Revealed - why TDS has the edge over all other anti-trojan scanners

Discussion in 'Trojan Defence Suite' started by Wayne - DiamondCS, Jan 17, 2003.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Now explained for the first time, why TDS has a comprehensive edge over all other anti-trojan systems ...
    http://tds.diamondcs.com.au/theedge.htm
    :)
     
  2. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > Now explained for the first time, why TDS has a comprehensive edge over all other anti-trojan systems ...

    Those .924 Trojans will become a problem when the authors get around to completing them. :)
     
  3. Gladiator

    Gladiator Guest

    And for this statement i cancel my membership here - NOW
    Good bye wilders.

    Michael
     
  4. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Michael, that's a bit over-reactive don't you think? It wasn't directed at you or anyone in particular. <frown>
    And besides, GAV is an anti-virus scanner so it doesn't qualify as an anti-trojan scanner so you don't apply to that statement ;)
    Anyway the only place i've seen you post update announcements is at DSLReports but theyre well received there so by all means continue doing so, it would be foolish not to, but I'm sure you know what I meant so let's not blow things out of proportion. ;-)
    Enjoy the weekend

    Best regards,
    Wayne
     
  5. Gladiator

    Gladiator Guest

    Your page is a insult for all known developers - without names.
    Including Andreas Haak, Magnus Mischel and other.

    Sorry, but i dont need to be here - at least not after such statements.
    You list Delphi at your list because ANTS is coded in Delphi,
    You list the fingerprint generator in your list because Magnus uses this.
    You are thinking other people are dumb or what ?
    I know you YEARS ago from PowerBasic Forum - guess why...
    I did develop some compilers..... Oh yes and other people are not be able to code and analyse low level stuff - great.
    TDS was not even be able to Encrypt the database 2 years ago - and now such words - great.

    As i said before - good by.
    I dont want to be flamed here but this is really NOT BELIEVEABLE

    Michael
     
  6. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Wow, easy there fella. Sorry, but you're putting words into my mouth. I say one thing, you read it as something completely different if not the opposite. I don't believe anything said on the page wasn't true, please correct me if you find otherwise and I'll happily correct it. Otherwise, let's not take things personally shall we..? :)
    (This round of drinks on me then I guess ;)
     
  7. TAG97

    TAG97 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    616
    Location:
    Connecticut USA
    I'm a TDS-3 and Wormguard user and find the following paragraph to be bad judgement by the author :( :( :(

    Do they spam newsgroups or forums with database updates?
    There are a couple of forums where database update information is encouraged, one of them being in a special section at the Wilders Security Forum where the DiamondCS public user forum is also located. This is the only place you'll find notifications of our database updates. However, the people behind many other anti-trojan programs frequently post their database updates to forums and newsgroups where their scanner is not the topic of interest. This is tantamount to spam and it only serves to help sell the scanner - only a minority of users on such forums/newsgroups actually use those scanners, so the rest simply put up with it. It's rude, it encourages spam, it's inconsiderate of users who don't use that particular scanner (always a majority), and you'll never see such behaviour from us.
    Regards
    Tim
     
  8. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    No problems, that paragraph has been removed. Thanks for your feedback, it's very much appreciated. :)

    Best regards,
    Wayne
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    No,Tag 97, Not so much bad judgement as straight talking IMHO.
    Wayne is correct in as much as the update postings made are NOT for there current customers as most have an autoupdate facility.
    For those that won't or don't use that facility because of privacy issues will almost certainly make scheduled visits to download their updates.

    So not exactly blatant advertising but certainly a way of keeping the public eye.

    I'm ducking now...... :blink:
     
  10. DrSeltsam

    DrSeltsam Guest

    Ok Wayne ...

    Let me answer the questions ...

    >How many people work full-time in the research and development of the
    >program?

    One - but i think its one more than you have. As far as i know you DCS has 3 employees - 2 of them are developer. You have 3 products. Hmmm ... you are working fulltime on tds, wormguard and pe explorer. Guess why this couldn't be true.


    >developed by just 1 person. This 1 person is then responsible for handling the
    >entire running of the program - all sales enquiries, support enquiries, forum
    >support, bug reports, trojan collection, trojan analysis, trojan detection,
    >website maintenance, and so on -- it is far too much work for one person to do,
    >so if their response is only 1 person, you can rest assured they're quickly falling
    >behind and that their scanner cannot detect a high level of trojans due to lack
    >of time for collection/analysis/detection.

