Is Moosoft's Cleaner a lot more effective as suggested by them ?

I need some AT software and have got my list down to 3:

TDS-3, TrojanHunter, The Cleaner

I'm swaying towards TDS but after seeing this page ( http://www.moosoft.com/products/cleaner/compare/ ) on Moosoft's website, I'm not so sure as it seems to indicate The Cleaner is much more effective.

I realize the page hasn't been updated since September 20th, 2003, but are Moosoft's claims marketing hype or reality ?

 

Consider the source and who did the testing?

Acadia

 

According to that page, TDS's 36,860 signatures will only catch 3649 trojans. If that doesn't make you doubt their numbers, I don't know what would. Don't believe the hype.

 

This review is very funny and a very cheap way to advertise...
But please read some serious reviews before you buy!

First of all, if you want to read a review choose one that has some
objectivity.

There are enough reviews on the Internet, just
type "TDS AND review" etc. in your favorite search-engine.

What i would do if i was you, is download them both (trial) and tested them first.

I have to test a lot of software for my job, and i became a fan of DiamondCS that way.So know i am using all there programs (SEE Process Guard).So for me the choice was very easy, i use TDS-3 and i am very happy with that.

But i still download every Anti-Trojan trail version i can find, to compare TDS-3 with the competition, because i want to know if TDS-3 is still at the top.

I've been using The Cleaner for the trial periode until some weeks ago,
if you compare that with TDS-3 you know which one to buy i was NOT impressed with The Cleaner or a bit better .. TrojanHunter.
Sorry,but you've asked for a Personal Opinion

Further more, TDS-3 can do a lot more than Trojan Scanning.

So test it for yourself, TDS-3 and The cleaner can run together.
But if a trojan is found, rescan ONLY with the scanner active that found the trojan and close down the other one first.

so... close down The cleaner if you find something :>)

Good luck.

BTW you can deinstall them both within a few minutes without any problem,
so why not test them yourself?

 

I agree the review is a bit comical. I suppose I'm most interested in the actual number of Trojans the various AT products can detect, and how effective the AT is at detecting them (something which is quite hard to test uinless you have a large library of different trojans)

I don't particularly like the interface of TDS and think the scanning speed could do with being faster (but not at the expense of efficient detection), and I look forward to TDS-4 with anticipation (for those with beta releases, have either of these issues been addressed in TDS-4 ?). I think I will probably go for TDS-3 for several reasons:

1) The support
2) The fact DiamondCS has been around for a long (for a software company) time (since 1986), and so must be doing something right.
3) All the good reviews

 

No beta here yet. But we're on our marks and there's not much more in the way before the beta will be tested. But both of the issues you mention have been on the ToDo list for TDS-4, and with high priority so. I'm looking forward to it, too.

Good decision, good reason and good order of reasons.

CU,
Andreas

 

Just to muddy the waters a little - there's a good technical review of BOClean over at http://home.arcor.de/scheinsicherheit/boclean.htm. It is recommended with (many) reservations but appears to score higher than TrojanHunter and possibly better than TDS (which is covered in their German review at http://home.arcor.de/scheinsicherheit/tds.htm) A Google translation is here but since it does not cover the last half of the page - here is the (vaguely translated) conclusion:

"5. Result Tds-3 is a special Trojanerscanner, which can be used in addition of a conventional AV scanner. Tds-3 ordered (unfortunately) over no useful Unpacking engine, obtains however with file CAN nevertheless no completely bad results. This is to be due to a set of alternative recognition techniques. The actual strength of Tds-3 is scanning in the work memory (in connection with a behaviour analysis). Here in principle very good results are obtained. However Tds-3 does not seem constantly in the RAM after dynamic left LIBRARIES to scanning. Since many modern Trojaner control in the meantime the technology of the dll injection, to that extent a safety gap exists (see to the problem also the test of the competition product TrojanHunter). Tds-3 is to be served so bulkily and complicated that normal users with this program become hardly lucky probably. In addition many Scanresulate are strongly interpretation needy. The inexperienced user does not know always whether Tds-3 discovered a harming program or released only one false alarm. Who would like themselves to set with its safety software not in the detail and special RK apart a scanner searches, which is able also in the main memory to scanning, therefore to the competition product TrojanHunter will possibly seize. In the circle of the Security enthusiasts Tds-3 possesses against it (not completely to injustice) cult status. To that extent particularly the behavior-referred analysis pleased us. UPDATE: Dia. moon CS communicated us in the meantime that the successor of Tds-3 is to appear also in lighters a version which can be served. In addition the memory scanner is to be able to work in the future as resident monitor (and not only as on the and scanner). Load but emergency leases obviously also eagerly at a Unpacking engine for the file scanner is programmed. We are strained..."

