can tds-3 can detect more trojans than kaspersky

Hello coolguy_1000 and welcome to the forum!
Let's say they both have different ways, and own databases, would not dare to say which detects more, as both are very much up to date all time.
TDS-3 references: 32889. Last updated Mon Mar 22 2004. Which is really a lot!
Do you own both programs? They work very nice together, where KAV adds the anti-virus and several scripts detection among others.

it is very difficult to say which of them detects more trojans . both of them provides excellent protection for trojans .

I can tell you that TDS-3 detects a lot of trojans that few and in many cases NO other program detects. This is because of intensive underground research and investigation, and also from submissions from people who do the same as me - hang around the trojan scene and collect trojans. Some primarily do this to help since they are licensed users of TDS and Process Guard and appreciate the work we do to protect them.

IMHO these trojans are more dangerous than any that AV companies detect, since AV companies do mostly detect ITW threats, not rare samples. That is the nature of antivirus software, to react to large scale threats as they appear.

Coolguy...

I've used a number of AT's before deciding on TDS-3. Even though I'm a newbie, I was able to use it quite easily. I fortunately have not run across any trojans in my travels, so I also cannot comment on which one best traps the most. But after using it for only a couple of weeks, I am very confident TDS is up to the task if one happens to find me! 8)

D&C

HI Coolguy.....

Why not run BOTH.... I do!!!

I have used TDS3 for quite a while now, and in the last month [edit: changed my AV] to KAV, which IMO is a superb proggy for all-round, especially virus which is what it's primary function is.

TDS's primary role is the detection of Trojans. ;D

Cheers, Adrian.

TDS is a much deeper program coolguy, I just switched to it, after using Kapersky, although system resource is an issue with me, (TDS uses more), I think if you are in a lot of danger, you will be way ahead of the game with TDS. Just my two cents worth.

I'm very suprised Gavin thinks TDS is the better anti-trojan!

KAV isn't an antitrojan ?

It is also primarily an ITW system, like all AV. Yes they do have some submissions from underground trojan users, but if they detected EVERYTHING then there wouldn't be any trojans that are not detected by it. There ARE..

There are also many detection methods in an AT system, not just 1 scanning method.. no, not memory scanning - AV only use memory scanning for memory resident style viruses

Besides, Process Guard is the best anti trojan :) Trojan authors have spent years developing injection trojans for firewall bypass, and API hooking for stealthing - be it usermode or driver based rootkits. Process Guard defeats the METHOD of attack, no signatures required. Unknown trojans exist, private beta versions, patched versions, for sale versions. No AV can detect these especially the for sale recompiled versions. If an injection/rootkit trojan is blocked generically, your firewall can block any other style of trojan, that is what your firewall is for :)

So Gavin are you saying that there are no trojans that TDS doesn't detect?
I personally don't think it is ethical for one of the manufacturers of one of two products being discussed in comparison to each other should contribute to that discussion,if both contribute it would be balanced but only one involved will give the thread a very one sided view.I cannot believe that any vendor of any product can have such in depth knowledge of other vendors products to know EXACTLY how they work(If your knowledge of the workings of KAV are so exact why dont you produce an AV thats as effective/good?)
Please dont take offence at the above it isn't directed at TDS alone,I would feel the same if KAV had entered the thread and TDS hadn't

Personally, I did not see Gavin claim that TDS can detect "all" trojans. Besides, new ones are churned out all the time.

I also don't see Gavin saying anything "bad" about KAV - he just pointed out the obvious - KAV=AV and TDS=AT.

Personally, I don't use my toaster to grill my fajitas.

Yes I did not say KAV is bad - it isn't bad at all. This whole topic should probably have been locked considering it seems like trolling but anyway.. ::)

I also didn't say TDS detects ALL trojans, nothing possibly can, EVER. I DID however say why we created Process Guard and why there are trojans "out there" being used by smart attackers - trojans which nothing can stop except Process Guard :)

I'd just like to add I have the utmost respect for the KAV team, if it wasn't already evident - they do a great job :) Our job (AT) is about being an important part of layered security

-{ Quote: " quoting: steve1955 link=board=25;threadid=25341;start=0#msg153848 date=1080852709]
I personally don't think it is ethical for one of the manufacturers of one of two products being discussed in comparison to each other should contribute to that discussion,if both contribute it would be balanced but only one involved will give the thread a very one sided view.
" }-