    Nope - its IN YOUR OPINION to much work.

    >If it's just an individual you should also
    >ask for their age - interestingly, many anti-trojan authors (like trojan authors)
    >are just teenagers who are pre-occupied with other things in life such as
    >school, with their anti-trojan scanner coming second fiddle. At this young age,
    >they certainly have the enthusiasm but lack the experience and skills necessary
    >to develop and maintain a comprehensive anti-trojan system.

    *rofl* ... You don't know how much experience someone has. I am nearly 19 years old. I started dealing with trojans and malware as i was 10. This is nearly than 9 years of experience.

    And now just some questions ... Kaspersky started coding of anti virus software aroung 1990 i think. Why does it have the more powerfull engine? You were there 3 years ago :eek:).

    Andreas Marx coded a virus scanner named TScan as he was 16 years old with a power full emulation. IKARUS for example developes av software since 1985 i think but its emulation is still not as powerfull as TScan's one.

    >Unless the scanner is TDS, Lockdown, The Cleaner or BOClean, the answer is >no.

    Collection Malware since 1995 so please put ANTS to the line - thanks.

    By the way, you miss masses of "old" trojans from the beginning.

    >Thousands of trojans have been released since trojans first appeared in the
    >mid 90s, and over the last couple of years there has also been an influx of anti-
    >trojan scanners. These new scanners have extremely low detection rates of
    >earlier trojans (many of which are still very common on the web, such as NetBus
    >and Back Orifice), and therefore should not be trusted to detect all trojans.

    As TDS for example :eek:). There are hundret of old win 3.x or DOS password stealers you miss.

    >As this is a fully-automatic process there is no intelligence used, and in many
    >cases the signature extracted might simply consist of nothing but 'null
    >characters' (ASCII 0). This greatly increases the risk of false alerts, and greatly
    >minimises the chance of successful trojan detection. However, as if that's not
    >bad enough, these automatically-determined signatures are usually taken from
    >certain positions in the file, but if the filesize changes then the offsets used will
    >be different. In other words, to prevent a known trojan from being detected by
    >such a scanner, all a hacker needs to do is increase the size of the file - the file
    >will still run as expected, but the scanner will no longer detect it as the scanner
    >will be looking for signatures at different offsets.

    *lol* ... do you ever see a POWERFULL fingerprinting scan? NOD32 for example use such a scan.

    >"Add bytes to the end of the file" is now a common feature of popular trojan
    >stealthing applications, used primarily to modify trojans to bypass detection.
    >Some trojans even feature an option (usually ON by default) to enlarge the
    >server once it has been run, further adding to the problem of detection. These >anti-detection capabilities are effectively useless against TDS.

    If the fingerprint uses the filesize yes. If it use other things this is wrong.

    By the way ... a program that is able to generate user signatures doesn't have to generate fingerprints. There are several methods to auto extract signatures.

    >As the leader in anti-trojan detection and having been around from the
    >beginning, we can assure you that ALL anti-trojan signatures MUST be
    >determined by a highly skilled analyst using a disassembler. There is simply no
    >way to properly automate this process without the high risk of
    >weak/bad/useless signatures.

    Wrong ... you simply DOESN'T KNOW A WAY. Its quite a diffrent :eek:).

    >Although many anti-trojan scanner programmers are proficient in one or more
    >high-level programming languages (HLLs, such as Delphi), very few are
    >proficient in low-level assembly language. As all programs eventually get

    I started coding in Assembler (cause i was fascinated of viruses) at the age of 11.

    >compiled into machine code, a strong knowledge of assembly language is vital.
    >As our disassembly services page reveals
    >(http://www.diamondcs.com.au/web/htm/disassembly.php), we're very strong
    >in the areas of assembly language, disassembly, decompilation,
    >decompression/extraction/unpacking, and trojan analysis.

    Oh yes ... you can use DeDe or VBDE - cool. All what you need you can find at protools.cjb.net for example - and by the way, its for free *lol*.
     