 

Paranoid, thank you, made for some very interesting reading.

Acadia

 

Since this is more of an AT comparison thread and not so much a TDS-3 issue - I have moved it to "other ATs."

 

Just a quick tip - the modification of trojans is becoming more of a problem. If they can modify it to bypass detection of any scanner, obviously analysis tools and your firewall become very important.

We dont only provide TDS-3 to scan with, but other tools to analyse your system and protect your firewall (and generically block ALL DLL injection trojans without relying on signatures) - ProcessGuard. ASViewer (freeware) will show starting programs and we analyse logs for free as part of our free support, as we do with Port Explorer logs (demo or fullversion). Between these programs and any decent Firewall/AV you really can have an extremely powerful security setup

Dont forget the BROWSER and Windows Updates of course

 

Thanks for the links Paranoid2000. Very interesting. I would've have thought I'd be protected against just abouit everything with TDS-3 and KAV 5, but these reviews tell me that at the time I wouldn't have been protected against the rebased Beast 1.92 trojan.

TrojanHunter seems to come out of the review quite badly too. After digging deeper, Moosoft's Cleaner does not seem to live up to its claims either! Don't think I'll be buying either of them!

While a bit off-topic, I was very impressed with NOD32 Advanced Heuristics detectiing 11 out of 12 rebased trojans. If only they'd improve the User Interface I'd probably use it as my AV. How people can like it is beyond me.

As always, the multi-layered approach seems best. While I was considering using both BOClean and TDS, I'm thinking that once TDS-4 is released with its resident scanning, BOClean will become less useful. I was also not very impressed with the weak signatures with BOClean. However, they also said the TDS signatures are being actively hacked.

In conclusion I think KAV 5 (with extended databases) and TDS-4 should be sufficient, and will probably end up being my choice for protection (coupled with the LnS firewall and Proxomitron).

Let's hope TDS-4 comes out soon with it's new resident scanning and new UI.

EDIT: I would also probably add Process Guard to secure my apps, and Port Explorer for debugging/identification purposes. Not really sure if WormGuard is necessary..... maybe get that later if I think it's necessary.

 

There's an interesting thread at the Outpost forum Is Tauscan still being developed where KAV comes up smelling of roses (although version 5 has some gotchas in its usage of Alternate Data Streams).

Gavin does make a very good point in the increasing need for "behaviour blocking" and analysis software (like process monitors and firewalls) which can operate without the need for a fingerprint database. The downside is that this currently demands greater technical expertise, system awareness and (almost always) an installation on a clean PC.

I suspect that the future will lie in software that tracks and compares all program activities against a database of known good/bad actions which is updated by a user community (like SpamCop does for spam emails). Individual users can then assign a trust level to indicate their preference for security or convenience.

 

TDS and KAV or NOD32 would be my choice, and nothing against to add second opinions for on demand scanning or resident protection, as each has their own ways.
Then for the layered protection all there is available and i would certainly put several files away encrypted so they can't get infected either (i suppose) in the meantime.

There was a comment on new users who could get into probelems about possible false positives: this is with any scanner, online scanners, everywhere. Even with other scanners logs Gavin adviced me countless times about the reliability of such alarms and what to do with the files.
If you look in my history (the light blue link in my signature) you see even i learned it. In the stickey threads Wayne's "TDS so easy.." with the basic explanation, while either by emailing support or posting scandump.txt logs in the TDS forum users are adviced as soon as possible.

There is another very important thing:
DiamondCS is located in Perth, one business day ahead of EU and one and a half of the USA, so one can expect to have detection covered sooner then in other scanners generally spoken.

