New release of Port Explorer...

Discussion in 'Port Explorer' started by motdaugrnds, Dec 29, 2002.

Thread Status:
Not open for further replies.
  1. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    Hello, I discovered tds.diamondcs.com.au has put out a new release called "Port Explorer". It sounds good and is stated as a good companion to TDS-3.

    Does anyone have this program? If so, what do you think of it?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi,
    Yes we heard, have it and users are delighted. Have a look at the DiamondCS Port Explorer forum here:
    http://www.wilderssecurity.com/index.php?board=7

    And a tip: if you did not yet register TDS-3 and/or WG have a look at the ActionPack which amazing offer is valid only a limited time left, which includes TDS-3, WG-3, PE, TDS-4 and WG-4 (the latter two when released later in 2003) total value of $190 for $99 www.diamondcs.com.au click the ActionPack banner on top.
     
  3. cy4lock

    cy4lock Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    12
    Location:
    Deep in the Heart of the State of the Art. Dallas
    I gold carded my copy Today! Its a killer App!
    Nosing around was never easier...and you know
    that all the cool stuff it does will only get better.

    Its a good buy even if it is latter intragated into
    TDS-4...or was that 5....is this how rumourous get started?

    If you like'm dim Aussie's work you'll love dis one.

    [glow=red,2,300]Cy4[/glow]
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Being a pretty new owner of PE myself, I have to tell you: You´ll love it. Never seen anything like it and it opens a whole new world. This is no invitation, but sometimes I wish someone would try ........... :D

    Regards,

    Pieter
     
  5. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    That special on TDS-3, Port Explorer, etc.

    Would I really need TDS-3 if I were to get Port Explorer?
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yes Mot, you use them in addition. TDS with the whole trojan detection and protection and lots more to keep your system healthy, WormGuard with the worms and scripts protection, also from websites and html emails and attachments you are intending to open, and looking into blocked files in the safe mode and PE for all the open ports and looking into the data packets and blocking sending and receiving of data, etc etc. In the TDS-4 / WG-4 with PE and the new tools like the TDS resident scanner and the other guard it's better to ask if we still need other scanners beside this strong equipment. Yes you will, an anti-virus, as TDS/WG/PE specialize in trojans and worms.
    I'd love to aks them to look into firewall building as well, btw, why not?
     
  7. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    Thank you Jooske. I will go ahead and install my Port Explorer now. Is there any post in this site that will tell me how to configure this program? I am running Windows ME with IE6. I have an AOpen motherboard, a Pentium III processor and a dial-up modem. (I'm keeping ZA and AVG running constantly.)
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again Mot,
    i am not aware of any additional configuration, other then language and coloring to start with, and trying out reduced memory use, sorting off, intervals and other displays. Except for the background coloring which i made very nice light sandy as i dislike clear white light beams from the screen i kept it all default.
    You might like to try the christmas eggs Jason has hidden in the main screen as he posted in another thread here.
    In the helpfile you will see the tips and trics and new users introduction which i find really informative in understanding what more is possible for trojan processes detection. I had the idea you were pointing at those detection methods with your question about TDS besides PE.
    What you would see in that detection of a running trojan process in PE would be a trojan which is very alive and could be dangerous, but i wonder if it could ever be started at all with TDS running and exec protection installed in that one at all as that tests all that wants to run and blocks the nasties.
    This does not mean i would recommend to close TDS to try it, or it would be a real known safe testfile from DCS themselves to play with.
    Their only testfile i remember is included the freetools Mirclean to scan for IRC worms.
    TDS detects all trojans and worm code in archives and sleeping state and of course if alive too.

    BTW: PE runs in the background even when we did not start the GUI to manipulate and look which you can easily see if you some time after reboot start it and see the amount of data sent/received for instance for the browser and email, not being 0.
     
  9. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    Jooske, thank you for the information; however, I do not understand all you have said. Will you clarify these sentences, please.

    "What you would see in that detection of a running trojan process in PE would be a trojan which is very alive and could be dangerous, but i wonder if it could ever be started at all with TDS running and exec protection installed in that one at all as that tests all that wants to run and blocks the nasties."

    "BTW: PE runs in the background even when we did not start the GUI to manipulate and look which you can easily see if you some time after reboot start it and see the amount of data sent/received for instance for the browser and email, not being 0." (Does this mean PE runs at start-up and runs constantly? Is this necessary? The rest of the sentence about browser and email is unclear to me.)

    Joosky, did you design one or more of these programs (PE, TDS-3, etc.)?
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Nonono, needed lot of fresh air to get my breath back, i'm just a more or less experienced happy user on a learning curve helping out or better said in other users.
    I must admit in the beta testing and forums i might have posted suggestions of which maybe some are build into the new releases if handy for others too, between many other people's wishes and ideas, not in the last place the developers' of course!


    In the PE helpfile is explained in the tips and tricks about hidden processes, which default are colored red, and if you don't recognize them as a valid program like for instance your firewall like ZA or whatever you know it is alright, it needs deeper investigation if it might be a trojan process running or anything else.
    So you will highlight the thing, rightclick and see in the menu what is process ....exe. If you don't trust it, in the same place you can block any data sent or received from it and investigate what next to do. You can look into the packets with the socketspy if there a any. You can kill the socket or process, etc.
    If it is a trojan, running, you have to deal with a life trojan, alive and running.
    If you have at the same time TDS running, with the exec protection installed (not possible in the evaluation version btw) TDS will scan each executable (program) which intends to run if it is a good program or a possible nasty trojan. In case of malicious code it will block the program and warn you for it. So this is why i wonder if a trojan would be able to run at all with TDS up.
    So if you see in PE a red (hidden) process and you don't know what it is and you don't trust it, check with TDS (you might like to scan it extra) and you might like to kill it (but don't with your firewall :) )
    I did mean default the red characters, not the red highlights which you see green and becoming red for instance when collecting emails etc.