  11. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Andreas, the page isn't directed at you or your scanner so why get so defensive...? hmm :)
    (Btw didnt you say only the other week that you're too busy to work on an anti-trojan scanner? Maybe if you spent the time you spend attacking us each week on developing a scanner you'd be able to release an update to your scanner...? :)
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Andreas - Still haven't seen you put out anything as good or better.

    Talk is so cheap.

    Some Americanisms for you:

    "Put your money where your mouth is."

    "Put up or shut up".

    "Stand and deliver."

    Later. Pete
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Yes, God knows we wouldn't want Wayne to be able to freely express an opinion without getting hammered for it.

    Wayne - You may as well go ahead and pull the rest of that page, as I'm quite sure you'll ruffle the feathers of many others impacted by your statements that are left there now.

    Don't want to hurt anyone's feelings, you know. :rolleyes:

    Pete
     
  14. DrSeltsam

    DrSeltsam Guest

    >Andreas, the page isn't directed at you or your scanner so why get so
    >defensive...? hmm :)

    No ... not a defense ... a correction.

    >Btw didnt you say only the other week that you're too busy to work
    >on an anti-trojan scanner?

    I said i am too busy, yes. I didn't say that i am too busy to manage this all. I have a normal full time job as a programmer. A full time job (about 8 hours) and a scanner is too much. But if i could life from ants it wouldn't be a problem.

    >Maybe if you spent the time you spend attacking us each week on
    >developing a scanner you'd be able to release an update to your
    >scanner...?

    Maybe if you won't spend your time formulating falsehoods like in your "edge text" tds-4 would be ready for release or you would detect early trojans *fg*.
     
  15. DrSeltsam

    DrSeltsam Guest

    >Andreas - Still haven't seen you put out anything as
    >good or better.

    *lol* ... first think than speak. I think you criticized GAV one time. So ... i still haven't seen you to code anything better than GAV. *fg* And i think you complained about windows one time. Still searching for spy1's ultimative windows *g*.

    When you criticize software you don't have to do anything better. You can say where the weaknesses are and what could be improved. But you don't have to do it better.

    Und jetzt ein paar deutsche Sprichwörter nur für Dich :eek:).

    Could be interpreted in a way conflicting with our TOS. Therefore removed.
    Wer andern eine Grube gräbt fällt selbst hinein. (Sprichwort)
    Wenn man keine Ahnung hat, einfach mal Fresse halten. (Dieter Nuhr)

    http://www.nuhr.de/data/FRESSEHA.MP3
     
  16. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Um-hum - but I don't claim to be a programmer.

    Nor have I programmed something and then left all its' users hanging in the wind.... Pete
     
  17. DrSeltsam

    DrSeltsam Guest

    >Um-hum - but I don't claim to be a programmer.

    So you have special rights? Same rights same dutys. I don't know if its the same in the usa but in europe it is ;o).

    >Nor have I programmed something and then left all its' users hanging in
    >the wind....

    ANTS was freeware. You doesn't payed anything on it and so you are not in a position to claim anything. Am i right?
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    This thread is turning into a flame war - and no one is going to benefit from that.

    First: as a common rule - and this goes for any "one man/woman" enterprise: in essence those enterprises are very vulnerable. In case something happens to the one running the shop, it will reflect badly on the product. There's nothing new to this: it's a common overall economical rule.

    That said: IMHO this does not imply "one man enterprises" are unable in doing a nice job within their capacities - in essence, they can. Fact remains, they - and therefore their product remains vulnerable. It doesn't matter which product or developper we are talking about.

    Second: anyone is entitled to his/here's opinion. Flaming will not be tollerated over on this board. As ever, it will only cause havoc and lead to nowhere.

    regards.

    paul
     
  19. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    I was really surprised by the comments made by Wayne. :eek:

    Wilders Security Forum is a great forum for passing on and discussing ANY information on computer security. Hence there are more than 3 topics.

    I use security software from many different authors including DCS, and like the ability to quickly see what updates are available all from one site.
    Most of the posts about AT updates come not from the software authors themselves, but simply from users who take an interest in letting others know.

