Polly who?

I am considering buying Tauscan by Agnitum.

I use Agnitum's firewall [Outpost] & really like it. Ergo, I wondered: "Why shouldn't I use their AT [Tauscan} as well?"

So I checked around & discovered the *dirty news* about Tauscan. Namely, it can't do polymorphics.

Is this true? Should I care? And what in blue blazes is a polymorphic anyway?

Shaalu shalom Yerushalayim
Bellgamin

 

bellgamin - I know, that pesky old Pete Yevchak has been at it again, hasn't he? ( <g> )

If you read the thread there, you'll see that Danil has said that the polymorphic trojan detection will be added in the up-coming v.2.

We'll have to send Pete back there to inquire as to whether all current Tauscan users will get the new version as a free upgrade - that's the only way I'd go ahead and buy Tauscan now.

To answer your question, here's the definition for a polymorphic virus (which manifests the same characteristics as a polymorphic trojan):

"Polymorphic Virus - Polymorphic viruses create varied (though fully functional) copies of themselves as a way to avoid detection from anti-virus software. Some polymorphic virus use different encryption schemes and requires different decryption routines. Thus, the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands in the attempt to thwart anti-virus software. One of the most advanced polymorphic viruses uses a mutation-engine and random- number generators to change the virus code and its decryption routine."

IOW, if you're using a scanner of any type, and it detects malware solely on the basis of a definitive signature, then changing that signature in the slightest (hello polymorphics!) can result in the malware not being detected/not being cleaned correctly/not being eliminated everywhere on the computer.

Heuristics (when the program includes them, they're settable insofar as sensitivity is concerned and you've found that feature and turned it on) are supposed to help rectify that situation - for instance, see Jack Benny's post, here: http://agnitum.com/forum/showthread.php?s=756fcd3f3c7531112e7efefb50e05cac&threadid=4561.

I'm a happy user of three of the major AT programs - TDS, The Cleaner and Tauscan. (listed in order of personal preference).

TDS is my primary AT program (it runs in SYSTRAY, starts at boot-up with all options for my OS engaged and wide-open at all times).

I use the other two as cross-checks (and to help them out with their programs, provide feedback in the case of false alarms, trouble-shoot new program versions, feature versions, database updates etc., as best as I am able).

Hope this helps. Pete

 

Thanks Pete. I mean REALLY thanks.

Since you have communicated with Danil on this matter, maybe you will understand one of several reasons why I will get Tauscan if/when they lick the poly-problem. Namely, Danil seems to be an honest and friendly fellow -- the kind of person I enjoy doing business with.

Regards,
Bellgamin

 

bellgamin - You're quite welcome. Pete

 

Hey Pete [and whoever else has a comment],

I forgot to ask -- if I use Tauscan for a while [I REALLY like the program's ease of use], how serious is it that it doesn't do polymorphics? I mean -- if Tauscan is my ONLY AT?

Put it this way -- speaking hypothetically, if TDS protected my box's groin region by a factor of, say, 90 -- then what would Tauscan be? More than 0 surely. Maybe 80

Wild-a*s guesses are solicited &, if offered, shall be gratefully accepted.

Regards,
Bellgamin

 

Hi,

Did you have a look here:

http://www.wilders.org/anti_trojans.htm

 

I can only say TDS is already named superior, the coming TDS-4 will make many jobless. They'll release a whole bunch of very fine new tools later this year, so try rhem out and check back often on their sites. Many TDS operators ose Outpost, among others, so it seems to go fluent one beside the other.
Mind that every at or av developer has their own databasse and ways of detection, which is one of the reasons many people use more then one product. For me TDS is central on my system for various reasons (which you can read between the lines in the DSC forums here).
I can't say a thing about Tauscan as not having any personal experience with it, only some "hear say" which i don't remember ever having been bad news.
So really do try them out and do take your time and see what is most at your liking.
Happy hunting!