 

People here are intelligent enough to realise that there's nothing special about detecting 10000 out of the 10000 tested as that's their collection, it would be strange if they didnt detect 100% - TDS3 detects 100% of its 36,860 references also, and its database is not only much larger, but is updated daily.

 

Gavin wrote: "We dont only provide TDS-3 to scan with, but other tools to analyse your system and protect your firewall (and generically block ALL DLL injection trojans without relying on signatures) - ProcessGuard..."

That is true, to be honest, if you want to make your Windows system safe,
you have to do a lot.
Because it is (regarding security) the worst designed OS that i have ever used.

Look at this, this is what you need:

Virusscanner: Nod32 , Kaspersky or so.
Trojan Scanner: DiamondCS TDS-3 and Boclean or DiamondCS TDS-4
A FireWall: Tiny Personal FireWall 6 or Look'n'stop for example
To watch you Ports: DiamondCS Port Explorer.
To protect your registry: DiamondCS regprot
Spyware prevention: SpywareBlaster
Spyware Detection: SpywareGuard
Prevent reading your data by others: DiamondCS CryptoSuite
Prevent for Worms: DiamondCS WormGuard
Prevent unwanted programs/dll injection etc: DiamondCS Process Guard (the best tool)
Anti_Spam: SpamPal or Mailwasher
To kill a process: DiamondCS APT
Who is using which files: MSTisusedby
Backup tool: Acronis True Image
Protect your drivers: BuMyDrivers
protect your P2P connection: PearGuardian
you need a seperate backup tool for your mailboxes, (try to restore them on another PC) Mozbackup
MRU cleaner: MRUBlaster
Window Media Player script protection,DSOstop,HTAstop, Hijackthis,Filechecker anon proxy tool, other browser IE is unsafe,popup-killers other mailclient (Outlook is unsafe).
Update at MS often
And it is a good idea to keep the install Cdrom near your pc.

this is what i thought of within a few minutes, i must forget a lot of things so:

etc. etc.

Paranoia ? or is Windows really a bad designed OS regarding Security?

I started using Microsoft software daily in 1975, and it was always bad designed regarding security and still is.
For me that is not really a problem, because OS-es etc.
are my hobby, but i don't hope to awake in a hospital, connected with tubes and wires, and see that the computer that is monitoring me has an MS OS :>)

XP SP2 is a very good step in the right direction however.

 

Boy, I tell ya, the poor smucks out there, the "average" pc user doesn't stand a chance. It's almost a full time job keeping up with all the latest technological advances of the hackers and protecting oneself from them. If all of us here at Wilders and other security forums are having a hard time keeping up, and we ARE keeping on top of things for the most part but it is taking constant monitoring of these security forums to do so, the average Joe who doesn't keep track of these things or simply doesn't have the time, has no real hope of ever being fairly safe.

Acadia

 

Of course the poor "smucks" don't really think they have a chance against a real hacker, there worries are more mundane, spyware, worms, scriptkiddies...

The people here on the other hand,dream of having security beyond that of the NSA and CIA.

 

A lot of good things start with having a dream :>)
and i can't see anything wrong in that.

And btw ...
where do you think that those guys (NSA/CIA/FBI/PKQ etc)
get their info to keep up to date?
They have to read these forums for their job, not for their hobby ....:>)

 

Yep! that's why we keep them educative
You must feed them the serious stuff, and tell about the right real protective security software. Might help and is important, as all those services worldwide have to take care for our common security and safety, not to mention in the last place our data.

 

Thats a big list tuatara !
I dont think you need all those, common sense and a non IE browser can reduce threats to a minimum. This is always the first step for me when helping someone with their PC, reducing threats.

 

I'm not giving away any secrets, if I point out for some of them hacking is their *job* !!

I hope you are not really saying that these people need to come here to learn stuff.

The only people who know anything are perhaps a few of the mods/experts, and perhaps some of the anti-trojan guys who hang here. And the only reason why they do so is because they are selling a niche product, and here is where most of their customers (security conscious people but way below hacker level) hang out.

 

And which category do you fall under?

 

Many annoymous guests are very very knowledgable.

 

Ummm...
I actually made no reference to knowledge of anonymous guests as a group...