No problem, merely curious. When trying out Tauscan to see if it would find a zipped trojan, my Norton AV jumped in alarming me about finding this trojan in C:\Document and Settings\My username\Local settings\Temp before Tauscan had a chance to finish scanning.
Anyone who can confirm my hunch that Tauscan unzippes the file to this location in order to scan it?

Regards,

Pieter

It would certainly seem that way Pieter, I gave Tauscan a trial once, was not impressed and promptly removed it.

I'm momentarily in between Trojan scanners. Trying out this and that, you probably know what I mean ;). Tauscan did find the trojan after I disabled NAV Autoprotect so, no complaints there.
I was just wondering.

Regards,

Pieter

I guess Nav got there first and locked the file,better that than being missed totally. :)

That's for sure, Tinribs. I'm kinda new at keeping a "Zoo" on my PC so I'm very cautious.
Thnx for your time.

Pieter

Pieter, I was under the impression you were running Trojan Hunter.

A better choice, IMHO.

No need to doubt your memory, Tony ;D
I was, but thirty days fly when you're having fun.
I'm still trying to decide what it's gonna be. From what I've tried so far Trojan Hunter made the best impression.

Regards,

Pieter

Have a look atthe first 3 post in this thread (http://www.wilderssecurity.com/showthread.php?t=2839;start=0) concerning Tauscan. Might be of help when making a decision ;).

regards.

paul

Hi Paul,

That is an interesting read. Thnx. One extra question about that, if I may? If one would want to test if a scanner would pick up a polymorphic virus, would the virus have to be "in the wild"?
I mean, since it most likely would be picked up in the origfinal form?

Regards,

Pieter

Hi Pieter,

Since we're talking anti-trojans here, I presume you mean ITW (polymorpic) trojans/backdoors. These do not come necessarely in their "standard" form: it's quite common, the are packed, using a packager like (variants of) UPX, APack, PELite etc. - just to make detection more difficult.

Zoo trojans/backdoors ("collectors items", hardly ITW, but available at some dark places on ocassion) might be problem for many anti-trojans. It depends on the engine and strength from the anti-trojan wether or not they can handle these - in essence they can't IMHO. For that reason databases need updating: newly build/discovered nasties do have to be "patterned" in order to detect them.

HTH, regards.

paul

Yes, that is what I meant Paul.
To be honest, the only trojans that ever made it to my computer were picked up by NAV or came from these "dark places" ;) The ones I download voluntarily, I always make sure they are compressed (zip or rar) and stay that way for testing purposes only.

Again I'm happy to have learned even more then I asked for.

Regards,

Pieter

My pleasure, Pieter ;)

regards,

paul

For what it's worth,I have tried both Tauscan and Trojan Hunter.I chose Trojan Hunter.The biggest reasons I did were;TH scans a lot faster,TH had slightly better reviews/rankings,And TH warns me of "executable files with double extensions".I know what these files are,but it is reassuring for me to know that TH detects that.Don't get me wrong,I'm not saying Tauscan isn't a good product.I just prefer Trojan Hunter.I also am monitoring 3 other AT programs that have been mentioned here.I'll see when the dust settles if I am more "capable"(TDS-3) and how these other programs work after beta testing is done.

the Tester,

-{ Quote: "Don't get me wrong,I'm not saying Tauscan isn't a good product." }-

Actually, it is an anti-trojan one cannot rely on as a first line in defense. Most probably the upcoming version 2.0 is a quite different story - but for the moment, I wouldn't recommend Tauscan to anyone.

As for other choices: a matter of opinion. As it seems, you prefer running an "out of the box" software - nothing wrong with that. That said: running TDS using the basic configuration as posted by Jan over on he TDS forum seems just as easy to me ;).

Anyway, bottom line: go with the app you're comfortable with - and has at least a solid reputation.

regards.

paul

Thanks Paul.One of the first places I go to check out reviews is this site.Wilders is my most trusted site for reviews.Being new to the computer security "scene," wilders.org has helped me in a lot of decisions.Looks like I made the right decision when I switched to Trojan Hunter.I also am impressed with the way Magnus deals with support issues.I try to avoid saying anything bad about a program for one reason.My lack of experience and technical expertise.I leave that to you guys here that have the knowledge.(I'm still learning)Keep up the great work guys/gals.