 

Pete and FanJ

posting to you because of my un-certainty on this.....by disabling windows scripting host...wont that prevent "Polly"? Not suggesting that anyone should do this...just a curious question.....my mouse goes bonkers with windows scripting host disabled.

snowman

 

Hi Snowman,

Sorry, I'm afraid I don't understand your question fully (you know, my English....).
But due to some very stupid postings by me lately, I feel right now much too uncertain to make any valuable posting right now.....
O, BTW: I have WSH disabled in IEClean which calls it VBS Scripting Host.

 

I need the scripting host to be able to run my scripts, among others VBS, and not to forget in TDS. I have WormGuard to take care of possible malicious files and gives me a chance to look into them in the safe mode, among the many other functions. You can even add files by name to the block list, so your polly.exe to name an example.
There are several more tools blocking scripts, so it is not necessary to cripple windows with uninstalling the WSH and VBS at all.
If it can run it can be detected and stopped in it's traces.

 

***from a link at wilders freetools***


http://www.diamondcs.com.au/patches/enhancer.php3?patch=wsh



FanJ

my friend I always find your post enjoyable.....if there were a contest on who posted the dumbest post I surely would win.....LOL



Jooske

At the moment I have WSH disabled....I go back and forth .......for the most part its enabled
yes I know several people who can not do without WSH because of their programs not working properly.....

snowman

 

OOOOOOOOPS


Bellgamin

in no way am I suggesting the install of the patch....please understand that.........the link provided is just for informational purposes.

snowman

 

Scripts? I don't got no steenkin' script problems. Me using ScripTrap -- most beautiful little script nipper in the world.

From....
http://keir.net/scriptrap.html

Bell

 

Hi bellgamin, nice to see you over here. Danil is one of the nicest guys I have ever met. With guys like him on a team you can't go wrong in the long run.
My concern about buying Tauscan right now would be, it's hard to tell how long it is going to take the get it updated. One of the problems everyone is running into is trying to cope with Bill Gates's latest bad joke, XP and getting third party software to work with it since he changed key components and XP is no longer compatible with many of the programs already developed. Since it is proprietary, developers do not have access to information that would facilitate easy updates.
So Tauscan will get fixed and be a great AT, I'm sure, but it may be a bit yet.

Snowy, I don't think disabling WSH will make a difference when it comes to polymorphism. I do have it disabled on my machine and have never missed it. I would still worry about relying on Tauscan as a primary defense.
God, I hope Mikhail never sees this.

 

Thanks for the good and kindly advice.

Alas! I really understand how to use Tauscan whereas the other AT I tried [TDS] was totally intimidating.

Isn't there a *pretty good* AT that is equally as "friendly" to use as Tauscan? [I'm not a prime target for bad guys. Ergo, I don't need a Rottweiler of an AT. More like a Golden Retriever, maybe? Puh-leez - any specific AT suggestions will be greatly appreciated.]

It's 76 degrees. Skies are azure. Sand on the beaches is clean and white. Trade winds are 15 mph. Surf on N. shore is 3 - 5 feet.
God's in His heaven.
All's right with the world.
Aloha from Hawaii,
Bellgamin

 

Euhhhmmmm..... i gave the advice to shop around patiently ... for a reason i can't talk about aloud, but you will understand, and not only your pleas are heard,.... it's just give yourself the time so during evaluating some products you will be as safe as what you're evaluating lets you be, so at a given moment later this year you might be really really reaaaaaaaaaly very happy you waited with deciding...... i am very sure "message understood"
Even though i'm most certainly am not a poweruser but the same day i installed TDS long ago i knew i did not even want to be without and the amazing support helped me trying to understand what it was doing and what i was supposed to look at. Now there are two official forums beside that to help each other and my experience quickened, seeing things i never would have thought myself, playing with it (the script part i just love), lost my real fear and anger for all kinds of nasties and learned a lot more, even to help new users with the programs where i can. Don't get shocked or frightened by the program, imagine how those nasties against whom we try to defend ourselfs will run off screaming.
BTW: why do you think many of those are using it, to defend them against their own kind?
Of course you can use TDS as it is as a simple scanner, but you do yourself short with that toolbox with all those 50 functions in which one can grow.
Can only say look around in the DCS forums here for some things people describe to have some impression.
I'm not a user, but a proud TDS operator.