:-\ I went to find that thread about TDS3 doesn't detect Spector Pro 5 thread

seems to me like you dodgeing the topic and running around the subject bottom line do you or dont you detect Spector Pro 5 a simple yes or no will sulfice no deep explanation no blah blah just a yes or a no

if its no its because no ones submited it and i can understand that

so yes or no thx in advance ::)

It's quite pathetic really. I remember reading one of the moderators giving us an excuse like "oh the companies could extort us if we were forced to buy the software!" or they send you to buy process guard. Hey this is a trojan of the worst kind and you guys dont cover it? THATS SHAMEFULL

I AM PAYING DAMN GOOD MONEY FOR THIS SOFTWARE AND I WANT TO BE PROTECTED! YOU HEAR ME I WANT MY MONIES WORTH!

How can they not protect us from trojans such as this... These are trojans of the worst kind and they are not covering us!

This is a quote from the thread below from one of the moderators: Phili

-{ Quote: "Hi tonymax
TDS3 is th most powerful Anti Trojan solution there is currently, it does a whole lot more than simply catch Trojans. " }-

It does a whole lot more than simply catch trojans eh? Unless those trojans cost us a few bucks to buy so we can cover the thousands of customers we have but we wont purchase it because they may "extort" us

This thread will continue if and only if no more threats are made. The question has been asked by Blaze and we will now await a response.

Blaze, i think you got very straight answers in the other threads?
Send your copy to Gavin and he'll make sure it's detected if it wasn't already.
You've been told if you install a commercial software .... etc.
http://www.wilderssecurity.com/showthread.php?t=47446&highlight=Spector+Pro+5
http://www.wilderssecurity.com/showthread.php?t=47782&highlight=Spector+Pro+5

BTW: did you examen your TDS Primary list lately? Very much worth the trouble to answer your question.
Now try a next full system scan with your fully updated radius.
Have fun! 8)

You're right: TDS is a shamefull good product for which you paid shamefull little money, even far less then for your shamefull commercial spector which btw is not the worst trojan ever, just a commercial keylogger.

UNhAPPY CUSTOMER AHHHHH HH why people turn my threads into things like that gasssp

i was being seriouse

this qustion was mainly for my small brain

i just wanted a yes or a no not a why

i know why payed malware trojans and comerchial spyware exsits

i know AT and AV companys dont cover comerchial trojans because it be like handing over millions of dollers to teorist of cyberspace duhhhhhhhhhhhhhh

every scripting mofo hacker slash scripter slash programer would be comeing out with comerchial malware and trojans and we have to give into there demands

but i just wanted a yes or a no damn

is that really to much

i wasnt going to get upset about it i just wanted to know for my owen type thing

plus tds is a good product so what if it dont capture what a lousey 15 comerchial trojans either the goverment uses or fortune 5000 companys use or your spouse wants to know if your cheating on them sounds more like a personal problem for them thinking you are.

bottom line i wouldnt give up my tds

plus the trojans i should wory about are the ones in the wild

not the ones some boss puts on my computer to see if im surfing porn on company time lol

but man was a yes or no to hard to follow

i got small brain ill go look at those threads but i think ill just end up with alot of hightechblahhhhhh lol brb

i am now more confused and wondering about avast and snoopfree are those good products?

were you trying to sales pitch me on something else cause it working lol

got my cureiosty going now lol

Hi Blazie, Here is a screenie of the TDS3 primary list :)

HTH Pilli

;D lol now that says it all thank you normaly i dont do this to guys but lol smoooooooooooochhhhhhhhhhhhh

-{ Quote: "normaly i dont do this to guys but lol smoooooooooooochhhhhhhhhhhhh" }-

:-[ Help Jooske!! ;D.......

Blaze your answers are confusing i did answer your question very clear, gave older related discussion threads, told you to look in the primaries list of which Pilli even produced a clear screenshot, so what more do you want?
Think you should also hug Wayne for making TDS the nicest program and Gavin for adding detection what you asked for, so make it a hug party or something like that.
BTW: Hope babysitting that little belly dancer mouse is not too much of a burdon to you in that avatar? (i do like it!)

Thanks to Jooske for info and to Pilli, for that screenshot.