    I remember in the TDS helpfile is a lot about trojan detection. A trojan can be suspicious code or a whole trojan or worm, like we can receive on our systems in many ways. (emails, downloads, websites, etc). If they are peacefully in a zipped state or piece of software, in most cases they won't be able to harm (some might be dangerous maybe even there, have not that experience yet fortunately) and they might be asleep, not active anyway, not running, not alive. But with scanning your system, if they are there, TDS will find them and warn you about them and telling what they aer or telling there is a suspicious file which neeeds deeper investigation. But like said, while zipped/asleep/not alive you will not see them as live processes in PE.
    Suppose it's a trojan or worm. The moment you're intending to run it for instance clicking on it or unzipping, TDS jumps up with a warning, or in case of a worm WormGuard might come too with a warning and they tell you what you are dealing with. So you are rather safe! And if you think the file is ok, you can submit the suspicious thing best to the DCS lab for deeper investigation and advice or you can delete the file in which you found it, whatever......
    If it's a known trojan you might be familiar with possible procedures to get rid of them, depends on......
    The DCS team is very educative and telling us how to handle and advising and being as safe as possible.
    This is why i do respect the trojans and worms but i'm not really affraid in most cases as we learned how to recognize and threat them in case they would get on our systems at all.

    PE is a dll running all time and costing very few in resources and the GUI we can see when we start it, also taking very little in resources. It goes bottom deep into your system looking at all the processes and ports in use, so no trojan or other process can hide itself without you seeing it in the display when you start it.
    Try for yourself: reboiot your system anwait some time before starting PE. You have been surfing aroudn some time, sending and freceiving some emails, your firewall might have blocked some scans, whatever, things have happened, so there is data traffic on your system.
    Now start PE. The processes where you see the browser and email and maybe the firewall you sill see some amount of data sent and received, while probably many other lines are still 0 sent and 0 received. So you know it was already active all the time. It hardly takes resources, so no reason to stop or block it at all.

    Hope it's clearer now?
     
  11. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    Hello and thank you for trying to help me. I must say, though, I am having a terrible time understanding what you are telling me. It might be because I am simply not familiar enough with PE and TDS. So, I will take some time to play around with them so my questions can be more to the point and my understanding better.

    You have relieved some of my worries about having both programs on my PC and having PE running constantly. I am grateful for your willingness to help.
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You're welcome.
    Indeed, playing around and reading the helpfile, which has nice explanation and screenshots and all that to make it more visible will certainly help.
    And reading other people's questions and experiences.
    WormGuard is a "must" too, btw. Also this runs silently in the background, also without using hardly any or no resources at all till it is necessary and jumps up for a warning and telling you what to do with it.
    You might remember email attachments, with hidden double extensions to infect you, which you will be warned for by PE and WG and your possible email scanner and/or firewall.
    So quite an orchestra of popups to warn you in case.
    WG also blocks nasties from websites to enter your system at all, and that kind of things.
    So this is an interesting trio for our protection.
    Like with every new program, take your time to get familiar with it, what it does and step by step you'll discover more.
    Imagine when DCS comes with the other new tools, there's more to learn again :)
    You can use TDS as a scanner, but as lots more too.
    And PE is a very nice netstat and "whois" tool too, among others.
    Oh i forgot to admit my contribution to PE was in some translation part too :)
    Glad you like the programs, they are amazing and very protective on our systems!
     
  13. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    Jooske, Just since I've had PE and TDS-3 on this computer (and since it has been acting up with these "flashing windows"), I have had another problem arise...just today.

    I had just downloaded and update to my AVG anti-virus program. I've done this before and never had the problem that occurred; so, I do not believe the problem had anything to do with AVG.

    I have Cacheman running all the time on this PC. I also have 320 RAMs and have never seen Cacheman go under 150. Yet, just this afternoon, Cacheman showed only 34 RAMs. I was on the internet; so I got off. Cacheman went up about 2 RAMs, then started down again. I shut down Zone Alarm (which has ALWAYS run on this PC); and Cacheman went up about 2 RAMs, then started down again. I shut down AVG (which has ALWAYS run on this PC); and Cachman went up about 2 RAMs, then started down again. The only program that had been running THAT I KNOW OF was AVG as I had just completed a scan. It found "no viruses" and I shut it down as usual. All looked well except Cacheman continued to go down, down, down until it was showing "0.0".

    I rebooted and got the message window that had a title of "unsbsd" at the top; and it stated a program was running and asked me if I wanted it shut down. It did not identify the program. I told it to shut the program down anyway and eventually it did. I was able to complete the reboot and when the PC came back on, my Cacheman was up to about 230 RAMs.

    Jooske, can you tell me how I can find out what programs are running on this PC at any given time and how much memory each is taking?
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    This program is very much like the Tasmanagers built into the Windows NT line: http://www.wekasoft.com/taskmanager/

    Hope that helps,

    Pieter
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In TDS > System Analysis > Process Lists, you can see which processes are running, and go deeper in analysing them, and you can kill them if you like. And you can look there for the Netstat and Autostart if anything is there you don't like there to be and kill/delete.

    Of course pressing contr+alt+del brings up your running processes too which you can kill. the program you mention i don't know either and is not part of TDS/WG/PE.
    You can hunt for it on your system and scan with TDS.
    AVG does not conflict with TDS, i am not familiar with Cacheman.
    After your reboot, is all running properly again and did you clean out caches and all that, all values ok?

    Pieter's program looks really very interesting. Thanks for mentioning it!
     
Thread Status:
Not open for further replies.