PC Doorguard

Discussion in 'other anti-trojan software' started by Main, May 3, 2003.

Thread Status:
Not open for further replies.
  1. Main

    Main Guest

    Is this program good to have? I heard that it gives alot of false positives and to get a second opinion before deleting anything.

    Anybody used it before?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,838
    Location:
    New England
    For myself, I've never heard of it, but, I just wanted to confirm that this is the product you are talking about:

    http://www.astonsoft.com/products/pdg/
     
  3. main

    main Guest

    Yes, that's it.

    I heard it eats up lots of ram and read false alot.
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Looks like it deals with archives, but not packed exes, such as Aspack.
    No mention of update frequency.
    I see nothing to temp me to try it. :)
     
  5. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    I'll pass too, it doesn't do anything not covered by better known products.
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Tinribs from Firefighter!

    Although I am not so fond of AT:s, because of Kaspersky engine, I believe PC DoorGuard 3 is more near TDS 3 than most of the other AT:s.

    It is an Estonian made program made by russian developers and it is updated once or twice a week.

    The current version is 3.0.0.6

    Here are some test results of it:

    http://www.hackfix.org/miscfix/icons-at.shtml

    http://www.pcflank.com/art17d.htm

    http://www.pcflank.com/art26d.htm

    As you see the results are very different in each test.

    But when we are looking at VirusP 11-2002 test, so the results of detecting totally 6 308 Trojans and Backdoors were:

    52,69 % TDS 3.2.1
    43,71 % PC DoorGuard 2.16
    38,55 % PestPatrol 4.0.0.36
    37,22 % Trojan Remover 4.8.8
    34,78 % Anti Trojan 5.5.405
    22,53 % The Cleaner 3.5.3517
    19,31 % Tauscan 1.6.0723
    12.76 % LockDown Millenium 8.1.8

    After that I think it is quite good within all AT:s. It has even On-Access scanner. For instance Trojan Remover hasn't that kind of stuff. :D

    It has one big minus and it is very poor english support from the developer. I, for instance, have got no answer of them in two weeks! :mad:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,601
    Location:
    Hawaii
    Very very helpful info, FF.

    PCDG [astonsoft] has a support forum. That's a good sign.

    Several posts have gone unanswered for several days. That's a bad sign.

    Also, there is a poster who expressed his thoughts primarily with 4-letter words & threats.

    So I my guess is that PCDG is a 1-man show, badly in need of someone to help mod his forum.

    Still, it's an AT that I shall keep an eye on.
     
  8. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    To Firefighter from wizard! ;)

    Unlike for antivirus software there no real qualified and independent test results available for antitrojan software. The test you refer to could not really be considered as a basis to judge on antitrojan software.

    Here is the background:
    Some years ago when the first backdoor trojans were released most av vendors did not care about the problem. This was the time when a lot of small companies (mostly one man shows) took the chance to write programs that deal with the special kind of malware. Compared to viruses the detection of (backdoor-) trojans is quiet easy as the file remains static while viruses mostly change their 'structure' each time they infect a new file.

    Since 2-3 years now the trend changed. Antivirus companies started to detect (backdoor-) trojans as well. That had to force the trojan users (or scriptkiddies) to find ways to make such trojans 'undetectable' from av software. The most common method to do this is to use runtime packer or crypters.

    And again most av companies don't react to this changed usage of (backdoor-) trojans so far. And even worse most AT programs have now the same lack: They are not able to deal with the packer issue properly.

    Therefore a test with (backdoor-) trojans make only sense if the result of the test shows wether a program is able to deal with runtime packer or not. I recommand to have a look in the Anti-Trojan threat in this sub forum to get an example why a special antitrojan program can be today as useless as an av program in regard to (backdoor-) trojan detection.

    So please be carefull if you mix up so-called test results that don't reflect todays reallity. And also please check whether the test set included also non-trojan programs. What you always find quiet often in unqualified at test is that real trojans are mixed up with (harmless) programs that are delivered with the trojan server.

    wizard
     
  9. Ph33r_

    Ph33r_ Guest

    I could be mistaking but PC DoorGuard 3 looks awfully like Anti-Trojan Shield.