-{ Quote: " quoting: the Tester link=board=25;threadid=3548;start=0#23941 date=1031610735]For what it's worth,I have tried both Tauscan and Trojan Hunter.I chose Trojan Hunter.The biggest reasons I did were;TH scans a lot faster,TH had slightly better reviews/rankings,And TH warns me of "executable files with double extensions".
" }-

I agree that TH is an excellent product, certainly my favorite. TDS is perhaps the most sophisticated advanced antitrojan product on the market, with one of the highest detection rates -- but I chose TH for its simplicity, ease of use, and ability to create custom detection rules.

Also, the resident portion TH Guard uses only about 1% or 2% system resources -- whereas TDS, when execution scanning is activated, uses about 12% system resources. Although for NT-family operating systems WinNT/2K/XP, this isn't an issue, yet for Win9x and WinME systems this is an important consideration, since those systems are much more limited in their resource handling.

And I'm not knocking TDS here, hehe I don't wish to get myself in trouble so near a "TDS haven"... I'm only saying that, especially on older systems running Win9x and WinME, TH may be a better choice because it's so light on resources: TH is not much of a performance drain on systems with limited resources.

I did try out Tauscan as my first AT product, but I wasn't impressed when it missed a common Sub7 trojan in a thread at dslreports security forum. Afterwards, I heard other reports of Tauscan missing trojans it should have detected, so I ditched it for TrojanHunter.

That said, it remains true that Tauscan still receives good marks at some places. Just witness these studies:

PC Flank Test #1, http://www.pcflank.com/art17d.htm
PC Flank Test #2, http://www.pcflank.com/art26d.htm

Tauscan rated first out of ten products tested in test #1, and second out of fourteen products tested in test #2. Also notable is KAV's performance. For those looking for a product that provides both AV and AT protection in a single package, Kaspersky (KAV) is well worth looking into.

Wouldn't a computer user's life be easy if all these tests produced similar results? LOL
Funny you should mention SubSeven, exactly the one that triggered NAV and this thread. I agree on your observations regarding TH and TDS although the ease of use was in my case the reason to prefer TH since I have no shortage on system resources the percentages were much lower. (P4, 1.4 Ghz, 384 MB RIMM,Windows XP Pro)
Thnx to all helping me make up my mind (Always a bit slow when making decisions ;))

Regards,

Pieter

Randy,

The pcflank tests have been heavily critized - and rightly so. Have a look at the pcflank forum.

regards.

paul

Paul,

He knows all about it he is a Moderator for them.


Randy,

All the boards i have been online i see you posting the same links to pcflank tests over & over & over & over again. Its doing no one any good. Give it a rest already.

EnufSaid,

-{ Quote: "He knows all about it he is a Moderator for them." }-

One doesn't necessarely imply the other ;) - Yes, I know Randy is moderating over there lately.


-{ Quote: "Randy,

All the boards i have been online i see you posting the same links to pcflank tests over & over & over & over again. Its doing no one any good. Give it a rest already." }-

No offense, but over on this board it's up to our team wether or not posting such a links are acceptable nor not. As you might have noticed: we find them acceptable.

regards.

paul

-{ Quote: " quoting: Randy_Bell link=board=25;threadid=3548;start=15#24111 date=1031730132]That said, it remains true that Tauscan still receives good marks at some places. " }-

I really question that results of PC Flank. They are hard to believe to be true.
Tauscan never outperformed at any of the tests at Rokop-Security and also Tauscan is not supported with new malware that Rokop-Security collects. Also they still do not catch some real old but still commonly used backdoor trojans.

Also everybody I know has given up to support Agnitum with new malware because they are now for over one year not able to set up a proper email contact.

wizard

-{ Quote: " quoting: Forum Admin link=board=25;threadid=3548;start=15#24119 date=1031737392]The pcflank tests have been heavily critized - and rightly so. Have a look at the pcflank forum.
" }-

Yes, and I was one of the harshest critics:

Disappointment in PC Flank Study
http://www.pcflank.com/forums/showthread.php?s=1b762ba4263973e98260bd2fa8cb41f3&threadid=162

I stated in my post that I had personally tested Tauscan, and rejected it because it missed some common trojans. I was trying to balance that negative comment with a positive one, and Tauscan's performance on these tests came to mind.

There is also Eric Howes' excellent study:

Informal Trojan Detection Test # 1
http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm

Tauscan seemed to be about in the middle of the pack in Eric's study.

No sarcasm needed over here, John. Please refrain from playing hard ball over here. Thanks.

regards.

paul

Got it.

-{ Quote: " quoting: MyNethingyman link=board=25;threadid=3548;start=15#25152 date=1032545081]
Got it.
" }-

Glad we're on the same track again ;).

regards.

paul