Frankly, I'm amazed (but gratified) that TDS-3 bothers with commercial keyloggers, as this seems to be an area which specialists like Spycop are muscling in on.

Well done to the DCS dudes, who, as I can tell from reading in these forums, don't ask for uncritical devotion ('twould be fruitless, anyway!), and who in my opinion, put a very creditable amount of effort into product development.

-{ Quote: "Thanks to Jooske for info and to Pilli, for that screenshot.

Frankly, I'm amazed (but gratified) that TDS-3 bothers with commercial keyloggers, as this seems to be an area which specialists like Spycop are muscling in on.

Well done to the DCS dudes, who, as I can tell from reading in these forums, don't ask for uncritical devotion ('twould be fruitless, anyway!), and who in my opinion, put a very creditable amount of effort into product development." }-


Wayne closed a earlier thread where this subject was discussed. The detection was added because someone who had bought the program had submitted the program to DCS.

After reading Wayne's answers and really taking a look at the malware scene, I came to the conclusion that there are much worse things out there than Spector.

If someone really wants into a computer, they are more likely going to do it with very hard to detect trojans and rootkits. I recently came across something on the internet that claimed to have found a way past Kaspersky real-time scanner. Here is what the website said:

"New Generation of Process Stopping and Frw Disabling for IT Secuirty Testing Purposes!
It supersedes kav real time monitor and discovers a vulnerability in there, because before
the realtime monitor prevents execution it is already executed and started disabling."

I found that on a blackhat site. If I had a choice, I would prefer DCS adding definitions for things like that and worse than I would having them wasting time trying to add commercial keyloggers to the definitions that are unlikely to be put on your computer unless you allow someone with physical access to log on to your computer as administrator

So to be safe from Spector it is simple by just making sure you you dont give people physical access to your computer with administration rights.

There are many anti-keylogger programs that do a better job if trying to find commercial keyloggers is a real concern.



Starrob

Detection and protection for far worse things are in the primaries.
And did you have a proper look at ProcessGuard already and try it? designed especially for what you described.
We've a whole interesting support forum for that!

-{ Quote: "Detection and protection for far worse things are in the primaries.
And did you have a proper look at ProcessGuard already and try it? designed especially for what you described.
We've a whole interesting support forum for that!" }-


I already have ProcessGuard. I already consider that more important than any scanner because all scanners can be beaten.



Starrob

Starrob if you have a copy of the files relating to that exploit you say about in post 13 please send them zipped with a short note to submit@diamondcs.com.au and I'm sure that they will be very interested to add detection and hopefully a block to it

-{ Quote: "Starrob if you have a copy of the files relating to that exploit you say about in post 13 please send them zipped with a short note to submit@diamondcs.com.au and I'm sure that they will be very interested to add detection and hopefully a block to it" }-

Dear Derek,


Already done. See your private message.


Sincerely,



Starrob

Thanks

-{ Quote: "
If someone really wants into a computer, they are more likely going to do it with very hard to detect trojans and rootkits. I recently came across something on the internet that claimed to have found a way past Kaspersky real-time scanner. Here is what the website said:

"New Generation of Process Stopping and Frw Disabling for IT Secuirty Testing Purposes!
It supersedes kav real time monitor and discovers a vulnerability in there, because before
the realtime monitor prevents execution it is already executed and started disabling."

I found that on a blackhat site. If I had a choice, I would prefer DCS adding definitions for things like that and worse than I would having them wasting time trying to add commercial keyloggers to the definitions that are unlikely to be put on your computer unless you allow someone with physical access to log on to your computer as administrator

So to be safe from Spector it is simple by just making sure you you dont give people physical access to your computer with administration rights.

There are many anti-keylogger programs that do a better job if trying to find commercial keyloggers is a real concern.



Starrob" }-

I am rather mixed on the subject myself. It is very clear to see why trojans and rootkits should be concentrated more. But if you think about it, most anti trojan developers like DCS are very familiar with the people who write certain trojans, and when the trojan authors develop a new version, they are on it pretty quick. But I have also seen some instances where blackhats are simply encrypting and packing programs like radmin. And this makes sense if commercial remote access tools are not of a high priority for AT programs. And if dedicated anti keylogging programs can not deal with encrypted or packed versions of remote access tools. If these remote access tools are being used by blackhats in this way, it is no longer about someone with physical access and administrative rights, it poses just as large a threat as any other RAT.

