Polly who?

Discussion in 'other anti-trojan software' started by bellgamin, Aug 6, 2002.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,604
    Location:
    Hawaii
    I am considering buying Tauscan by Agnitum.

    I use Agnitum's firewall [Outpost] & really like it. Ergo, I wondered: "Why shouldn't I use their AT [Tauscan} as well?"

    So I checked around & discovered the *dirty news* about Tauscan. Namely, it can't do polymorphics.

    Is this true? Should I care? And what in blue blazes is a polymorphic anyway? :doubt:

    Shaalu shalom Yerushalayim
    Bellgamin
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    bellgamin - I know, that pesky old Pete Yevchak has been at it again, hasn't he? ( <g> )

    If you read the thread there, you'll see that Danil has said that the polymorphic trojan detection will be added in the up-coming v.2.

    We'll have to send Pete back there to inquire as to whether all current Tauscan users will get the new version as a free upgrade - that's the only way I'd go ahead and buy Tauscan now.

    To answer your question, here's the definition for a polymorphic virus (which manifests the same characteristics as a polymorphic trojan):

    "Polymorphic Virus - Polymorphic viruses create varied (though fully functional) copies of themselves as a way to avoid detection from anti-virus software. Some polymorphic virus use different encryption schemes and requires different decryption routines. Thus, the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands in the attempt to thwart anti-virus software. One of the most advanced polymorphic viruses uses a mutation-engine and random- number generators to change the virus code and its decryption routine."

    IOW, if you're using a scanner of any type, and it detects malware solely on the basis of a definitive signature, then changing that signature in the slightest (hello polymorphics!) can result in the malware not being detected/not being cleaned correctly/not being eliminated everywhere on the computer.

    Heuristics (when the program includes them, they're settable insofar as sensitivity is concerned and you've found that feature and turned it on) are supposed to help rectify that situation - for instance, see Jack Benny's post, here: http://agnitum.com/forum/showthread.php?s=756fcd3f3c7531112e7efefb50e05cac&threadid=4561.

    I'm a happy user of three of the major AT programs - TDS, The Cleaner and Tauscan. (listed in order of personal preference).

    TDS is my primary AT program (it runs in SYSTRAY, starts at boot-up with all options for my OS engaged and wide-open at all times).

    I use the other two as cross-checks (and to help them out with their programs, provide feedback in the case of false alarms, trouble-shoot new program versions, feature versions, database updates etc., as best as I am able).

    Hope this helps. Pete
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,604
    Location:
    Hawaii
    Thanks Pete. I mean REALLY thanks.

    Since you have communicated with Danil on this matter, maybe you will understand one of several reasons why I will get Tauscan if/when they lick the poly-problem. Namely, Danil seems to be an honest and friendly fellow -- the kind of person I enjoy doing business with.

    Regards,
    Bellgamin
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    bellgamin - You're quite welcome. Pete
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,604
    Location:
    Hawaii
    Hey Pete [and whoever else has a comment],

    I forgot to ask -- if I use Tauscan for a while [I REALLY like the program's ease of use], how serious is it that it doesn't do polymorphics? I mean -- if Tauscan is my ONLY AT?

    Put it this way -- speaking hypothetically, if TDS protected my box's groin region by a factor of, say, 90 -- then what would Tauscan be? More than 0 surely. Maybe 80o_O

    Wild-a*s guesses are solicited &, if offered, shall be gratefully accepted.

    Regards,
    Bellgamin
     
  6. FanJ

    FanJ Guest

    Hi,

    Did you have a look here:

    http://www.wilders.org/anti_trojans.htm
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I can only say TDS is already named superior, the coming TDS-4 will make many jobless. They'll release a whole bunch of very fine new tools later this year, so try rhem out and check back often on their sites. Many TDS operators ose Outpost, among others, so it seems to go fluent one beside the other.
    Mind that every at or av developer has their own databasse and ways of detection, which is one of the reasons many people use more then one product. For me TDS is central on my system for various reasons (which you can read between the lines in the DSC forums here).
    I can't say a thing about Tauscan as not having any personal experience with it, only some "hear say" which i don't remember ever having been bad news.
    So really do try them out and do take your time and see what is most at your liking.
    Happy hunting!
     
  8. snowy

    snowy Guest

    Pete and FanJ

    posting to you because of my un-certainty on this.....by disabling windows scripting host...wont that prevent "Polly"? Not suggesting that anyone should do this...just a curious question.....my mouse goes bonkers with windows scripting host disabled.

    snowman
     
  9. FanJ

    FanJ Guest

    Hi Snowman,

    Sorry, I'm afraid I don't understand your question fully (you know, my English....).
    But due to some very stupid postings by me lately, I feel right now much too uncertain to make any valuable posting right now..... :oops:
    O, BTW: I have WSH disabled in IEClean which calls it VBS Scripting Host.
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I need the scripting host to be able to run my scripts, among others VBS, and not to forget in TDS. I have WormGuard to take care of possible malicious files and gives me a chance to look into them in the safe mode, among the many other functions. You can even add files by name to the block list, so your polly.exe to name an example.
    There are several more tools blocking scripts, so it is not necessary to cripple windows with uninstalling the WSH and VBS at all.
    If it can run it can be detected and stopped in it's traces.
     