I think there is not a big deal if one vendor contributes here to a discussion as long it is not going to be bashing the competition, making false claims or even posting here anonymous.

wizard

Sorry to be pedantic but to me the phrase:-
Yes they do have some submissions from underground trojan users, but if they detected EVERYTHING then there wouldn't be any trojans that are not detected by it. There ARE
makes it seem as though you are saying KAV onl gets submissions of a small number of trojans and in no uncertain terms states kav doesn't detect all trojans(which most people know) and would have been more balanced if it read:-
Yes they do have some submissions from underground trojan users, but if they detected EVERYTHING then there wouldn't be any trojans that are not detected by it. There ARE,we also admit that there are some that our product (TDS) doesn't detect also

I think Gavin's response was still o.k.

However, I believe that Kaspersky ACTIVELY searches the malware scene for new trojans. Contrary to other AV software producers, Kaspersky does not solely rely upon submissions. That's why KAV detects so MANY trojans.

It is not easy to determine whether KAV or TDS will detect more trojans. Both scanners are pretty good: Over the last few months I have tried to collect as many trojan samples as possible. Most of them are detected. But neither KAV nor TDS can detect all of them.

For example, both KAV and TDS will fail to detect BAD R.A.T. 1.1 ... (At least TDS heuristic will tell you that a non-compressed BAD R.A.T. server has keylogging abilities.)

Hi ntl,

I thought I had a sample of that, but maybe I was thinking of something else.. a source only release MAD-RAT might be the one I'm thinking of..

Please submit samples to both of us ? You know the addresses :)


- Agreed they do work hard on collecting and have good people too :), SEARCHING is a requirement for detecting a lot of trojans.

Again, nothing will detect everything (which is the bad side of things)

One thing that does come out of this ,from my point of view, is that at least it is clear that Gavin and the people at TDS do take an interest in this(and perhaps other forums)so are therefore concerned about what the public/their customers want and are worried about.I wish other vendors (not just security software) would show the same interest and concerns,some seem to have the attitude(especially those in a very market dominating position) "this is the software we make- take it or leave it!"

hmmmm..... I cannot for the life of me, see how Gavin could have been any clearer in his definition of TDS and KAV. ;D

His reply was simply based on the original poster's ?? and it made perfect sense, and the later posts merely confirmed he held KAV in high esteem, as I do [now, just changed over to it ;)]

Cheers, TAS

edit: Agree with you Steve on last post. ;D Yes, they certainly do take pride in their work and are probably THE most pro-active vendors out there today. Helping via their own webiste and here as well + DSL.

I do agree though, that I should exit this thread :)

I admire anyone that can tolerate Kaspersky. That product, in my opinion, redefines bloatware. Is there a trick to make the thing less clunky and slow?

-{ Quote: "I admire anyone that can tolerate Kaspersky. That product, in my opinion, redefines bloatware. Good god.. Bad interface, buggy as hell, crash prone, slow, and overall, just annoying as heck to run!
" }-

Experiences differ SO much from person to person and systems...
In my PC KAV 4.5 was slowing things a bit and didn't choose it.
I didn't believe my eyes yesterday when I saw at a friend's PC with
XP pro how good was KAV (4.5.0.95).
Installed without a single problem
(I chose custom installation with core,Monitor and Updater only)
and Monitor was doing fine with the default settings.
For the man was really a relief after trying some other software !!!

I know this isn't a common experience with KAV,but ;D

AVK ... KAV Engine + RAV Engine = Godlike Heuristics, not sure anything can beat that combo, plus the pool of about 200k definitions?

Theres your $29.00 winner right there guys.

http://www.extendiaavk.com/index.asp

Has grabbed MANY things that TDS or the others missed (yes I sent them to TDS and the others).

Kobra,

No offense, but apart from promoting an unsupported anti-virus heavily, you are merely moving air. It's very easy to make statements as you do without just one bit of proof coming with it. In the meanwhile, people over here are getting the message as it seems - finally.

slash

@Backslash

You called me a troll, Kobra is merely moving air, Andreas Marx tests are absolutely flawed, etc.

Both of the last posts include personal comments of the like which cannot be tolerated in a forum such as this if some sort of order is to be maintained. At this time, I will not edit them. However, if this is continued in any form I will remove all such posts completely. Lets debate with dignity, gentlemen and ladies.

