans when they try to execute. Am I wrong ? I for one want something to keep watch over things .
" }-

Hi all,
WilliamP, you'd need Execution protection in two cases: 1) you are launching a program you cannot trust (i.e. you haven't manually scanned it beforehand) and/or 2) you trust/have scanned the program beforehand, but it was packed/encrypted in a way that the scanner finally wasn't able to correctly detect whether it was clean or not.
Since AFAIU TDS-4 will practically resolve problem 2) it all depends on your safe hex practices.



@All, @DCS:

And, to also add my two cents to the ExecProt/Updates "poll":
I have installed TDS's ExecProtection. Only there are times I am not running TDS at all, but then there are times i have it always running in the background. So it depends a bit on how risky i feel each day. That being the case, I probably wouldn't spend much (?) money on a resident scanner in addition to tds-4 which I will upgrade to. But I would feel a bit disappointed if the upgrade path was such that i would be left without ExecProtection. But i can understand that this may be a valid option and i said "a bit" disappointed only.

I would agree even more (and I would certainly spend the money) if the decision finally was made to deliver daily updates only for subscription users. The difficult part will be how to have the non-subscribers have their systems equally well protected with a paid-for TDS-4 program. On another forum there was a discussion about generic detection versus positive identification (non-subscribers getting alerted on the same trojans, but only generically, subscribers being told what malware/version/variant exactly it is that was found), don't know if that is feasible? Or have daily updates downloadable for everyone, but only via the webpage at a randomized (not-scriptable) location, subscribers from a constant location with account/password.? Or finally (but this creates some security gap I think), daily vs. three-day updates... I'd prefer a cost in terms of useability for the non-subscribers to a cost in terms of protection, you get the idea.

To Sum up: Please keep ExecProt in the Pro, but okay, go ahead and introduce some subscription scheme.

Andreas

I agree with Andreas(W) regarding the execution protection despite the fact that I'm not as knowledgeable as he. I would recommend leaving it as a part of TDS-4 Pro, unless there is a good reason not to.

P.S. Andreas(W) why do you hang on to Port Explorer v. 1.700 and not upgrade to v. 1.800? Just curious.

Hi dallen,

Luckily this is an adware downloader, and like so many new adware/spyware detections its labelled a "trojandownloader". I never thought we would be adding downloaders which download spyware or adware, but they really are something users dont want. Most AV's are also detecting them as they receive them.

Im still a little unsure. Should TDS detect spyware ? Adding JUST detection is easy, as trojans actively fight security programs. If spyware removal was worked on, it would mean longer development for TDS.

For now they are added if they are downloaders as this one was :) Run your adware/spyware program which should find cpr.dll I think it was, and something else

@Andreas

All future TDS and Wormguard and ? ? ? programs can use the one single execution control DLL that will be shipped with them all. If execution protection is already installed, the program will basically add itself to the list to get a go at scanning something. If nothing is detected by for example Active Guard, it will pass control onto Wormguard 4 which will then pass the execution and the program will run.

Yes, exec protection in one of the programs is OK for me, so if f.e. WG has it already installed and i install Active Guard or Pro it sees the installed hook and it shows as installed there so no need to do it again.

The explanation about safe computing practises and then not needed is fine, but many people are in a home environment where very rapid kiddy fingers can do very unexpected things to add to the computer experience.
And grownups also can have their moments of not knowing what not to click on plus we like to have some assurance when we click something we shouldn't it is stopped before it can do any harm.

Hi,
I suppose I should have italicized the "need" in my theory about when you actually need ExecProt. ::) That description was in fact meant more theoretically - because, as Jooske pointed out, in practice you never can be quite sure of how secure your safe hex practices are and how consequent you will be with them...


Gavin, that sounds good. And to me it sounds like it wouldn't make things very complicated leaving ExecProt in TDS-4 Pro. Rather just a matter or UI, volume of support questions to be expected from it etc. :P

-{ Quote: " quoting: dallen link=board=5;threadid=16166;start=30#msg100670 date=1068597855]
P.S. Andreas(W) why do you hang on to Port Explorer v. 1.700 and not upgrade to v. 1.800? Just curious.
" }-

Ehm. What I didn't upgrade was my signature. Will do so right now. I'm actually on PE 1.800 (I think beta5 which worked fine enough for me)... :D

CU,
Andreas

Hey! congratulations, Port Explorer registered 366 days ago, so yesterday was it's first birthday!
Great program and 1.800 (final) on my system.

