I currently use Kaspersky Antivirus 2009 + Outpost Firewall Pro 2009 + Counterspy Antispyware 3, and have no problem running all of them together.
But I currently wanted to add an anti-trojan program and an anti-rootkit program on my system, so are there any recommendations for anti-trojan softwares that don't cause compatibility problems with the programs I listed above? ??? Also, please mention which anti-trojan program has real-time protection, and which program has only on-demend scanning function. Thanks for any advice.:D

I'll be honest with you. You really don't need anything else.

Thanks for your quick reply.
But it was Everest that told me I have no Anti-trojan Software Installed.
So I was concerned of not having an anti-trojan program.
Since Counterspy is an anti-spyware program, I think I should still install a trojan specified anti-trojan software.
Or should I just simply ignore what Everest listed?
Any suggestions?

You get trojan detection with some of the av and antispyware programs.
Kaspersky used to have a good reputation for trojan detection.
In my opinion, you don't need an anti-trojan program.

Edit**After looking at CounterSpy's website, I doubt that you need any additional programs as anti-rootkits either.**

All good "AVs" have anti-trojan/anti-rootkit protection integrated,there's no need for additional system clutter.They are anti-malware rather than just AV nowadays.They tend to stick with the title Antivirus because that's what most users are familiar with.

OK. I've got it.
I will ignore the Everest anti-trojan software list that displayed as empty.
Thanks for your help!:D

-{ Quote: "OK. I've got it.
I will ignore the Everest anti-trojan software list that displayed as empty.
Thanks for your help!:D" }-

nice avatar ;D

-{ Quote: "nice avatar ;D" }-
Yeah. I used it because it is really funny.;D
I think you would like another one that I attached below.:D

sounds like you have decided & I can add little except that I agree additional anti-trojan would be duplication of effort. Likely to cause more issues than help. Why add security that is not needed.

-{ Quote: "Yeah. I used it because it is really funny.;D
I think you would like another one that I attached below.:D" }-

hehe nice, wer do u get these?

-{ Quote: "hehe nice, wer do u get these?" }-
My friend gave it to me, so I was curious about how did he get this pics, too.
By the way IE8 has released, I've decided to test it in VMWare to see if there are "any" improvements than IE7.;D

For Free on demand scanners (all 3 will detect trojans):

A-Squared Free (does run a service but has no real time protection)
MalwareBytes Anti-Malware (free version is a scanner only)
SUPERAntispyware (free version is a scanner only)

Rootkit scanners (free):

F-Secure Blacklight
Trend Micro RootkitBuster

-{ Quote: "For Free on demand scanners (all 3 will detect trojans):

A-Squared Free (does run a service but has no real time protection)
MalwareBytes Anti-Malware (free version is a scanner only)
SUPERAntispyware (free version is a scanner only)

Rootkit scanners (free):

F-Secure Blacklight
Trend Micro RootkitBuster" }-
Thanks for your reply.:)
It took me quite a long time to find the F-Secure Blacklight download link.
So I decide to share that link here.
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
And I would like to know that since A-Squared runs a service, will there be a conflict if I run them together with my current settings (Kaspersky Antivirus 2009 + Outpost Firewall Pro 2009 + Counterspy Antispyware 3)?

-{ Quote: "
And I would like to know that since A-Squared runs a service, will there be a conflict if I run them together with my current settings (Kaspersky Antivirus 2009 + Outpost Firewall Pro 2009 + Counterspy Antispyware 3)?" }-

It wont but you do realise that those 3 apps in realtime all have HIPS?

-{ Quote: "I think I should still install a trojan specified anti-trojan software.

Any suggestions?" }-

Trojan Remover would qualify, ive tested this at several occasions against in the wild trojans and faired practicly 100% but i do believe AT's to be more in the range of AS/AM's as they also detect rookits,etc.