@Detox

Agreed. Please feel free to delete the last two sentences of my post. The first sentence already explains what's going on.

I have done so - and your understanding is appreciated. Now everyone stay on topic ;D

I'd like to see some other reviews of AVK as well.. I love the idea of something with KAV + RAV for $30 and minus the bloat, but I'd like to see a thumbs up from West Coast or someone who can verify that it's not doing something it's shouldn't. I'm sure that StopSign and Virtual Bouncer had some pretty cool reviews to begin with, too. AVK sounds incredible.. too incredible, for $30.

As far as KAV vs TDS goes, I prefer having TDS for trojans as it's specialized. I like what I've heard about KAV, but it's failures on such tests as the VB100% lead me to believe that there have been a few false positives. It makes sense to me that a product that has a great specialty in one type of malware is going to do what it does very well. If you stretch yourself too thin, however, then something is bound to end up lacking.

I have personally opted for NOD & TDS (for scanning), two specialized products that do what they do very well and very efficiently. I haven't had any false positives and have had no overall negative impact on system performance, and I know that the developers are very well versed in their respective fields.. I wouldn't have it any other way.

-{ Quote: "I'd like to see some other reviews of AVK as well.. I love the idea of something with KAV + RAV for $30 and minus the bloat, but I'd like to see a thumbs up from West Coast or someone who can verify that it's not doing something it's shouldn't. I'm sure that StopSign and Virtual Bouncer had some pretty cool reviews to begin with, too. AVK sounds incredible.. too incredible, for $30. " }-
Although this is not directly on topic, I don't think AVK sounds incredible for $30. It sounds about right given their corporate model. $30 (or the $20 single engine version) is the lowest tier in AV pricing above free - they're going for the folks who may be nervous about a free AV solution, but want to keep costs low.

They are certainly a very lean organization. The AV integrates and repackages current and/or previous generation engines of well respected applications with current signatures. As such, they don't have a application development team per se, nor an extensive support organization. Most of the issues that we'd refer to as support (integrating new viruses into signatures, dealing with false positive issues) can be fed to the AV engine parents since these are generic issues tied to the signature subscriptions. Most of the other components of "support" are non-technical in nature and can be handled by a sales/marketing function. As noted elsewhere (http://www.dslreports.com/forum/remark,10578700~mode=flat), refunds are not offered on the downloaded product. The net result is that corporate overhead is very low.

As far as the product price point, look at the cost of KAV in quantity. 250 seats of KAV WS can be had for roughly $10.25 per seat from KL with support. Commit to more and the price should drop further, although I don't have any idea what the bottom is, but let's say it's between $5-$10/seat. For KAV/RAV/Bitdefender, it's a continuing revenue stream on, likely, an older version of their AV engine without appreciable support requirements. For the remarketer, it's a cost that allows you to build in a reasonable margin and still provide a low cost solution. The other thing to look at is the continuing cost of license extensions - for the AVK double engine it's $30 new and $25 for renewal versus ~ $50 new and ~$35 renewal (assumed 30% returning customer discount) for KAV from KL. Year over year, KAV is more expensive, but the differential is not as great as it first appears.

The whole situation is really no different than the private label/store brand approach that many manufacturers take to provide additional outlets for there products at lower price points. It's a potentially winning combination for both vendors and users.

If you don't need significant post-sales support, want a quality technical solution, and wish to keeps costs low, AVK looks to be a very attractive package. The only downside is when there is an incompatibility between AKV and something on your system. It's unlikely you'll receive rapid response support, but that's not something you've paid for. You will, however, often find fellow users out there who may be able to assist you.

Getting back on topic, as for using KAV or any other AV focused solution for extended malware coverage, I'm with you Notok - at the current state of development, I'll go with a multiple combination of specialized solutions (TDS-3 used here also) that are generally not continually active. Part of the rationale is a classical layered strategy, part of the reason is an ability to more finely tune the context in which the various solutions are applied (i.e. is it always active, demand only, etc.)

Blue

I got a phone call last night and hit "send" in the middle of editing, so I thought I'd finish my thoughts here.

AVK may not be directly on topic, but I think it's quite relavant to the topic. There are many things to consider when trying to find that balance between layered security & simplification (something I'm activly trying to find myself) and seems to be the issue here more than any specific product.