Thanks for the italics Andreas, that makes all the difference here and there 8)

Jooske :)

08/11/2002 05:07a 834,326 pedemosetup-1100.exe

Its 1st birthday was on Saturday - it's come a long way since then :)

Right, i get those 366 days because of my keyfile when i click the "About" but true, the 1100 exe was three days earlier.
Have TDS and PE up all time together, and lots of fun seeing some stuff coming in with the Socket Spy and after looking with TDS deeper into such a file.

For what it's worth, I don't believe TDS should spend the development time (and all the time keeping up with it thereafter) on adding adware-related detection/cleaning.

We all know there are already two excellent free programs out there for this - SBS&D and AA.

Duplication of effort, FP's, higher bandwidth cost and more demands on technical-support time from DCS are bound to follow if you pursue that path.

Bad idea. Pete

Maybe if wanted / necessary / possible in future update / extra module / stand alone / whatever........
Maybe it can just be added as it is in the same way with trojans, dialers, keyloggers, rats, worms, spybots, whatever.
I could imagine a separate extra scan/database as the scanning process for trojans is already first choice and rather heavy/time consuming on slower/smaller systems, so i guess i would like a future spyware thing separate.
I do hope the updates are less frequent for the spystuff but i guess they are growing too.

So when there are comparisons that say TDS didnt detect

TrojanDownloader.Win32.Swizzor

-insert hundreds of names here-

Noone will care ? ;D

I'm very happy that it does/did Gavin!
I remember several months ago i got a positive identification of a downloader from what i thought a respected site myself and i'm really grateful it was detected. Bij TDS. While i have the habit of checking every d/l with other software too which let it through unmentioned.
It was stopped by the exec protection in the first place when i thought to run it anyway, after which i did other scans on the file with TDS to see what was wrong, even submitted it to be really sure "as it really came from a good site", i remember my comments.

Dear Wayne,

"Re:TDS-4 questions part II
« Reply #22 on: November 11, 2003, 11:11:59 AM »
Can I please ask are you currently a TDS3 registered user, and if so, do you use Execution Protection? We've found that only a minority seem to use it, with most TDS3 users just using TDS3 for on-demand scanning, which is the main reason for us considering removing Execution Protection from TDS4 Pro. But again, this isn't set in concrete yet!"

I have TDS-3 Active Guard on from the moment I log on - and it stays on together with several other fine DCS products until the power goes off!
So YES, I use TDS-3 actively and passively every day.

However what's important to me personally is that your execution protection is there, so if..

"Re:TDS-4 questions part II
« Reply #36 on: November 11, 2003, 09:03:00 PM »
..execution protection is already installed, the program will basically add itself to the list to get a go at scanning something..."

and if I have WG4 installed and TDS4 can 'piggyback' on that execution protection (WG--> TDS--> Execute) fine.
(If I'm understanding Gavin's comment correctly -
(and I suppose I should put an End statement for all those IF's!)
). ;D

Regards
Mike

Hey Mike! where did you get your copy of Active Guard? As that is not even released yet. You probably speak about the exec protection is up at the moment.

The piggyback is the way we mean and hope for.

Dear Jooske
- thank you for the technical correction :D it is of course exec protection that I'm using in TDS-3 daily, I was confused (easily done!) after following such a long thread!

However the fundamental question remains.

I have several of the EXCELLENT DCS products, of which some have exec protection.

It appears from this thread that SOME of these products will upgrade for free and will carry SOME form of exec protection with them - (some may not?? - to be decided....).

My question (based on my understanding of the issues raised in the thread to date) is simple.

I'm a DCS fan and I've got DCS products that have exec protection.

If I choose a TDS version that hasn't BY DEFAULT got exec protection (eg it's an on-demand scanner ONLY), BUT I've got my OTHER DCS products (which include exec prot), will the on demand scanner be added to the list

"to get a go at scanning something..."

as in answer 36 ?

Regards and Best Wishes
Mike.