TR wouldnt conflict, it only scans on startup

-{ Quote: "It wont but you do realise that those 3 apps in realtime all have HIPS?" }-
Yes, I do.
But KAV and Counterspy rearly has a HIPS popup window.
Only Outpost has very frequent HIPS popups.
So I don't think it is a big problem.
But I will disable CS & OP's real-time protection when performing system backup or installing programs to decrease the popup windows.

-{ Quote: "Trojan Remover would qualify, ive tested this at several occasions against in the wild trojans and faired practicly 100% but i do believe AT's to be more in the range of AS/AM's as they also detect rookits,etc.

TR wouldnt conflict, it only scans on startup" }-
Sounds good. I'll give it a try.
But it seems that TR is not an on-demand scanner???

-{ Quote: "Yes, I do.
But KAV and Counterspy rearly has a HIPS popup window.
Only Outpost has very frequent HIPS popups.
So I don't think it is a big problem.
But I will disable CS & OP's real-time protection when performing system backup or installing programs to decrease the popup windows." }-

Im not so much concerned with popups as with under the hood conflicts, i strongly advice to keep 1 HIPS enabled at all time.

-{ Quote: "Sounds good. I'll give it a try.
But it seems that TR is not an on-demand scanner???" }-

Seems? At least as far as i know it only has a realtime scanning at startup wich is basicly the same as ondemand unless you have some new info

-{ Quote: "Seems? At least as far as i know it only has a realtime scanning at startup wich is basicly the same as ondemand unless you have some new info" }-
OK. I've figure out how to disable the startup scan finally.
I'm trialing TR now, and there are no problem so far.
So I think I wtill make a purchase of TR after 30 days.
Thanks for your advice.:)

-{ Quote: "Im not so much concerned with popups as with under the hood conflicts, i strongly advice to keep 1 HIPS enabled at all time." }-
I have HIPS enabled for all of the 3 softwares and have no conflicts so far.:D
The only "problem" is there are frequent popups, but that's not really a problem actually.

-{ Quote: "And I would like to know that since A-Squared runs a service, will there be a conflict if I run them together with my current settings (Kaspersky Antivirus 2009 + Outpost Firewall Pro 2009 + Counterspy Antispyware 3)?" }-

No I am running the latest versions of KAV, Outpost Firewall Pro and Prevx. The free version of A2 does not provide any upfront protection so it doesn't conflict. I don't know why it needs to run a service for an on demand scanner. If you search on the forum there are posts how to disable the service. I just let it run as it is only using 1-2 MB.

-{ Quote: "No I am running the latest versions of KAV, Outpost Firewall Pro and Prevx. The free version of A2 does not provide any upfront protection so it doesn't conflict. I don't know why it needs to run a service for an on demand scanner. If you search on the forum there are posts how to disable the service. I just let it run as it is only using 1-2 MB." }-
Thanks for your reply.
I think I should still leave the service enabled. It is safer I think.

-{ Quote: "Thanks for your reply.
I think I should still leave the service enabled. It is safer I think." }-

Acctually more services can and usually mean less protection.. Disabling for instance unused windows services will make you more secure from zero day threats. And having several HIPS is being overly paranoid in my mind.. Picking a STRONG one and Configuring it RIGHT is the way to go, and that should pretty much be all HIPS/BB you need.. :thumb: :)

you can have some on demand scanners along that.. and a antivirus + ofc a firewall.. activating windows built in DEP is also a good thing, since none of those listed will provide good protection from buffer overflow attacks AFAIK.. Sandboxing is also a strong approach you could consider.

I once had FS Blacklight, but I am under the impression that FS stopped supporting it with updates. However, it never found anything, and I decided that KIS was enough and uninstalled it.

What is the current status of Blacklight? I don't see it on the FS site. Maybe updates are not important.

Thanks,
Jerry

-{ Quote: "I once had FS Blacklight, but I am under the impression that FS stopped supporting it with updates. However, it never found anything, and I decided that KIS was enough and uninstalled it.