    There goes that theory ;), I ran numerous Archive tests and this Anti-Trojan product failed terribly like all the others I’ve tested… If you guys like to see for yourselves whether or not you’re Anti-Trojan product Passes/Fails, here is one of many methods to try;

    My Documents
    |
    VBS-Infections-BEST.rar, VBS-Infections-BEST.zip, VBS-Infections-Normal.rar VBS-Infections-Normal.zip (Maximum & Normal Compressions Level of .Zip, & .rar with the below \VBS-Infections\ Added into each and every one of them).
    |
    ----
    VBS-Infections (Directory)
    |
    |_\1\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\2\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\3\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\4\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\5\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\6\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\7\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\8\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\9\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\10\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs
    |_\11\LOVE-LETTER-FOR-YOU.TXT.vbs, tune.vbs

    Downloading/Installing & configuring/updating PC DoorGuard 3 and running a Scan on \My Documents\ and all the sub-folders & files, here is the Actual PC DoorGuard 3 Log.

    ++++++++++++
    PDG v.3.0.0.6
    15:26.54 - May 12, 2003, Monday
    Started applications scan.
    Virus definitions:7507
    Virus applications not detected.
    Memory scan.
    Registry and system file scan.
    File C:\WINDOWS\win.ini did not contain suspicious records.
    File C:\WINDOWS\system.ini did not contain suspicious records.
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-BEST.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    PDG detected a virus "I-Worm.LoveLetter.LOVE-LETTER-FOR-YOU" in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /LOVE-LETTER-FOR-YOU.TXT.vbs
    PDG detected a virus Probably VB Script virus in compressed file C:\Documents and Settings\Phant0m_\My Documents\VBS-Infections-Normal.zip /tune.vbs
    15:27.17
    Scan completed
    Files scanned: 339
    Files infected: 2
    Scan speed: 16 files per second.
    Please regularly update PDG!
    -
    -
    ++++++++++++

    How many Errors can you find?!?!?!?! :p

    As for the next officially released Anti-Trojan v5.5.4** product; there are absolutely no issues now what-so-ever with the “Archive Scanning” Feature, Thanks to such great Tech Support who Acknowledged and repaired within such short period of time might I add… :D
     
  10. Ph33r_

    Ph33r_ Guest

    Little Tip; if you copy between ++++++++++++ and paste into Notepad you’d be capable of comprehending its Log file lot better. ;)
     
  11. xor

    xor Guest

    I am perplexed :eek:
    What the hell do you want to show or prove with such logs ?
     
  12. Ph33r_

    Ph33r_ Guest

    I’ve personally feel those tests results are irreverent now as much time has passed since those tests were done up last… Another importance in testing is making sure you have the most current releases of Anti-Trojan products which is properly updated & configured which many of these tests results are invalid due to not following these appropriate testing rules… :p

     
  13. Ph33r_

    Ph33r_ Guest

    Hey xor

    For many reasons one which is to make all aware of PC DoorGuard 3 Archive Scanning capabilities, with little Log viewing you may notice number of issues in Reference to this Software’s and other Anti-Trojan Software issues.

     
  14. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Archive scanning is a nice to have feature. It has nothing to do with trojan/malware protection at all.

    wizard
     
  15. xor

    xor Guest

    Can you please explain with facts to me WHY it is a threat if a scanner does not scan all archive formats ?

    Fact: If you are REALLY infected with something, then this malicous program/code is running OUTSIDE of any archives.
    This means all scanners which are not be able to scan archives would detect this - if it is in a archive IT CAN NOT DO ANY HARM and the most of the users do not download virus collections in RAR/ZIP Files, means if there would be a virus or something inside you would be alerted in this moment where you extract this file out of the archive. (RTM flags here because this file gots expanded out of this archive - maybe to a tempfolder for caching during unpack or to the direct outputfile) - THERE IS NO WAY TO START A FILE IN A ZIP/RAR File without getting a File I/O CreateFileA/W (API) Event or without having a kernel mode event (Device Driver RTM such as a READ/WRITE EVENT - you can this detect for instance with a FILE SYSTEM FILTER DRIVER)
    Everybody who says you can start a File out of such archives (note: a archive acts OTHER than runtime packed executables) without geting alerted by your AV (if you have the RTM Settings correct) is a liar or does not know the technical background how archive unpacking works.
    If a scanner does detect files into such archives it is nice - but it is not a real thread in a on demand scan.
    That's why the most certificated test's using RAW-PE / VBS / BATCH / GOAT-FILES and do not scan a "testset" which "hides" in one big RAR-Archive for instance.
     
  16. Ph33r_

    Ph33r_ Guest

    Hey wizard!