    I really can’t see why you have to go all out to knock other ATs. Surely if the product is as good as you say, then it will sell itself on its own merits, and not just by knocking possible weaker points of others. All it does is alienate future prospective buyers from moving to TDS once their single handed operator collapses from the strain. This really seems like a tactic that a far smaller company would employ. Not the major player you are. ;)

    Know one would be looking forward to the next release of TDS if the competition wasn’t there, simply because you’d have no reason to keep pushing the boundaries forward, as you currently have, while healthy competition exists. The better the products become and the more aware people become of the need for ATs the more everyone (users and programmers) can start smiling. :)
     
  20. grey_ghost

    grey_ghost Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    60
    Hi

    We are in the “TDS” forum.

    Is it wrong to promote your product on your web site?

    Is it wrong to inform the public why you feel your product is better than the competition?

    Why would you cancel your membership in Wilders Forums because of a statement in the forum?

    Regards
     
  21. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Just wondering I am also thinking one man could not do the job alone but a full team could do it either if I look at some available products. ;) So everybody has the right to agree or disagree with Wayne's statement and find his own opinion about it. All mods of Wilders forums have their own opinion on this point and this could differ from Wayne's point therefore I could not understand your reaction in leaving Wilders forums at all.

    wizard
     
  22. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I've been stunned by reactions.
    I don't see why a vendor would not be allowed to explain clearly his thoughts and why certain choices are made.
    "in our opinion to do this blabla would make the impression blabla which is not our choice for our product" etc etc.
    I don't see any wrongs in putting it this way.

    What i do remember very clearly, when in GRC for instance one member posted about the daily TDS updates, he was flamed for intolerated and off topic spamming.
    Wayne explained clearly it was not his action and i don't remember clearly how it went on, thought he himself even asked the member to stop this advertising.
    Did not visit GRC long time for the intolerant atmosphere among others.
    So now Wayne is expressing exactly what others posted in his undeserved direction and now you're blaming Wayne for it? Go tell the people at GRC please. Thank you.

    I don't mind if people went into trojan knowledge at age 4 or 14 or 24, as my brother started before age 2 with wires and lights and building very soon some automation in it and at 10 he was number one for the whole Netherlands with a television supported computer course and so went on, yes he made lots of invents and patents for his employer now. OK, i mean: if you have brains just use them , don't waste them, and use them for the good.
    I know he's smart and knows lots about security, i don't know about his knowledge about nasties. If i was good in inventing a new tool or patent worth thing, i would not waste my time on things others are good in and doing it in stead of bickering around and i would buy their product but also counting on it's adequate functioning.
    We all have our talents and specialties, so the one is very good in creating a tool, the other in adding to that one to make it better together.
    What for me counts how their products keep my system in condition, if i can have my daily updates of the databases and the product, if those tools keep up with market circumtances in which i mean the evolved defence and determine techniques.
    For me is the attitude and support very important, and knowing my system in safe hands.
    I'm sure there are maybe former trojan creators who went into decent business afterwards, and there are those who keep steps ahead of the creators, so this part will always be a struggle like light and dark and never grey is allowed here.
    I might have been into trojans and viruses since i first touched a computer, maybe completely unknowingly, but as a "customer" (i deny to be a "victim") in stead of a security specialist and i might be on computers over 20 years, lost the count. And i'm not going to tell at which age i started, maybe i was 2 :D
    Anyway, my choice for TDS was made long ago even though i did shop around some time, but in a few hours trying it i did register and never was disappointed since.
    Yes once, when the way the msagents were connected in the scripts had changed and one of my first primitive scripts suddenly did not work anymore.
    I still have the feeling (true or not) the msagents are in because i like them so much but their possibilities do add to functionallity at user's choice. Anyway, that time Wayne made sure all functioned in the new way very properly and i was very happy, -- so are many users using them.

    I just mean, there is vision, support, attitude, excellent products, we all know and we all are using them in our own ways, so even the discussions could only contribute to refining the products where possible -- so thanks for mentioning the critics, they'll most probably be used for making the products even better.
    A sound discussion building safety for us, users, is highly appreciated. Thanks.
     
  23. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    At the end of the day, Michael is angry at me simply for voicing an opinion against his free advertising techniques, and an opinion that isn't mine alone. Criticism is a constant part of this job Michael, my only advice is get used to it. The opinion wasn't directed at you, your software, or any anti-virus scanners, it was about anti-trojan-specific scanners, and I don't even know what you were doing reading the TDS forum (although you're more than welcome to!).