What is the current status of Blacklight? I don't see it on the FS site. Maybe updates are not important.

Thanks,
Jerry" }-
The following link is F-Secure Blacklight's website.
http://www.f-secure.com/en_EMEA/products/technologies/blacklight/
I am not sure about its current status, but I guess maybe it has combined into F-Secure Anti-virus, so no more updates for stand-alone F-Secure Blacklight.

-{ Quote: "Acctually more services can and usually mean less protection.. Disabling for instance unused windows services will make you more secure from zero day threats. And having several HIPS is being overly paranoid in my mind.. Picking a STRONG one and Configuring it RIGHT is the way to go, and that should pretty much be all HIPS/BB you need.. :thumb: :)
" }-I would like to know which software I am using has the best HIPS? In my opinion, Outpost has the best HIPS.-{ Quote: "
activating windows built in DEP is also a good thing, since none of those listed will provide good protection from buffer overflow attacks AFAIK.
" }- DEP protection has been enabled by default.:) And I would like to know which option in the DEP settings is better? The first option "Turn on DEP for essential Windows programs and services only." or the second option "Turn on DEP for all programs and services except those I select:". In order to avoid conflicts, I selected the first one(also the default one).
-{ Quote: "Sandboxing is also a strong approach you could consider." }-
I've been using Sandboxie already, but thanks for your suggestion anyway.

-{ Quote: "I would like to know which software I am using has the best HIPS? In my opinion, Outpost has the best HIPS. DEP protection has been enabled by default.:)" }-

No idea have not used them.. use the one you like.. Outpost seems to have a nice HIPS.. Myself are relaying on CIS. Very powerful and a fav if you like playing with settings. ;D :) Probably the most powerful hips out there.. D+.. Still some disagree due to it leaves all options up to the user..

-{ Quote: " And I would like to know which option in the DEP settings is better? The first option "Turn on DEP for essential Windows programs and services only." or the second option "Turn on DEP for all programs and services except those I select" }-

"Turn on DEP for all programs and services except those I select:" Is more comprehensive and "secure" theoretically.. But you need to add some programs manually there or else they will fail to run. If you by some reason has major problems with it then using the settings you have now will serve fine.

-{ Quote: "No idea have not used them.. use the one you like.. Outpost seems to have a nice HIPS.. Myself are relaying on CIS. Very powerful and a fav if you like playing with settings. ;D :) Probably the most powerful hips out there.. D+.. Still some disagree due to it leaves all options up to the user..



"Turn on DEP for all programs and services except those I select:" Is more comprehensive and "secure" theoretically.. But you need to add some programs manually there or else they will fail to run. If you by some reason has major problems with it then using the settings you have now will serve fine." }-
Thanks for your suggestions.:D

Think the same thing, pootel - AWESOME avatar! ;D Had to begin use this in another forum - hope it's okay with you. :D

-{ Quote: "Think the same thing, pootel - AWESOME avatar! ;D Had to begin use this in another forum - hope it's okay with you. :D" }-
No Problem. Feel free to use it.;D
Just out of my curiosity, which forum did you mean exactly? Security forum also? Hope this question won't bother you.:D

-{ Quote: "No Problem. Feel free to use it.;D
Just out of my curiosity, which forum did you mean exactly? Security forum also? Hope this question won't bother you.:D" }-

To take it short: yes, it's a security forum. It's the first forum I've ever joined. :)

You do not need anything but if you consider to have good anti-trojan program in future for whatever reason then Trojan Remover from simplysup.com is very good choice.

I would add my few cents into the pool.

AV will detect all sorts of malware regardless of its name. You don't need 1 anti-virus, 1 anti-trojan, 1 anti-keylogger, 1 anti-spyware, 1 anti-rookit.

Last few years I tested quite a few anti-trojans and the result is utterly abysmal. Despite its name they miss far too many modern trojans. It appears they are merely a waste of system resources to let them run in the background. Anti-trojan market is dead and only consists of a very small market. So it isn't surprised they don't have adequate resources and money to software upkeep and signature updates.