Mike,
At this stage it's likely that exec protection will be available in both TDS4 Active Guard and TDS4 Pro. We were considering taking it out of TDS4 Pro, but as there are a lot of TDS3 Pro users who like it, we'll leave it in. Either way, before you even download the program you'll know from the website description whether or not it has exec protection capabilities.

Enjoy the weekend,
Wayne

W

Thanks!!!!!

Cheers mate - you too!!

I`ll be very happy if the exec prot is kept in TDS-4 pro. :)

Cheers,

Trev.

I've got a dumb question. If execution protection is included in both the Active Guard and the Pro and a user decides to have both could there be any conflicts that could arise from both execution protections trying to run at the same time?

I'm sure that either that is a dumb question or it's something you smart folks at DCS have already considered/fixed.

Dallen, My gess is that as you install EP from whichever programme then the installer will say that EP is already installed "Do you wish to reinstall" etc.
Or that the install will be greyed out if it recognises that EP is already running

Is the following answer to a question from this thread (http://www.wilderssecurity.com/showthread.php?t=3316;start=0) still accurate?

thanks,

gj

..................


-{ Quote: "FROM:
Re:Wayne&Gavin
« Reply #14 on: August 31, 2002, 07:27:44 PM »

--------------------------------------------------------------------------------
Quote from: javacool on August 31, 2002, 04:37:56 PM


NOTE: The following is just an educated guess.

It seems to me that what is meant is this:

TDS4 Advanced Scanner -> possibly just an on-demand hard-drive scanner
TDS4 Active Guard -> just an on-access scanner
TDS4 Professional -> combines the two products noted above plus (possibly) some other features

Since all TDS3 Professional users get the free upgrade to TDS4 Professional - you won't have to buy either of the other two products.

Again, this is just an educated guess - but it seems fairly logical to me .

-Javacool" }-

-{ Quote: "UNICRON
Administrator

Karma: 205

Posts: 1816



I can confirm this, but not the prices. " }-

http://www.wilderssecurity.com/showthread.php?t=3316;start=0

-{ Quote: "still accurate?" }-

See Wayne's post above, Wayne has said that "Nothing is set in concrete" as yet

We do know that there will be Active guard, Scanner & TDS4 Pro. The final parts to be included in TDS4 Pro has not yet been decided.

Hi all,
Can we get down to it! TDS4!! yes it should have exec protection, yes, it should be free upgrade, and again, yes, the other parts of the TDS4 suite, should carry a price tag to pay for the developement of these tools, and also the free tools available from Diamond CS.
I may be a lonely voice out there, but I see good value for money in the TDS4 suite, and associated free tools.

Hi Tut, fortunately all the other tools released recently use new technologies which were needed to concrete before the release of next products like the 4-families.
So not any time really lost and in the meantime bunches of toys ehh tools to play with and more to come!

hmmmmmmmmmm tds 3 has had a update in the past to v3. something

so its not like it dont get updated like you make it sound.

we werent even supose to have knowledge of tds-4 they just let it leaked cause they were excited about the situation.

tds 4 is supose to take it to next level and every day we find out something new about tds-4

if you look closely at tds-4 threads

and put it all together you have one phat as program comeing up.

this stuff takes years to make improve and fix bugs

just like anyhing in life worth haveing

plus we almost get daily updates for trojans cant beat that

I have an idea for a new packaging scheme.

TDS 4 - Home :D

TDS 4 Home should have active guard and the new file scanner but exclude all the extra stuff in TDS4 pro that some of us have no use for. This would be a similar package to what you would get if you went out and purchased most AV programs.. just an idea, but it makes a bunch of sense to me.

I have a question.

I don't ever bother to check the DiamondCS home page or check these forums. I paid for the package deal a few months ago and am happy just updating and running the software. But, I want TDS-4 when it comes out. Actually, I didn't even put my email address in for the newsletter.

So... when should I check back? (as in - we know TDS-4 won't be out in the next xx months so you can probably write down on your calendar to check back in madeup-uary. :)

:P Maybe I should just sign up for the newsletter (duh)

BTW: Installing Visual Studio .Net on my system (my theory) seems to have killed TDS-3. The first time I tried to run it after installing .Net TDS-3 would hang on the first item of the memory scan when loading and I'd have to reboot my system. No big deal. I completly deleted TDS-3 and reinstalled it from scratch and it works fine again. Just FYI if anyone cares (cause I don't really care enough to make a thread about it).