I can certainly understand how the company could obtain the engine and repackage it for a low price, but I think there are other considerations, such as where the updates come from, what version of the engines AVK is running etc. I'm sure it's a great product right now, but what about a year from now? I'd also be interested in seeing how it stacks up against the likes of NOD performance wise. We're also looking at what seems like a new company, and would like to know more about their business practices. Are they really dedicated to security? That's why I threw StopSign and Virtual Bouncer in there.. I would hate to recommend something to, say, my mother, and have it turn out down the road that it's downloading malware that "only" it can fix (or something of that ilk), I'm also eternally skeptical of companies that offer "reviews" in place of technical details of the product on their webpage, and don't openly offer a trial. Bottom line is that I'm taking a "wait and see" attitude with this. I'll keep an eye on it, but will wait until I see some more information by accredited independant sources before forming a real opinion either way. It's not getting the core components wrapped up into a new package for cheaper, it's the idea of "You get Kapersky, RAV, a firewall, encryption software, spam filter, ad blocker, content filter, backup tool, (etc etc etc) for ONLY $30!" that makes me take a step back and think "this sounds too good to be true." But then it doesn't help that I'm a pretty skeptical person to begin with.

If it works out, however, I would certainly recommend it as a good alternative, and would seriously considering picking it up as a secondary for on demand scanning to integrate with my download manager, Sentinel, RegRun, etc. (haven't quite got the simplification part down yet ;) ) At any rate, things to consider when choosing any scanner, be it KAV, TDS, AVK, NOD, or any other programs with 3 letter acronyms for names.

Back to TDS vs KAV (specifically), the main kicker for me there, too (right beside performance), is that the specialized trojan scanner also gives you tools to help find what it can't detect. Even if you don't know how to fully utilize all the tools, you can view the help files offline. For example: if your system gets compromised, and someone or something is activly preventing you from getting online and getting help, you could be dead in the water, where something like TDS can help to hunt down the offending malware so that you CAN get more help. It's not just about what the scanner can pick up anymore. Maybe pre BackOrifice I could recommend something as a catch-all, but it's just not that easy anymore. You have to develop strategies for getting Windows installed SAFELY, who would have thought?!

Even if you prefer KAV over the other AVs, I would still recommend using a dedicated AT like TDS.

Blue: Exactly, I think the key words there are "current devlopment" Hopefully someone will come along that can help integrate these layers in a real way at some point, making some of these decisions a little less consuming.. even if it's just something that can manage a variety of other products. (Hmm.. if only we could get the OSS community more interested in Windows security.)

-{ Quote: ""You get Kapersky, RAV, a firewall, encryption software, spam filter, ad blocker, content filter, backup tool, (etc etc etc) for ONLY $30!" that makes me take a step back and think "this sounds too good to be true." But then it doesn't help that I'm a pretty skeptical person to begin with." }-
I have to agree - that offer gave me a lot of to pause about. Wouldn't touch it with the proverbial ten foot pole.

-{ Quote: "Back to TDS vs KAV (specifically), the main kicker for me there, too (right beside performance), is that the specialized trojan scanner also gives you tools to help find what it can't detect. Even if you don't know how to fully utilize all the tools, you can view the help files offline. For example: if your system gets compromised, and someone or something is activly preventing you from getting online and getting help, you could be dead in the water, where something like TDS can help to hunt down the offending malware so that you CAN get more help. It's not just about what the scanner can pick up anymore. Maybe pre BackOrifice I could recommend something as a catch-all, but it's just not that easy anymore. You have to develop strategies for getting Windows installed SAFELY, who would have thought?!" }-
Excellent points!

I hadn't explicitly given any thought to the associated tools and information that TDS-3 specifically provides since I hadn't needed to use them. When you get down to it, these ARE the make or break components if you are down and are trying to get a handle on things. Even if the argument of a layered approach doesn't appeal, TDS-3 (I can't speak for others here) does have an extended complement of utilities to help you investigate, isolate, articulate, and resolve system problems that are simply not found in any other package that I know of, nor in many competing AT products. Some (many?) of these tools are available as standalone units, but you are quite right, the help files provide additional information and context that really would assist in a systematic investigation of a problem.

Maybe the best way to capture this is "treatment of malware" vs. "system/systematic diagnostics and treatment of malware". I'll always opt for the latter given an option. Treatment alone works if there's a standard therapy available. If a standard solution isn't available, you're dead in the water - so to speak. It's tough being patient zero, but products such as TDS-3 do provide measures that could save you.

Blue