I only install 1 AV (Avira) which has the best detection rates throughout the year according to AV-Comparatives and AV-Test. The best thing is it's free. Free is hard to beat.

There is a simple way to stop rookit fast and cold without anti-rootkit or updating your signatures. Don't open the door wide all the time. Most users are using admin account so it means any software is free to change whatever they want on a system including the kernel. No rootkit can work if you completely lock up the cores of the operating system from modification. HIPS and limited user account can do the job for you.

-{ Quote: "
There is a simple way to stop rookit fast and cold without anti-rootkit or updating your signatures. Don't open the door wide all the time. Most users are using admin account so it means any software is free to change whatever they want on a system including the kernel. No rootkit can work if you completely lock up the cores of the operating system from modification. HIPS and limited user account can do the job for you." }-

I think that has it in a nutshell. Separate AT software is unneeded as there are excellent AV & FW programs out there that do the job already.
But the point about not always using a PC in 'Admin' mode is the one thing that let's 95% of 'average' PC users end up malware infected.

By the way, I love the avatar of 'pootel' as well - if only for the wonderfully naive wishful-thinking that it represents.;D

You could try Trojan Hunter (http://www.misec.net/trojanhunter/). It use to be a good anti-trojan nowaday I'm not so sure about the pertinence of having that kind of software (anti-trojan)...

-{ Quote: "You could try Trojan Hunter (http://www.misec.net/trojanhunter/). It use to be a good anti-trojan nowaday I'm not so sure about the pertinence of having that kind of software (anti-trojan)..." }-

Check the link, and you'll see why it isn't working (cause it's not ;D).

I don't remember the last time I considered AT software, but I remember I was interested in only-realtime BOClean back then - before it went to COMODO ofc. ::)

-{ Quote: "Check the link, and you'll see why it isn't working (cause it's not ;D).
" }-

Try this : http://www.misec.net/trojanhunter/ ::)

-{ Quote: "Try this : http://www.misec.net/trojanhunter/ ::)" }-

Haha, "cheater". :D

-{ Quote: "Haha, "cheater". :D" }-

:argh: No way I would let you go with that! LOL :argh:

If you still think you need a antirootkit, almost very antivirus company makes one now but there are a few that are made by one man shows that are very good and most are still being updated.

Here is a small list and not in any order. RootRepeal has just been updated to cover
a variant of the TDSS rootkit that has somehow been preventing a lot of anti-rootkits from doing their low-level disk scans

IceSword
Gmer
Cmark
KX-Ray
RootRepeal
Kernel Detective
Unhackme
Radix

Thanks for all recommendations above.:D
And sorry for my late reply, it was because my email subscription to this thread has been automatically disabled. Strange.???
Luckily I came back to this thread "manually" and found those new replies.
-{ Quote: "If you still think you need a antirootkit, almost very antivirus company makes one now but there are a few that are made by one man shows that are very good and most are still being updated.

Here is a small list and not in any order. RootRepeal has just been updated to cover
a variant of the TDSS rootkit that has somehow been preventing a lot of anti-rootkits from doing their low-level disk scans

IceSword
Gmer
Cmark
KX-Ray
RootRepeal
Kernel Detective
Unhackme
Radix" }-
Thanks.
But WOT has warned me that Gmer's site contains malicious files.
And KX-Ray sounds good, but I can't find its download link.
By the way, I've tried Radix before, its nice.
So I am going to try RootRepeal now and see how it works!

Anti-Trojans have been incorporated into most anti-virus/anti-spyware programs so they are obsolete today. Your current AV/AS will detect and remove any malware recognized as a Trojan.

-{ Quote: "Anti-Trojans have been incorporated into most anti-virus/anti-spyware programs so they are obsolete today. Your current AV/AS will detect and remove any malware recognized as a Trojan." }-

It's funny then that we see stuff every day that flies past all AV scanners...

