Real Time Protection?

Discussion in 'Trojan Defence Suite' started by Soul_Flame, Apr 2, 2002.

Thread Status:
Not open for further replies.
  1. Soul_Flame

    Soul_Flame Guest

    Sorry for yet another question folks.  

    I understand that once registered, execution protection is enabled which if I understand it correctly protects the user every time a program starts up.  But what about stuff running in existing processes or memory?  Does it cover that as well, or is there another feature that covers it?  I guess I want a package that will do a couple basic things for me:

    1.  protect me in real time should I either inadvertently download a trojan, or should a trojan somehow previously missed 'decide' to activate itself in a manner other than via the execution of another program.

    2.  allow me to scan on demand

    It's quite obvious to me that TDS-3 does #2, I'm less clear on #1 and what tools TDS-3 offers to protect me in real time.

    Thanks

    Rick
     
  2. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Wow that is a good qustion i think you can set it up so its runing in the back ground but its not compatiable with fire wall it leas  last i rember it wasnt.

    Im a newby to so your qustion brought up a good point any one here know where are those tds people today there usealy here alot lol.
     
  3. Liquid_Fish

    Liquid_Fish Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    81
    When TDS starts you can set it to do a full memory scan.  That should catch anything running in existing processes.
     
  4. Soul_Flame

    Soul_Flame Guest

    Yes, but what about AFTER that?  If I don't reboot my system more than once or twice a week, does that mean in the interim I have no real time protection?
     
  5. FanJ

    FanJ Guest

    Hi,

    If you have Execution Protection enabled (and TDS-3 is running), you have real time protection! Everything that wants to run, will be first checked by TDS-3. Execution Protection is an "hook", that will first "send" everything, that wants to run, to TDS-3 for a checking on Trojans.
    (Note: in fact the Execution Protection is a .dll file).

    With Execution Protection enabled (and TDS-3 running), TDS-3 is an on-access scanner (and can also be used as an on-demand scanner)

    Without Execution Protection enabled, TDS-3 is an on-demand scanner.
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If i remember well, execution protection can't be intalled in the evaluation version; never had that problem as i registered.
    You can always perform extra scans and checks with the system running, either manually or set a task to do it at certain hours for you.
    Once running, it keeps protecting and alarming on new things, and the exec.prot. does check all time possible nasty files and keeps them from running.
    You could protect the registry extra with the RegProt tool (free) which protects against unauthorised writing in the registry by trojans and such.
    Further i'm really happy with the combination with WormGuard, which protects against worms code in files and from web sites and a lot more.

    You might have seen there is a new version in the build, which is no reason to possibly hold back this moment, as registered users are updated for free.
     
  7. Soul_Flame

    Soul_Flame Guest

    FanJ.....thanks for the info.  I guess my question is, does execution protection also handle if something is sitting in memory and launches from THERE as opposed to launching an executable file.  Am I still protected?  
     
  8. FanJ

    FanJ Guest

    Hi,

    If you let TDS-3 start up (with Execution Protection enabled; and with Mutex Memory Scan and Memory Scan and Trace Scan enabled) together with system start-up, then your memory will be checked. So, if nothing malicious has been found with respect to Trojans, your memory is then "clean". And after that Execution Protection will take care of your protection with respect to Trojans (of course together with your firewall and AV).
     
  9. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    So, after the initial start up process memory scan, process memory is not monitored thereafter?
     
  10. Soul_Flame

    Soul_Flame Guest

    blacksheep.....that's exactly the question i've got, and the possible problem i have with TDS-3.  I reboot my pc infrequently.  My concern is that somehow a trojan finds its way onto my system AFTER initial scanning and worms its way into process memory, then launches from there.  It sounds to me like in that scenario TDS-3 will NOT protect me.  Now, how plausible that scenario is?  I don't know.  I don't know enough about TDS-3 specifically, or trojan technology in general, to know if a trojan COULD get into memory after startup scanning without being detected.  But I'm not comfortable with what seems to be the response that after startup, there's no memory scanning of any kind taking place.
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Soul_Flame as fellow newby i would just tell you this from the buttom of my heart .

    JUST BUY THE D.A.M.N THING LOL=)

    if you actualy have the money to just buy it.

    you already know how to set it up and run it now all those other extra features are just exotic extras lol.

    tds finds all kinds of nastys and alparently new stuff that is submited to them by trojan makers and proffestional trojan makers.

    they have acess to all kinds of stuff so they can protect you from it if some one lets it out into cyber space.

    i tell you what why dont you gimme your money so i can buy a full registered copy for my self ill tell you how it all works out lol.

    just gime your credit card number and id pin number and ill be enjoying a full registered copy of tds lol you wont mine if i buy a little something something extra i had my eye out on tds worm guard drewlllll.

    lol=)

    but seriousely i would buy it if i could afford it=( tears in blazes eyes it sucks being broke
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Tell me MrBlaze, many people have to care and put priorities unfortunately.
    That's why the ultimate is done to make the best known program available and as affordable as possible for those who can use it. Even so, DCS does not use fancy advertisement paid by the users, most is word of mouth by happy users, who can be really critical. That's why also the beta-testing process is rather heavy.
    Can you tell me if you were able to include the little script i posted for the configuration help, as i would like to know if this is possible in the evaluation as well.
    I'm sure with your sense of humor you will love to be able to use scripting this way and in more serious ways as well.
    I don't think the new versions will be cheaper, so if you can write to their sales and start trying to put aside what's possible to maybe have it ready the moment before your trial stops.

