Tauscan

Discussion in 'other anti-trojan software' started by Pieter_Arntz, Sep 9, 2002.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    No problem, merely curious. When trying out Tauscan to see if it would find a zipped trojan, my Norton AV jumped in alarming me about finding this trojan in C:\Document and Settings\My username\Local settings\Temp before Tauscan had a chance to finish scanning.
    Anyone who can confirm my hunch that Tauscan unzippes the file to this location in order to scan it?

    Regards,

    Pieter
     
  2. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    It would certainly seem that way Pieter, I gave Tauscan a trial once, was not impressed and promptly removed it.
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    I'm momentarily in between Trojan scanners. Trying out this and that, you probably know what I mean ;). Tauscan did find the trojan after I disabled NAV Autoprotect so, no complaints there.
    I was just wondering.

    Regards,

    Pieter
     
  4. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    I guess Nav got there first and locked the file,better that than being missed totally. :)
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    That's for sure, Tinribs. I'm kinda new at keeping a "Zoo" on my PC so I'm very cautious.
    Thnx for your time.

    Pieter
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    Pieter, I was under the impression you were running Trojan Hunter.

    A better choice, IMHO.
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    No need to doubt your memory, Tony :D
    I was, but thirty days fly when you're having fun.
    I'm still trying to decide what it's gonna be. From what I've tried so far Trojan Hunter made the best impression.

    Regards,

    Pieter
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Have a look atthe first 3 post in this thread concerning Tauscan. Might be of help when making a decision ;).

    regards.

    paul
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Paul,

    That is an interesting read. Thnx. One extra question about that, if I may? If one would want to test if a scanner would pick up a polymorphic virus, would the virus have to be "in the wild"?
    I mean, since it most likely would be picked up in the origfinal form?

    Regards,

    Pieter
     
  10. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Pieter,

    Since we're talking anti-trojans here, I presume you mean ITW (polymorpic) trojans/backdoors. These do not come necessarely in their "standard" form: it's quite common, the are packed, using a packager like (variants of) UPX, APack, PELite etc. - just to make detection more difficult.

    Zoo trojans/backdoors ("collectors items", hardly ITW, but available at some dark places on ocassion) might be problem for many anti-trojans. It depends on the engine and strength from the anti-trojan wether or not they can handle these - in essence they can't IMHO. For that reason databases need updating: newly build/discovered nasties do have to be "patterned" in order to detect them.

    HTH, regards.

    paul
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Yes, that is what I meant Paul.
    To be honest, the only trojans that ever made it to my computer were picked up by NAV or came from these "dark places" ;) The ones I download voluntarily, I always make sure they are compressed (zip or rar) and stay that way for testing purposes only.

    Again I'm happy to have learned even more then I asked for.

    Regards,

    Pieter
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    My pleasure, Pieter ;)

    regards,

    paul
     
  13. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    For what it's worth,I have tried both Tauscan and Trojan Hunter.I chose Trojan Hunter.The biggest reasons I did were;TH scans a lot faster,TH had slightly better reviews/rankings,And TH warns me of "executable files with double extensions".I know what these files are,but it is reassuring for me to know that TH detects that.Don't get me wrong,I'm not saying Tauscan isn't a good product.I just prefer Trojan Hunter.I also am monitoring 3 other AT programs that have been mentioned here.I'll see when the dust settles if I am more "capable"(TDS-3) and how these other programs work after beta testing is done.
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    the Tester,

    Actually, it is an anti-trojan one cannot rely on as a first line in defense. Most probably the upcoming version 2.0 is a quite different story - but for the moment, I wouldn't recommend Tauscan to anyone.

    As for other choices: a matter of opinion. As it seems, you prefer running an "out of the box" software - nothing wrong with that. That said: running TDS using the basic configuration as posted by Jan over on he TDS forum seems just as easy to me ;).

    Anyway, bottom line: go with the app you're comfortable with - and has at least a solid reputation.

    regards.

    paul
     
  15. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Thanks Paul.One of the first places I go to check out reviews is this site.Wilders is my most trusted site for reviews.Being new to the computer security "scene," wilders.org has helped me in a lot of decisions.Looks like I made the right decision when I switched to Trojan Hunter.I also am impressed with the way Magnus deals with support issues.I try to avoid saying anything bad about a program for one reason.My lack of experience and technical expertise.I leave that to you guys here that have the knowledge.(I'm still learning)Keep up the great work guys/gals.
     
