Is a designated anti trojan program really needed?

It seems to me like between your AV (if you have a good one) and your Antispyware and HIPS, you wouldn't need a designated antitrojan.

Thoughts?

 

Hi,folks: This does refresh my fading memory regarding what has been said on Ewido's and Trojan Hunter's web sites; they avocated at the time that AT is the right tool to fill the cracks left by AV and AS. During those days, trojans were very scary malwares which could deeply sleep in your system and get up striking on you right before your watchful eyes w/o any warnings. Yes, AT did have their glory days. Nowadays, increasing numbers of AV and AS or even HIPSs(never heard of during AT era) have included trojans-combat capabilities and often are superior to stand-alone AT apps. I would presume that a specially designated AT app is not that important any more, and I do worry those good old standalone ATs such as Trojan Hunter, their days may be numbered, sad enough indeed.IMO.

 

My strictly personal opinion:

Yes, ATs certainly have a role in your security set-up !

It's once again about a layered security approach.

It's your choice what to run on-access and on-demand.
And of course it also depends on how much money you can afford to spend.

The differences between AVs and ATs and ASs, and what more, might be not so big anymore.
Look at which definitions are added to those.
And keep also in mind how good they can keep you clean (pro-active) and how good they are in cleaning an "infected" system.

 

I don't think ATs are necessary as now there are many AV's with stronger trojan detection than the ATs. I think you use an AT for a second opinion though.

 

I understand that AVs normally detect trojans first, but ATs are better at removal.
It seems to me that if the Av detects, and prevents infection that an AT is not necessary. Nowadays the lines are blurred, and the various applications that were dedicated ATs are designed to also be good anti-spyware and other anti-malware applications.

I suspect that programs such as AVG AS, a-squared, and SuperAntiSpyware overlap a lot.

If one has a good AV that has a high detection rate for trojans he does not need an AT. However, I am still a believer in layering as long as one does not overdo it.
I must say that none of my layering applications ever finds anything or detects anything. But neither does my AV. A couple of years ago my AV stopped a trojan as first responder, and my AT never detected it.

Best,
Jerry

 

It depends on how safely, and where you surf, and how many others use the same computer, and their habits. No antivirus will catch everything, so including an anti/trojan/rootkit/bot etc product can really help fill the gap.

I've tried quite a few of them, and finally settled with BOClean as a major player in my defences. It doesn't conflict with any other application, and is very light on resources, and jumps in exactly when required.


StevieO

 

I imagine that AVG Anti-Spyware still has the high Trojan detection that Ewido did, but I wonder if the AVG AV hasn't received a mass dose of those signatures, especially since Ewido is now called AVG AS. Also did any of you ever read an old Ewido website? It had things on it about plans to rename Ewido the Ewido Security Suite, and implement RealTime Heuristics and Behavior Detection in early 2006. This was of course before Grisoft bought them, but I wonder why Grisoft never incorporated any of this into the RealTime Guard used by AVG AS? It would be wonderful for AVG AS to have this today, as the EASTER.2010 post below tells me it is needed.

 

Probably not, but it certainly does factor in a marked increase of confidence for you and a PC's protection to have one compliment your AV/AS/KeyLogger apps.

That layered approach is lethal against malware threats and makes most if not all of them of no effect, essentially useless in other words.

I have hammered away at a couple of test PC's including my own basic working unit with about every form of past, recent, and present threats i can throw at them with tremendously positive results compared to just a few short years ago when all it took was some IE exploited drive-by conceived by a CoolWebSearch variant to bring the house down so to speak. That was because it was much easier for them to update & change their wares to enter a system who most of us only had signature based security that could allow for something to slip in and disable our firewall/AV or what have you then.
Now we have Behavioral Intrusion Detections know as HIPS and others that are even built into AS/AV apps to some degree and make for great interception rates of possible ill intuder files/downloaders.

 

Firefighter ran an interesting test that indicated that AVs without a strong AT capability did profit from a dedicated AT.
https://www.wilderssecurity.com/showthread.php?t=58597

https://www.wilderssecurity.com/showthread.php?t=83323&page=2

I think that, in general, would still be true. If one has Kaspersky or other with good AT detection it is not really necessary, but I still feel better. "Feelings" are not unimportant.