Did you submit the file to KAV as well? :)
Would be interested to their reply if they send you one.

-{ Quote: "most trojan developers like DCS " }-
Hi rerun2, I hope that was a typo :) Anti Tojan is what I hope you meant ;D

Cheers. Pilli

-{ Quote: "Hi rerun2, I hope that was a typo :) Anti Tojan is what I hope you meant ;D

Cheers. Pilli" }-

heh heh yes thank you, corrected :-X

omg my post dissapered lol

will anyways hug smoochhhh all dcs team thx jooskey

-{ Quote: "
Did you submit the file to KAV as well? :)
Would be interested to their reply if they send you one." }-

I sent a pm to Igor on KAV board and he did not respond. They do most likely know about it and have fixed it, though. I know that the recently came out with a new build but they don't say anything about fixing that vulnerability in the new build but I am fairly sure they quietly added a definition for it.

I have read enough things on the internet to know that KAV real time monitor does have weaknesses. Yes, the real time monitor will stop almost everything that is out there BUT someone with the know how can design special things that can get by the real time monitor if they are specifically targeting KAV.

This is why I also use a Anti-Trojan in addition to TDS-3 that has a resident real time monitor. TDS-3 currently does not have a real-time resident monitor. The execution protection is not a real-time monitor. TDS-4 will more likely than not have a very advanced real-time monitor.


Starrob

>:( ok that not funny where are my posts disapearing to i ythink i posted 3 times and when i come back they gone ??? is this place hunted

Nobody knows what is in TDS-4. But remember there will be the ActiveGuard, the very advanced resident protection we all look forward to.

:o whaaaaaaaa omg my post is back

dcs forum is hunted

Hi Jooske,

Will the Active Guard of TDS-4 will be compatible with Boclean, anti-virus like Kaspersky and McAfee and RegRun Gold?

Thank you,
Atomas31

-{ Quote: "Nobody knows what is in TDS-4. But remember there will be the ActiveGuard, the very advanced resident protection we all look forward to." }-


ActiveGuard is what I mean. TDS-4 will more likely than not have a very powerful real-time monitor because all of their competitors are developing similar things.

If they didn't include it, I am quite certain that maybe one or two of their competitors would be running around saying that they have powerful features that TDS-4 does not.

No one except the developers know everything that is in TDS-4 but there is a few features that can be fairly accurately guessed at by knowing some of TDS-3 weaknesses and assuming that they will be strengthened.

For instance, I am sure TDS-4 will be much stronger at detecting the DLL's of DLL injecting trojans. Right now, TDS-3 can detect the injectors fairly reliably but the actual DLL's that are injected...well sometimes those are missed if they happened to be compressed.

TDS-4 will probably also have a much stronger unpacking engine too that will be able to unpack many more packers than they can now.

Also, in maybe one of the advanced versions of TDS-4 they might do something about trying to detect rootkits. I know one of their competitors has the detection of rootkits on their list of things that they eventually want to do, so I am sure that DCS is also researching on how to do this also even though it is a major problem to detect rootkits reliably....that is why ProcessGuard was developed. PG was developed to stop things like rootkits and DLL injecting trojans.

By putting out Processguard first, DCS is giving protection against those things for their customers which gives them more time to develop TDS-4. PG gives protection while a better scanner is being developed.


Starrob

I agree with Starrob....... I do see an improvement with many features mentioned, even the ones that people don't usually use... ie port scanners and traffic bridge...... Traffic bridge at the moment uses tcp connections to bridge traffic to and from a computer. I like the original idea of the TCP connect to traffic bridge, then forward onto another connection, however I'd also like the idea of a LAN filtering system, where the packets are viewed as as it passes through the network......like SNORT, but perhaps going even further and manipulating those packets (if possible)..... Carnivore eat your heart out..

With the port scanners, there are some with super speed scanning, i'm not sure how TDS compares to these, but improvement over the GUI for this part of the program will appeal to many people.