    I'm trying to think what would be ably to try to get into memory? are these executables? then they're stopped immediately from possibilities to execute. Nothing against to scan memory and process memory space
    as they can't get active in between, and with the scan they would be found, and if trying to write in registry there are the alarms, and as that is an action it would be stopped... etc...
    For sure Wayne and Gavin will be able to tell this in more technical terms.
     
  13. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    I keep it simple for fellow newbys example ((BUY IT))=)
     
  14. Soul_Flame

    Soul_Flame Guest

    Would someone who is registered and is using XP be kind enough to tell me how much RAM is consumed by running execution protection?  As a trial user, I'm unable to do so.

    Thanks

    Rick
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dwow way better qustions then when i asked lol.

    will i have 64 ram and it seems to run it ok even with my zone alarm so im guessing not that bad but if you come to wilders alot and you become a security junky like me it might be a good ideal to get  more then 300 ram lol.

    for  all the cool security software in the free tools section.

    i ought to make a list of newby  best softwares thers alot of one click your protected software at wilders.

    im guessing you got that new monster windows xp with 128 ram starting if so then all i can say is you can run nortion and tds and a fire wall all at the same time but thats about it i sugest a ram upgrade so you can do way more stuff.

    i personaly hate windows xp i love the way it looks but its only eye candy to many security leaks.

    about 9 security updates at microsoft update web site.

    so i definitly go for more ram if you plan on relly secureing that computer blame bill gates he sucks :D
     
  16. Soul_Flame

    Soul_Flame Guest

    Blaze......yeah, I've got 256meg of PC800 RDRAM, so I'm not concerned at this point about resources.

    Actually, I think I read on the website that execution protection isn't memory resident, but is provided as a 'hook' which activates when needed.  Not sure how that works.  What confuses me then is I read about stuff like port scanning in real time and some other things TDS-3 does in real time and I'm wondering "do I have to leave the full TDS-3 app running all the time to get those benefits"?
     
  17. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dblaze drewlsss you got more then enough ram who cares if you run it in the back grond all day you lucky bastard im jealious.

    yup i belive you do have to run it so it protects your ports you mean web surfing right if so yes but the amount of ram you got its no big deal.

    i belive tds protects you perty well from trojans sending back a message to the hacker would you like frys with that cook lol.

    but is it compatiable with zone alarm is the real qustion.

    if you can run tds and zone alarm with no conflicts or stupit zonew alarm alerts from tds being active then helll yeahhhhhhhhhhhhh buy it. :D
     
  18. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,401
    Location:
    North Carolina, USA
    Hello all,

    That is my understanding too, that execution protection is not memory resident, but a "hook" (dll?) that activates as needed.

    I use XP Home and on my system with all options checked (except sockets) including execution protection, TDS-3.2.1 uses 5,868 K of ram.  To me, that is minimal for the protection it offers.

    Regards,
    Kent
     
  19. Soul_Flame

    Soul_Flame Guest

    Kent, thanks for contributing.  Can you, or any other tds user, answer the following questions?

    *  In order to get execution protection from tds, do you have to keep the main tds engine running live?  

    *  If so, does this provide any other benefit apart from execution protection?  

    Thanks and regards

    Rick
     
  20. Soul_Flame

    Soul_Flame Guest

    forgot to ask one other question....

    *  if the tds main engine must stay active to obtain any real time benefit, can it at least be minimized to an icon in the systray and get it off the main part of the task bar?
     
  21. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,401
    Location:
    North Carolina, USA
    Rick,

    *  In order to get execution protection from tds, do you have to keep the main tds engine running live?   I am pretty sure you have to but maybe someone else can clarify.

    *  If so, does this provide any other benefit apart from execution protection?   I will leave this for the experts also.

    *  if the tds main engine must stay active to obtain any real time benefit, can it at least be minimized to an icon in the systray and get it off the main part of the task bar?  Yes, you can minimize to either systray or taskbar, your choice.

    Hope this helps a little,
    Kent
     
  22. FanJ

    FanJ Guest

    right

    yes, but it all depends on what you want to do with TDS-3.

    right
     
  23. Mem

    Mem Guest

    In order to have Execution Protection, TDS must be running.  If the program is not active, the Execution Protection is gone.  I use a number of other features in the program (TCP listening, bridging, memory process checks, etc) so it provides other benefits at times.

    The icon can be minimized to the system tray, taskbar or to movable "mini control window' on the desktop.
     
  24. Soul_Flame

    Soul_Flame Guest

    Ok, I think we're getting close to the info I'm after.  

    Mem.....you said you use it for process memory checks.  My understanding was TDS-3 would only scan memory on demand.  Is there a way keeping TDS-3 active to also scan memory in addition to execution protection?    Early on this thread I said I was concerned that something could launch from memory and possibly not be detected by execution protection since an executable was not involved per se, and that the only memory scanning was done on demand.  Is this not the case?  I'd be very pleased to see that TDS-3 can be structured to enable real time memory protection.
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    With all this, don't forget the coming v4 with new features, of which might be more in this direction too. We don't know yet what to expect.
    There are some elements of WormGuard technology included in TDS-3 (no doubles with WG itself) for even more protection. I have them both running --WG is completely in the background unnoticable and not consuming resources, btw-- and ZAPro with that is still no problem, beside several other programs and functions.
    I use TDS as a basic to look on the system and close unwanted connections (netstat) and a lot more.
     
Thread Status:
Not open for further replies.