    & xor

    Time-Out!!!!!
    Once again you are involving viruses/Anti-Virus Systems with that of Trojans and Anti-Trojans Systems of which I’m in Reference too ONLY. o_O

    I’ve very disappointed at you guys especially you wizard, most of the Anti-Trojan Software don’t have Memory Scanning capabilities, only On-Demand Scanning capabilities. And if you had Archives that you created/received which had Trojans in them before or even after the Installation of an Anti-Trojan product and you Enabled “Archive Scanning” Feature wanting to-do thorough Archive Scanning for Trojans that could be executed at some point and your Anti-Trojan product didn’t properly function in that area, I would say that’s false Advertising and since of security. ;)
     
  17. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Since when is I-Worm.LoveLetter a trojan? Looks like you are also mixing things up. The point is a special antitrojan program makes only sense if it has the ability to deal with the issues your antivirus program has with (backdoor-)trojans. Otherwise it is completly useless to have a special antivirus program that offers the same lack protection as an av program.

    There are two ways: Either the scanning the process memory or unpacking during the file scan. Both methods have advantages and disadvantages. But if your AT program has none of it than it can be considered as nearly useless.

    wizard
     
  18. Ph33r_

    Ph33r_ Guest

    Yes doesn’t take 2year old to know that, whether or not it’s a worm or a Trojan the point still shows how poorly Archive Scanning capabilities in Anti-Trojan products are… :D
     
  19. Ph33r_

    Ph33r_ Guest

    I totally agree I never disagreed on this here or elsewhere. You just misunderstood my attentions.
     
  20. xor

    xor Guest

    Ok i tell you now something to think about.

    If you use a plain textfile with let's say 2 GIGABYTES SPACES and intop of this Large File you put a simple EXE-Header such as "MZ" sign and the PE Flag - after this you compress this file with WINRAR or WINZIP you will get a Zip/Rar File with maybe 1 kilobytes or 2 kilobytes.

    Now imagine what would be happen if you make let's say 5000 copies of this file ala MyFile1.ZIP upto MyFile5000.ZIP

    Then copy all of these files into one directory and ZIP all of these Files again in one new ZIP. Coz all 5000 "small" Zip Files should be compressed 1:1 (and the binary data should be exactly the same from each file out of these 5000 files) this will also result in a very small ZIP file. Only a guess let's say around 10 Kilobytes or something.

    Now start to calculate :D

    One single small ZIP File is 2 kb and it does contain RAW DATA with 2048 MB ( 2 Gigabytes ) AND IT DOES FOOL THE SCANNER WITH THIS FAKE EXE HEADER TO UNPACK IT

    Ok we go on... 2 Gigabytes * 5000 = 10.000,00 GigaBytes WOW :eek:

    Now, actualy for this example a simple ZIP File with 50 kb size is containing 10.000,00 GIGABytes RawData. :eek: :eek: :eek:

    Now guess what would be happen if a AV Scanner try's to unpack this all. (Note you "force" him if you name this big files *.EXE and if they do contain a EXEHeader)
    Do you have 2.000 GigaBytes Memory to unpack this into the memory ?
    I doub't this. Many people will not even have this space on older computers to swap out / create tempfile.

    And these 5000 Files making sure that the scanner would scan until to death if he did not set some limit's such as MAX-EXPAND-SIZE or Nested Archiv Unpacking. If you want you can always hide nastie files in such archives - you need only to know how :D

    Michael
     
  21. Ph33r_

    Ph33r_ Guest

    That’s irreverent. ;)
     
  22. controler

    controler Guest

    I am very impressed at the version of RAR program yhou are using.
    I have used WinRar, WinZIp and Winace ( wich I prefer )
    And I could never get a 10 gig file compressed to 50 K,,, ever.
    You one lucky puppy :D

    I know WAREZ uses RAR alot. Winace is far better than WinRar.

    Now why can't the filed be unpacked in peices ? , taking small chunks at a time in memory and not trying to unpack the whole file at one time.
    and yes by gollie, I do have 2 gig PC2700 DRAM
    use the swap file to check small chunks of data at a time?
    I am guessing people are creating new packers as fast as they creat viri these days
     
  23. xor

    xor Guest

    I am not lucky i just point out the facts :D
    Download this:
    http://www.gladiator-antivirus.com/kaboom.rar

    and extract it :D
    Happy Disk Space Wasting :D

    BTW... just look inside this archive how big the extracted file becomes before you try to unpack it :eek:
     
  24. controler

    controler Guest

    Ok I am confused. Didn't you say the file was 50K zipped and 11 gig unzipped? Kaboom.Rar is almost 500K unzipped. So shouldn't this Kaboom.Rar be 110 gig ? That would be just about perfect since I have a 120 gig drive.
     
  25. Ph33r_

    Ph33r_ Guest

    KABOOM.rar
    Size: 488KB
    &
    Decompressed:
    KABOOM.LOL
    Size: 976MB

    ;)
     
Thread Status:
Not open for further replies.