  16. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    I agree that TH is an excellent product, certainly my favorite. TDS is perhaps the most sophisticated advanced antitrojan product on the market, with one of the highest detection rates -- but I chose TH for its simplicity, ease of use, and ability to create custom detection rules.

    Also, the resident portion TH Guard uses only about 1% or 2% system resources -- whereas TDS, when execution scanning is activated, uses about 12% system resources. Although for NT-family operating systems WinNT/2K/XP, this isn't an issue, yet for Win9x and WinME systems this is an important consideration, since those systems are much more limited in their resource handling.

    And I'm not knocking TDS here, hehe I don't wish to get myself in trouble so near a "TDS haven"... I'm only saying that, especially on older systems running Win9x and WinME, TH may be a better choice because it's so light on resources: TH is not much of a performance drain on systems with limited resources.

    I did try out Tauscan as my first AT product, but I wasn't impressed when it missed a common Sub7 trojan in a thread at dslreports security forum. Afterwards, I heard other reports of Tauscan missing trojans it should have detected, so I ditched it for TrojanHunter.

    That said, it remains true that Tauscan still receives good marks at some places. Just witness these studies:

    PC Flank Test #1, http://www.pcflank.com/art17d.htm
    PC Flank Test #2, http://www.pcflank.com/art26d.htm

    Tauscan rated first out of ten products tested in test #1, and second out of fourteen products tested in test #2. Also notable is KAV's performance. For those looking for a product that provides both AV and AT protection in a single package, Kaspersky (KAV) is well worth looking into.
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Wouldn't a computer user's life be easy if all these tests produced similar results? LOL
    Funny you should mention SubSeven, exactly the one that triggered NAV and this thread. I agree on your observations regarding TH and TDS although the ease of use was in my case the reason to prefer TH since I have no shortage on system resources the percentages were much lower. (P4, 1.4 Ghz, 384 MB RIMM,Windows XP Pro)
    Thnx to all helping me make up my mind (Always a bit slow when making decisions ;))

    Regards,

    Pieter
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Randy,

    The pcflank tests have been heavily critized - and rightly so. Have a look at the pcflank forum.

    regards.

    paul
     
  19. EnufSaid

    EnufSaid Guest

    Paul,

    He knows all about it he is a Moderator for them.


    Randy,

    All the boards i have been online i see you posting the same links to pcflank tests over & over & over & over again. Its doing no one any good. Give it a rest already.
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    EnufSaid,

    One doesn't necessarely imply the other ;) - Yes, I know Randy is moderating over there lately.


    No offense, but over on this board it's up to our team wether or not posting such a links are acceptable nor not. As you might have noticed: we find them acceptable.

    regards.

    paul
     
  21. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I really question that results of PC Flank. They are hard to believe to be true.
    Tauscan never outperformed at any of the tests at Rokop-Security and also Tauscan is not supported with new malware that Rokop-Security collects. Also they still do not catch some real old but still commonly used backdoor trojans.

    Also everybody I know has given up to support Agnitum with new malware because they are now for over one year not able to set up a proper email contact.

    wizard
     
  22. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Yes, and I was one of the harshest critics:

    Disappointment in PC Flank Study
    http://www.pcflank.com/forums/showthread.php?s=1b762ba4263973e98260bd2fa8cb41f3&threadid=162

    I stated in my post that I had personally tested Tauscan, and rejected it because it missed some common trojans. I was trying to balance that negative comment with a positive one, and Tauscan's performance on these tests came to mind.

    There is also Eric Howes' excellent study:

    Informal Trojan Detection Test # 1
    http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm

    Tauscan seemed to be about in the middle of the pack in Eric's study.
     
  23. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    No sarcasm needed over here, John. Please refrain from playing hard ball over here. Thanks.

    regards.

    paul
     
  24. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Glad we're on the same track again ;).

    regards.

    paul
     
Thread Status:
Not open for further replies.