Really - MSE identified and quarantined some Trojans I accidentally downloaded from the Internet. So a specialized anti-Trojan is no longer necessary. Back in the days when AV caught only viruses, a separate AT made a lot of sense. Today AT/AS technology is integrated into AV/AS suites for throughly comprehensive anti-malware protection.

-{ Quote: "Really - MSE identified and quarantined some Trojans I accidentally downloaded from the Internet. So a specialized anti-Trojan is no longer necessary. Back in the days when AV caught only viruses, a separate AT made a lot of sense. Today AT/AS technology is integrated into AV/AS suites for throughly comprehensive anti-malware protection." }-

Seems that you've swallowed the AV marketing speak hook, line and sinker. I see stuff in the lab every day that AV scanners miss completely so saying that specialized AT/AS programs are no longer necessary is almost comical. Just goes to show that with effective advertising you can make people believe almost anything.

-{ Quote: "Seems that you've swallowed the AV marketing speak hook, line and sinker. I see stuff in the lab every day that AV scanners miss completely so saying that specialized AT/AS programs are no longer necessary is almost comical. Just goes to show that with effective advertising you can make people believe almost anything." }-

uuuhm, however like this you go nowhere...

The issue is not piling up signature based scanners one over the other to detect threads other tools fails to detect (and this applies to any product including dedicated trojan scanners), you will end up like with "chinese boxes" or Russian Matryoshka :) and the effort will, most likely, not proportional to the benefit.

The way forward is instead to complement signature based tools with other security measures such as HIPS, behaviour blockers and/or sandboxing.

Dedicated signature based AT/AS programs within the above scenario are less and less attractive, needed or desirable....

Cheers,
Fax

-{ Quote: "Seems that you've swallowed the AV marketing speak hook, line and sinker. I see stuff in the lab every day that AV scanners miss completely so saying that specialized AT/AS programs are no longer necessary is almost comical. Just goes to show that with effective advertising you can make people believe almost anything." }-
Actually, from what I've seen here at Wilders, people are pretty savvy about what you refer to as "effective" advertising... and by "effective", I am making the assumption that what you really mean is "misleading". Most folks here at Wilders demonstrate a pretty good ability to decide whether or not a product is worthy, or redundant, or useless or necessary. I think you are a bit off if you attribute a Wilders member's opinion to having swallowed a marketing scheme.
-{ Quote: "The way forward is instead to complement signature based tools with other security measures such as HIPS, behaviour blockers and/or sandboxing." }-
Well said. :thumb:

-{ Quote: "I see stuff in the lab every day that AV scanners miss completely so saying that specialized AT/AS programs are no longer necessary is almost comical." }-

Yes AV keeps missing new and unknown malware. But since it's called AT program it doesn't mean it's really specialized in trojan detection. It's actually much worse than AV. There is a review one or two years ago which many ATs only detect about 1X% ITW samples while the mainstream AV can detect 90-99% ITW samples. AT market is very small and they don't get enough money to improve their products and keep them up-to-date. AT is a dying business.

Also it shares the same problem that AV has - blacklist approach means new and unknown could get passed it. You are hardly adding any security benefits by adding yet another blacklist-approach program.

How many programs are coming out in the world? How many of them do you really install on your computer? Blacklist approach is a bad point to start with. What we really need is a whitelist approach. All files should be denied to be executed by default except specially approved by you.

Sandboxing/Virtualization/Security policy software is what you really need.

You may wish to try AVZ from www.z-oleg.com. It is PARANOID AND AGGRESSIVE!

Dave

I don't question what others have found in cleaning and working with computers. I don't have the experience to discuss such. However, as I read AV Comparatives last tests I see that some of the best AVs detected in excess of 97% of trojans, Avira detected 99.7%.

Accordingly unless the addition of a dedicated AT gives 100% detection I fail to see the need for a dedicated AT.