Best,
Jerry

 

Having AVG Antispyware and SUPERAntiSpyware I don´t bother with anti-trojans

 

It would be nice with a test for this because i think it is BS, this has been said so many times in forums that users believe the logic of: anti-trojan better for trojans, anti-viruses for viruses and anti-spyware is better at removing ad/spyware....yada yada, i do not think is that simple, for example a welknown AT who is good at detecting is actually not very good at removing the detection you instructed it to remove and no i won't put a name on it because this will just start another flamewar, i just wanted to say such a test would be very interesting and possibly very surprising.

 

Which offers proof yet again that a Layered approach while increasing programs on your machine also assists in defending/protecting better.

I recall times when for example Ad-Aware SE would correctly identify some malware but yet could never remove it entirely if at all and oftimes leaving behind registy entries or even files that needed to be removed with HijackThis or a KillBox etc. Hence, purpose of their support forums at the time.

New methods are being built into better detectors these days but it still serves a useful purpose, at least for my conscience, to employ several types if that's what it takes to minimize the risks of malware infection.

 

You are likely correct. I have just parroted what has been said.
Maybe someone will do such a test. However, if untrue, then I would say if one has an AV, such as Kaspersky, there would be no need for an AT.

Added
I visited AV Comparatives, and see that several of the best have detection rates for trojans in excess of 97%. I do not recall that any AT has that good detection rate, and in my own experience the AV caught the only one I ever knew attempted to infect me. The AT did not, and it was said that was the norm. FWIW the AV was Bit Defender, which was rated 91.54% at AVC for trojan detection.

Best,
Jerry

 

So would adding AVG AntiSpyware as additional RealTime Protection along with an AV truly provide better Anti-Trojan Protection?

 

IMO yes it would.AVG AS or BOClean (both in my case)would be an excellent choice.

 

i have seen quite a few people using nod32+boclean but it might not be as much soon since nod32 Trojan detection is getting better
lodore

 

I think the top 5 AVs will blow away any anti-trojan software. The AV vendors are taking this seriously, and this time next year, this forum wont be needed.

 

Pretty bold. I think I will keep BOClean no matter what AV I use.

 

Agree,BoClean will stay on all my computers until some other app. proves to me it can do a better job.

 

Same for me. Even if BoClean covers only one percent or less of what my AV doesn't cover, it will always have it's place on my PC. It is efficient and best I don't even notice it is there.

 

Well, you do realize, that a year from now, it may be BOClean that made some changes, and it will be BOClean, instead of your AV product securing your PC. All of my statements are based on little knowledge but more gut feeling. Either way, each year that goes by, things do get more interesting, and complicated.

 

It's fantastic that AV's are vastly improving in areas where before we "HAD" to depend solely on other forms of detections such as AS/AT's and all that in order to offset their limitations.

Today those risks are greatly diminished somewhat but not completely by any stretch nor likely will. Yes, RootKits & stealth hiding of malware have taken center stage that's true and so to ensure protection is adequate enough to breath easy it's always my suggestion to apply the LAYERED approach no matter what.

As long as XP and the NTFS file system is still being experimented on by malware authors, there will remain a risk no matter how slight that something might slip past an AV and drop in uninvited.

HIPS comes to mind as the best new deterent to those type risks and they are slowly becoming integrated into "BOTH" Anti-Virus programs and Anti-Spyware programs.

 

I don't visit porn and other shady pages so no antitrojan in here.

 

So, according to your statement, everyone who has a AT installed is visiting porn and shady pages.

 

Of course, that's not an objective reason as to why you'd need a designated AT or not...

Pragmatically speaking, AV vendors have come a long way in appreciating that trojans are a general malware delivery vector and, as such, should be covered by any product claiming to be a general solution. Most solid products currently cover trojans well. Hence, the general recommendation to layer is somewhat dated and reflects legacy history when products occupied selective niches and focused on specialized forms of malware.

However, every time I weigh whether the family machines could do without BOClean, KL seems to pull a bonehead update move that kills the updater in a fashion that is not obvious to an untrained eye and does require direct user intervention to remedy. Over the years, this type of problem has happened to me 3-4 times. In one case, updates were missed for a month since I hadn't used any of the KAV WKS equipped machines for that period. Given that backdrop, some measure of pure backup could be considered prudent. It's not necessarily a designated AT, just something that is compatible with mainstream AV's. The solution I've implemented on most of the machines I'm responsible for happens to be BOClean, some consider that a designated AT, others don't, but there are other equally suitable approaches available as well.

Blue