With Active Guard, i do hope it uses PG style kernel drivers, I'm not sure, but am i right to assume its lower level than what Nortons Resident shield or other AV resident shields use? If PG is lower level.......and TDS-4 active guard uses the same technology, it will blow these other AV programs out the water.... A scan by Norton will FIRST alarm Active Guard as it passes over a trojanous server, and Active Guard will say there's a trojan onboard before the other AV resident shields alarm.

I can also see a feature in TDS-4/Activeguard where a packed trojan will be executed... and in the background an auto unpack and scan of the file to scan for trojan signatures..... and then maybe, if the packing engine is unique and TDS can't unpack before execute, then a dump of the memory and scan the memory space of the file...... hehe sorry, i'm day dreaming here, but these ideas are from already existing ones in TDS-3, just further implemented.

Rod

Thought there is rootkits detection in TDS?
There is a whole series in the primaries list.
Does the APM help you with the DLL injection / manipulation?
And the new APT which is in fact a test for ProcessGuard help with killing unkillable processes? have seen people using it for that as a real tool.

Think another strength is to split the new TDS in parts, like the separate ActiveGuard and a separate scanner, hope the other TDS-3 functions for networks and other do-stuff will be there somehow, liking them more and more while discovering their functionality over the years.
Like Rod for example reminds of the traffic bridge, in which we can change data code, we can use TDS as a proxy, i like to use TDS as a server occasionally, etc.
I do hope we'll have both the current autostart explorer (nice and quick overview for less experienced users) and the larger autostartviewer (large, complicated, changes are easy overlooked and misunderstood by less experienced users), it's a detail, but i like to use them both.
So also if Blaze's spector would be there is should show up somehow, no matter how hidden it would be. (it is detected already, don't worry, but i would like to see it if there would be autostart processes from anything on my system)

Addition:
For the unpackers:
in the Private forum we were told long time ago how we can add all unpackers we like ourselves, which is not a too difficult process; but expecting them to be there in the next TDS-generation.

For the compatibility with other products:
we might ask ourselves "which other products?" by then, as we might not need or want them anymore besides TDS-4. But OK, since we're used to layered protection and second opinions, we most probably will keep what we have already. But if one still does not have them i would suggest waiting with buying them till we know what TDS-4 does. Each product will have it's specific use: for instance if KAV is very strong in unpackers and a large collection of them and if TDS-4 would have a smaller collection, to name a theoretical possibility, then i would certainly either add what is missing if possible, even if that means to keep KAV. Same with the generic /heuristic scanning, whatever the specific differences might be.
Generally spoken it's in the ways of DiamondCS products to be fully functional besides other products people might have installed; if there are ever compatibility problems history learned DiamondCS does all possible to help solving those problems as quick as possible, which can be changes in their own products or contacting the other developers etc.

Just read your autostart opinion jooske........ and Im not sure if this is what you meant, but an idea came in...

Process lists can be a little easier..... ie to colour code the process list....

Black for normal process
Blue for Process that starts during windows bootup
Green for Processes that have socket capabilities
Purple for processes that have socket cabolities and start during windows...
RED for processes that have socket capabilites AND start during windows bootup and is HIDDEN..... good indication that this may be a trojan...

Just like PE...

Rod

If possible that sounds like a great improvement to enhance readability /understandability.
And some sign to indicate changes since former times:
even if that would be deleted keys and new keys or changed arguments and which they were and it would be super if we could with a rightclick find a date when it happened and kind of properties what the settings mean.

True...... colour coded again to show signs of 'added, modified, deleted' autostart keys.....

Hrmmm Registryprot still does its job, and its well over 3 1/2 years old...

Sorry Blazie, Your topic has been a little sidetracked! ;D
Having said that it is a very informative thread, it will be interesting to see what DCS makes of all this speculation :)

Personally I prefer prevention rather than cure, Process Guard achieves much in preventive protection, all scanners are secondary to prevention. Resident monitors or guards are preferable to the average user. Any security software that can see & stop malware without defintions, daily updates etc. has to be the way to go.

IMHO security for the average user should be transparent and not become a chore. Process Guard manages this well now with it's new learning tool and providing the user is not changing their software continuously it is very unintrusive.

Pilli

Heya Pilli is your Cryptosuite chatserver up? maybe nice for a sunday chat today?