While all AVs are not equal in that detection the best ones are sufficiently good that I do not believe I need an AT. In the past I have had probably 4 attempts at penetration by malware. I did have both AV and AT. The AV caught the 2 trojans and not the AT. I realize that this should be the norm, but it has convinced me an AT running realtime is unnecessary for my use.

Regards,
Jerry

-{ Quote: "You may wish to try AVZ from www.z-oleg.com. It is PARANOID AND AGGRESSIVE!

Dave" }-i think this is arabic language;D do you have another link?thanks:thumb:

-{ Quote: "i think this is arabic language;D do you have another link?thanks:thumb:" }-
This is russian; you can try an online translator if you are impatient.

Sample of this page as translated by rustran.com:
"As is known, the principle of work AVZ in many respects is based on search in studied system of various anomalies. On the one hand, it helps with search Malware, but with another suspicions to components of antiviruses, antispies and other legitimate ON, actively cooperating with system are quite natural. To suppression of reaction AVZ on legitimate objects and simplifications of the analysis of results of the analysis of system due to a mark of legitimate objects color and their filtrations from broad gullies applies base safe AV..."

-{ Quote: "This is russian; you can try an online translator if you are impatient.

Sample of this page as translated by rustran.com:
"As is known, the principle of work AVZ in many respects is based on search in studied system of various anomalies. On the one hand, it helps with search Malware, but with another suspicions to components of antiviruses, antispies and other legitimate ON, actively cooperating with system are quite natural. To suppression of reaction AVZ on legitimate objects and simplifications of the analysis of results of the analysis of system due to a mark of legitimate objects color and their filtrations from broad gullies applies base safe AV..."" }-thanks:thumb:

@JerryM The problem with trojans is that different AV vendors have different definitions as to what these malware are! ;D

@jmonge The dropdown menus are in English! ;D

BUT, if you were to have told me 50 years ago that we'd be corresponding "babblefishedly" with people all round the world by these tiny gadgets known as PCs, I wouldn't have believed it.

Best,
Dave

-{ Quote: "@JerryM The problem with trojans is that different AV vendors have different definitions as to what these malware are! ;D

@jmonge The dropdown menus are in English! ;D

BUT, if you were to have told me 50 years ago that we'd be corresponding "babblefishedly" with people all round the world by these tiny gadgets known as PCs, I wouldn't have believed it.

Best,
Dave" }-thanks:thumb:

trojan remover is a good program

-{ Quote: "I don't question what others have found in cleaning and working with computers. I don't have the experience to discuss such. However, as I read AV Comparatives last tests I see that some of the best AVs detected in excess of 97% of trojans, Avira detected 99.7%.

Accordingly unless the addition of a dedicated AT gives 100% detection I fail to see the need for a dedicated AT.

While all AVs are not equal in that detection the best ones are sufficiently good that I do not believe I need an AT. In the past I have had probably 4 attempts at penetration by malware. I did have both AV and AT. The AV caught the 2 trojans and not the AT. I realize that this should be the norm, but it has convinced me an AT running realtime is unnecessary for my use.

Regards,
Jerry" }-


Hey Jerry, got you beat. 99.8%;)

-{ Quote: "Hey Jerry, got you beat. 99.8%;)" }-

Hi Jeff,
But I may be a safer surfer than you??;D

On my laptop I just reistalled KIS so you are several points better than me. I'll get you to clean my computer when KIS lets the baddies through.:thumb:

Regards,
Jerry

As previous posters have stated; there is no need for a dedicated AT if you have a top rated AV.

http://www.av-comparatives.org/ is a good place to start.

-{ Quote: "You may wish to try AVZ from www.z-oleg.com. It is PARANOID AND AGGRESSIVE!" }-
And it's excellent. The English version of AVZ Antiviral Toolkit is here:

http://www.softpedia.com/get/Antivirus/AVZ-Antiviral-Toolkit.shtml