Great product.... loving it.
-A happy silent user

I agree with your thoughts McDougall. However, I check the forums because I find value in the information that I find there. Going back to your suggestion. I would be satisfied with knowing a "not going to be released before" date rather than a "going to be released on" date. I think that DCS should try this approach.

Hi all,
It's most certainly advisable to visit the DCS forums, including the private licensed TDS operators areas. For latest news, education, tips, special tools for those users only or in the first place, discussions and about the future products.
With all the tools released in the meantime which could have been included in TDS as well as extra modules, although we also can understand why this was not done, in the radius4 engine had been released for public we might have said we are already using tds-6 by now with all those new items, but ok, as all those new goodies are separate programs and tools we are just patiently waiting to see what is next and how it will be called.
The planning is known for the products by name and probable order of public release, but don't pin developers on a special date as in the past that was done and we have seen the time consuming discussions so better just have the newsletter, visit the forums, and in the meantime enjoy all the wonderful products and protection we have with what there is.
And most of all: enjoy our computer experience!

While you patiently wait for TDS4, why not take a look at some of the software projects that have resulted directly from TDS4 research & development. These include:
OpenPorts - http://www.diamondcs.com.au/openports/
Port Explorer - http://www.diamondcs.com.au/portexplorer/
Autostart Viewer - http://www.diamondcs.com.au/index.php?page=asviewer
Advanced Process Manipulation - http://www.diamondcs.com.au/index.php?page=apm

And coming later this week ...
- Advanced Process Termination (APT - a free utility that offers seven different process termination methods at the click of a button), as well as Suspend/Resume process (un)freeze capabilities.
- The first full public release of Process Guard, the only program we know of that can secure processes against all 7 of APT's termination methods
- ... as well as a project Jason has been working on in his spare time at his home!

Stay tuned. :)

we can also grab the littile green guys ears and make him scream uncle lol

my swartz is as big as yours

One more vote to keep the execution protection in. I am on 98SE here and have to worry about resources, but if I am online(dialup), TDS-3 is running, no exceptions, and execution protection does not ever get removed. :)

Hi Vietnam_Vet, good to see you again.
It's fortunately already decided the exec protection will stay in both products.
I hope to be able to have the Active guard resident in autostart and use the TDS Pro part afterwards like i do at the moment. Exactly for that exec protection. Would like that starting before windows does! 8)

If you have Active Guard, you wont NEED Execution Protection in TDS-4 Professional, because they both use the same scanning engine, R4.

So dont worry :) because everyone will love Active Guard and on demand scanners will be just for fun or tools mostly :)

Enjoy Process Guard and Port Explorer - since 99% of old trojans are detected by the USER and Port Explorers hidden server detection technology. Newer DLL injecting trojans CANT run. Forced injection trojans CANT enter your processes and hide from your firewall. How they gonna beat you ? :D

On win9x systems where PG doesn't run?
MS is forcing the whole win9x family to upgrade to xp at least, so that will beat a lot of those vulnerabilities --if they finally have been able to close all the over 65,000 ones in win2000 without creating new ones since it's first release.

I guess on Win9x use SSM, but there is no real solution for Win9x. The shared memory area poses problems and there are too many "cheap" ways to get to Ring0 and run privileged commands. The platform as a whole is not securable properly, its as simple as that. Virus writers have produced some very nasty malware for Win9x (VXD rootkits come to my mind as the most despised).

Not to mention on Win9x things like CIH and Magistr can destroy your BIOS :(

:oyikes i gues the littile green guy with pointy ears got a frind with a gloweing sword lol

;Dguess not good ideal to pull them green ears lol

What's happening with you Blaze? somebody tried the wooden spoon on you?
Hope you're still trojan-free on your system or was this nasty virus infection talk?

Hi All
I think there are many of us still trying to learn TDS3. I don't mind waiting.
I would also like to add, the Help File is the best I have ever seen, and would even purchase that if it were in hard copy or soft copy book form. There is so much there that I have wanted explained to me and couldn't find anywhere.