-{ Quote: "Thought there is rootkits detection in TDS?
There is a whole series in the primaries list.
" }-


Sure there are signatures for rootkits in TDS. Almost all the good products on the market have signatures for rootkits. The main problem with both rootkits and trojans is that people with know how can easily modify them so that they go undetected.

I go around to many black hat sites just to see what the dark side is doing. Some of what I found is downright scary. There are people on the internet that will sell you "private builds" that are undetectable by most of the major scanners...yes, there is stuff that can get by Kaspersky, TDS-3, BoClean, Trojanhunter, NOD32 or any other major scanner.

I seen websites selling these private builds in price ranges of anywhere from $50 to $600. This is why Processguard was created. It doesn't matter if it private build or not with Processguard...it will block it...you will be alerted that something new has executed or that a driver has been blocked from installing.

The newest version of Hacker defender is extremely difficult to detect and it is still under development to make it even harder to detect than it is now. Even if the scanner has the definitions for it, sometimes it is still possible to get infected by it.

I don't get over-confident with any scanner. I am very careful on what I click on and every time i see a new exploit, I plug it immediately.

I read a lot of articles on the internet and talked to a lot of security people and I have come to realize that there are millions of holes to be exploited in windows operating system. The AV/AT scanners can't keep up with all the new malware being created every day...the definitions can't keep up. As soon as one thing gets detected 5 more take it's place. Malware is like Al Queda these days.

ProcessGuard was created because it prevents the infection in the first place. It will most likely be always the most important software on my machine. Most of my security centers around it and as good as ProcessGuard is...believe me there are people out there expirementing with things to "try" to bring ProcessGuard down....We are just lucky DCS is working to stay ahead of them.

The other solution being worked on is that security software will start becoming more and more behavioral based. I would not be surprised to see some or even a lot of behavioral based solutions in some part of TDS-4. I have seen more than a few security guys gives hints of that is where most major security companies are headed.



Starrob

TDS and ProcessGuard together are a team yesh!
I do agree with what you're saying, let's see how others jump in here too. And of course there is the discussion in the ProcessGuard forum for the new threats! Fortunately TDS still has a very important part to play and detect and clean and protect etc.

I agree, PG is in a market of its own...... proud to be a licensed user!

-{ Quote: "I agree, PG is in a market of its own...... proud to be a licensed user!" }-

Yep, "there is no equal". Or how about:

01010000-01110010-01101111-01100011-01100101-01110011-01110011-00100000-01000111-01110101-01100001-01110010-01100100-00100000-00101101-00100000-01010100-01101000-01100101-01110010-01100101-00100000-01101001-01110011-00100000-01101110-01101111-00100000-01100101-01110001-01110101-01100001-01101100-00100001


;D ;D! .

Regards,
Jade.

-{ Quote: "Process lists can be a little easier..... ie to colour code the process list....

Black for normal process
Blue for Process that starts during windows bootup
Green for Processes that have socket capabilities
Purple for processes that have socket cabolities and start during windows...
RED for processes that have socket capabilites AND start during windows bootup and is HIDDEN..... good indication that this may be a trojan...
" }-
But what color, if a process has more/all mentioned capabilities? ::)

-{ Quote: "
If someone really wants into a computer, they are more likely going to do it with very hard to detect trojans and rootkits. I recently came across something on the internet that claimed to have found a way past Kaspersky real-time scanner. Here is what the website said:

"New Generation of Process Stopping and Frw Disabling for IT Secuirty Testing Purposes!
It supersedes kav real time monitor and discovers a vulnerability in there, because before
the realtime monitor prevents execution it is already executed and started disabling."

Starrob" }-

Would not Processguard stop that anyway as long as you are running it?

-{ Quote: "Would not Processguard stop that anyway as long as you are running it?" }-
As far as I am aware the dropper would have to be allowed to run first and it would need to get access to the kernel, it would also need to install a driver/service. This would be stopped by ProcessGuard providing the Disable install of drivers/services was enabled, even if the dropper was allowed to run ProcessGuard would still stop it.

Pilli

;D theres always stuff out there like that

as much as we update are stuff the bad guys update theres lol

I'm new here, where should I start?

I popeyeray, Was that a general request or specifically for DiamondCS product information / support? :)