  11. snowy

    snowy Guest

    ***from a link at wilders freetools***


    http://www.diamondcs.com.au/patches/enhancer.php3?patch=wsh



    FanJ

    my friend I always find your post enjoyable.....if there were a contest on who posted the dumbest post I surely would win.....LOL



    Jooske

    At the moment I have WSH disabled....I go back and forth .......for the most part its enabled
    yes I know several people who can not do without WSH because of their programs not working properly.....

    snowman
     
  12. snowy

    snowy Guest

    OOOOOOOOPS


    Bellgamin

    in no way am I suggesting the install of the patch....please understand that.........the link provided is just for informational purposes.

    snowman
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,604
    Location:
    Hawaii
    Scripts? I don't got no steenkin' script problems. Me using ScripTrap -- most beautiful little script nipper in the world.

    From....
    http://keir.net/scriptrap.html

    Bell :D
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Bell,

    We addressed this issue back in December 2001, contacting the CEO from Agnitum. Mikhail Zakhryapin confirmed us, Tauscan had to be rebuild from scratch in order to cope with polymorphism.

    It's very serious - IMHO that serious, one cannot rely on the actual version from Tauscan as a reliable first line in defense.

    regards.

    paul
     
  15. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi bellgamin, nice to see you over here. Danil is one of the nicest guys I have ever met. With guys like him on a team you can't go wrong in the long run.
    My concern about buying Tauscan right now would be, it's hard to tell how long it is going to take the get it updated. One of the problems everyone is running into is trying to cope with Bill Gates's latest bad joke, XP and getting third party software to work with it since he changed key components and XP is no longer compatible with many of the programs already developed. Since it is proprietary, developers do not have access to information that would facilitate easy updates.
    So Tauscan will get fixed and be a great AT, I'm sure, but it may be a bit yet.

    Snowy, I don't think disabling WSH will make a difference when it comes to polymorphism. I do have it disabled on my machine and have never missed it. I would still worry about relying on Tauscan as a primary defense.
    God, I hope Mikhail never sees this. :eek:
     
  16. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hey root,

    Don't worry. Even if he does, he's real fair in software of his being critized with good reason - I can tell from experience ;)

    regards.

    paul
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,604
    Location:
    Hawaii
    Thanks for the good and kindly advice.

    Alas! I really understand how to use Tauscan whereas the other AT I tried [TDS] was totally intimidating.

    Isn't there a *pretty good* AT that is equally as "friendly" to use as Tauscan? [I'm not a prime target for bad guys. Ergo, I don't need a Rottweiler of an AT. More like a Golden Retriever, maybe? Puh-leez - any specific AT suggestions will be greatly appreciated.]

    It's 76 degrees. Skies are azure. Sand on the beaches is clean and white. Trade winds are 15 mph. Surf on N. shore is 3 - 5 feet.
    God's in His heaven.
    All's right with the world. :cool:
    Aloha from Hawaii,
    Bellgamin
     
  18. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Euhhhmmmm..... i gave the advice to shop around patiently ... for a reason i can't talk about aloud, but you will understand, and not only your pleas are heard,.... it's just give yourself the time so during evaluating some products you will be as safe as what you're evaluating lets you be, so at a given moment later this year you might be really really reaaaaaaaaaly very happy you waited with deciding...... i am very sure "message understood" :)
    Even though i'm most certainly am not a poweruser but the same day i installed TDS long ago i knew i did not even want to be without and the amazing support helped me trying to understand what it was doing and what i was supposed to look at. Now there are two official forums beside that to help each other and my experience quickened, seeing things i never would have thought myself, playing with it (the script part i just love), lost my real fear and anger for all kinds of nasties and learned a lot more, even to help new users with the programs where i can. Don't get shocked or frightened by the program, imagine how those nasties against whom we try to defend ourselfs will run off screaming.
    BTW: why do you think many of those are using it, to defend them against their own kind?
    Of course you can use TDS as it is as a simple scanner, but you do yourself short with that toolbox with all those 50 functions in which one can grow.
    Can only say look around in the DCS forums here for some things people describe to have some impression.
    I'm not a user, but a proud TDS operator.
     
  19. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Bell,

    In case you are really looking for an alternative besides TDS (in spite of the nicely put arguments from Jooske), consider giving TrojanHunter a test drive. You can download a trial version from our downloads page:

    www.wilders.org/downloads.htm

    regards.

    paul
     
Thread Status:
Not open for further replies.