Some people print it out -- will take over 300 pages.
Yes it's quite an amazing manual. I like it a lot too.
Took many weeks to create that, very informative and still we ask additional info :)
Ever in a msagent script with voice recognition added the command "Help!" and calling that opens the helpfile, even if you don't have TDS open that moment, or call "update!" and it updates the TDS databases.
Don't recommend to have an msagent script reading it all aloud for you though, would take a few days!

:D yup im still trojan free nd i fond that with that big voice file i dowenloaded from microsoft that you joosky gave me a link to that

my tds now has a real female voice that doesnt sound robotic lol

i think its cause im now useing windows xp so voices are way difrent?

plus microsoft 2002 apps like works 2002

It could be the new msagents work with the new sapi5 engines which comes with XP, not sure yet, the site is not really clear in this.
If so, you could be lucky to have TDS working with the sapi5 too -- i have no XP around to test that out; several months ago the msagents still worked only with sapi4 runtimes/engines.
Maybe you have better speakers now? Other soundcard?
The female voice is the voice of Mary.

I ever posted a link to make online speech samples with an Aussie female voice - unfortunately they don't give that engine free for download; you can hear that sample in the first posting for PE with a link to it. I really think she sounds rather cute.

Jooske,

You seem to be quite knowledgeable about the speech thing. I would like to learn more about it and it's functionallity in TDS. Do you have any recommendations of readings that would help me?

Thanks,

dallen

Hi Dallen,
the speech technology is mentioned quite a few times here, in many threads.
It's used in msagent, www.microsoft.com/msagent
XP systems are all msagent ready, but have the sapi 5 speech engine installed, while msagent till now and TDS use the sapi4 speech engine: all different technology, both can co-exist on one system, but not work at the same time.
So download all the msagent tts/vr speechengines, including the saopi4 runtimes and the speech engines control panel to disable temporary the sapi5 engine to be able to run the sapi4 speech with msagent and TDS.
Might be in future msagent works with the sapi5 engine too, not all sure about that yet, in which case it could be TDS-4 would be able to work with the sapi5 engine too.
From that msagent page dig deeper for the speech technologies with .NET and all the other new developments, and whatever is there. Very interesting stuff!

Question for Gavin.
I use windows ME, in an earlier thread, you were not giving much hope to windows 9* / ME users because of " built in vunerabilities" ( my words, not yours, ) implying that Microsoft, ( all, spit!! ) prefer people to upgrade to XP rather than to supply protection to users such as I . Carrying this train of thought further, does this mean that TDS4 is not for the "likes of me"? or, will TDS4 be our saviour? and protect us, despite the fact that we are only windows 9* / ME users, although Microsoft, ( all, spit!!) don`t give a toss, now that they have our money?

TDS as a scanner will go far to protect anyone, and TDS-4 will run on any Win32 platform. Windows 9x users will still get Execution Protection but it will not be as powerful as that in Windows NT/2000/XP/2003. Detection of files and in memory will be exactly the same. NT based systems maybe have new features which are only possible in that environment, but no trojan will be impossible to detect with the standard scan(s)

Thankfully the exploiters who attack MS systems go for the bigger targets. Most users now have XP and there are plenty of exploits in it for them to find.. Simpler terms, long time since I've seen a Win9x specific exploit :) Win9x on the good site though also by default doesn't have all the services running as in XP, remember 9x users weren't DCOM victims for this very reason.. and partially for the first reason above.

Windows 9x is still inherently vulnerable, trojans can be VXD rootkits on Win9x and very hard to detect by normal methods. STOPPING those rootkits is too hard (maybe impossible) due to the shared memory area where any program can start patching memory and affect all other programs. A protection program would actually have to take control over the entire OS, not just parts of it. A massive job to say the least..

Also, its not really a case of Microsoft deciding not to protect Windows 98 for example. The truth is they made mistakes years ago, and to fix them they would need to redesign the whole OS. Not only would this take them a long time, the patch you would download would be a whole new OS, probably a 150MB download :)

I dont blame them for simply pushing forward common sense says its best to abandon the older code and try to learn from the mistakes back then :)