    Here's the deal folks - when a vendor posts a "database updated" thread every day to a non-related forum (such as a general/non-specific security-related forum), it's just another way of free advertising to attract more customers - the more people that see their update threads, the more people that will go and download their software. Existing customers have no need to see such update posts because they can simply use their scanner software to automatically perform the updates, and if those users want to be extra-informed about updates, they can always opt-in to a newsletter list or go to the vendors forum, but even then they don't necessarily want to go to non-related security forums to get such information.

    In any given forum, it will always be only a minority of users that will be using a particular scanner, and all of those users have automatic-update capability anyway so they don't need to see posts about updates - the posts aren't for existing users, they're to attract new users. Everyone else who uses that forum that doesn't use that software just has to ignore it as they do spam (note - they didn't opt-in for such information), but the poster has given them no choice but to ignore it. Imagine if just 20 different scanner vendors (and there are lots of them) made just one post every day about their database update to just one forum - that forum would be getting 100 'database update' threads every week Mon-Fri. (And if it's fair for one to post, it's surely fair for all).

    There are places to post database updates - the 'Database Updates' section of the forum here is a good example ;), but I'm sorry that Michael can't understand that somebody disagrees with forcing other people to wade through such posts. I don't visit security forums to see database updates - I visit the vendors forum for that and/or specific Database Update forums. I visit security forums to see/discuss security-related discussions.

    I've removed the paragraph from the thread simply to calm Michael down but he's the only person that's over-reacted to it so far - I've even had several privmsgs saying "I would've left that paragraph there", but we have no desire to rock the boat, but the public deserves to know the truth. Everything in that paragraph was simply honest and truthful, and is not our sole opinion - the same feelings have been shown by many users at the GRC newsgroups, for one.

    So why don't we make such posts? Simple - it is simply inconsiderate to people who don't use your scanner and rude to assume they want to, but seeing as it's free advertising for them (the vendor), they obviously don't care about how those users feel or how annoying it is for them to wade through database updates of software they don't use - most forum software won't even allow you to put topic filters in place (unlike newsgroups), so even if the user does feel it's spam, they can't block it. Whether you make such a post to a forum, or you send it to a thousand harvested email addresses, the end result is exactly the same -- only a minority will want to actually read it, the rest just have to put up with it, and that's all it comes down to - free advertising for them, so how can you tell me it isn't tantamount to spam?

    Anyway Michael, I'm sorry you can't handle one persons opinion. (The power of a paragraph, eh?). Unfortunately though, it's not just my opinion, it has been said many times by many people at many different forums/newsgroups over the years, so I don't see why you're taking this so personally or directing your anger at me or this forum. All we've done is said one paragraph commenting about such behaviour - you actually do the behaviour in question, so who here is more in the wrong - me for voicing a one-paragraph opinion shared by many, or you for making constant update posts to non-related security boards in an attempt to woo customers over to your software by means of indirect free advertising? <shrug>

    All we're doing is considering all users, including people who don't use our software. If we didn't think there'd be people who didn't want to see TDS database updates, we'd post everywhere as well, but we're somewhat more considerate than that.

    I've never seen anybody over-react like you have, and I think you should take some time off from work this weekend and just relax and put things into perspective.

    Best regards,
    Wayne

    PS. This is the "TDS" forum, but forgive me for releasing a page which reveals why TDS has so many advantages over the other anti-trojan scanners. (I guess the truth hurts?)
    Maybe I should post in non-related forums ... ;)
     
  24. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Wayne, i missed navigation buttons or links to and from that page. Was that still in the build or intentional?
    No no i did not get to it from an unintended forum and i did not get out via a free obliged trial and buy/registration page. Just from here and back.


    Coming back a few times and explaining another time, even editing your page, anybody doubting you do care for opinions and people feeling bad, even if they might not be your own customers?
     
  25. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Not 100% sure what you mean Jooske, but yes as always we're always open to opinions .. (some people obviously aren't ;)). All it ever takes is a polite discussion and all problems can be quickly solved. I just don't understand the reasons behind "you said something I don't like so i'm quitting this forum" without even any discussion, it's a non-productive and childish road to go down. So much for freedom of opinion eh?

    Anyway this thread has exhausted itself, time to lock it so people can enjoy their weekend. :)

    Best regards,
    Wayne
     
Thread Status:
Not open for further replies.