Tiny Trojan Trap

Discussion in 'other anti-trojan software' started by Soul_Flame, Apr 29, 2002.

Thread Status:
Not open for further replies.
  1. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    I started using this a few days ago and I'm VERY impressed.  This app is my introduction to sandbox programs and I really like what I see.  Provided your PC is clean when you install it, it's difficult for me to see how a rogue app trying something akin to backstealth, firehole, tooleaky, etc..., could be successful.  

    The learning curve on this thing is pretty steep, and there definitely exists the potential to misconfigure it in such a way that you could seriously destabilize your system, but this is one sweet app.

    I'd be very interested to hear if anyone else has tried it out and what their thoughts are.  So far I see no compatibility conflicts with my other security software.
     
  2. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    I've no problem whatsoever with this thread being moved to the 'other anti trojan software' topic, but I'd like to point out to people who may read my post above that this app isn't simply an anti trojan program.  It's a robust application management tool that supplements (or replaces, depending on how you look at it) the application management functionality of a firewall.  As such, I think it has great importance to what an individual chooses for a firewall solution.

    For example, the main reason I use a software firewall is for OUTBOUND protection.  I'm behind a Linksys switch/router with NAT.  Not much gets past that puppy.  So, I want a software firewall to most importantly protect me from outbound threats, and secondly to block any incoming garbage my hardware firewall missed.  On that basis, my choice of firewalls was predicated on which app was the strongest at dealing with outbound threats, and my conclusion there was Look n Stop was the right choice for me.  Now, I'm not sure the outbound protection for a firewall is all that important given the impressive capabilities of TTT.  I'm not saying I don't still believe in layered protection, but what was a critical decision point last week isn't as important this week.  I'm now more willing to entertain the purist notion that a firewall should be an internet filter and not an app manager.

    I don't know if that makes any sense or not, but in any event, consider TTT not just for anti trojan protection, but to supplement and strengthen your firewall as well.
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Hi Soul_Flame

    I moved this post just because TTT is not firewall and our intention is to keep this forum clean. I understand what you saying!!! To me, TTT is extra layer of protection against Worms, Trojans, Java applets and other malicious codes which points that TTT could also be used as an extra protection for Antivirus program.

    Since TTT is not pure firewall but little of everything I moved it to Other Anti-Trojan Software.

    Hope you don’t mind

    Technodrome
     
  4. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    Technodrome.......I don't mind at all.  :)

    This software really is so robust that it could theoretically be discussed in several of the forums here.  Which would it land in is of little consequence to me, and this is as good a home as any.  I just didn't want people to skim this and think "I'm happy with my anti trojan software so this doesn't apply to me."

    One thing I really like about this app is it feels like it's taking me out of reactive mode.  A new leak test comes along, everyone scurries to see if their firewall solution handles it, if it does, terrific.  If it doesn't, the inevitable round of "when will software xyz be updated to handle this threat" surfaces, vendors do indeed respond, and then a new threat surfaces, rinse and repeat.  

    This solution bypasses that whole dance and addresses the core problem at a much more fundamental level.
     
  5. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    The only thing I wish TTT had is a learning mode.  It blocks (and silently) too much, out of the box.  Otherwise, it's got a great spec and I'd love to use it - if only it didn't demand so much time to set up.
     
  6. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    Hi Checkout.

    the app has corporate / enterprise roots, so the preconfigured app groups are very much geared to MS.

    No prob for me......  suggest that if you put your browser in the Internet Explorer Group, and your email client in Outlook Express, you'll be 90% of the way there.

    IMHO there are three cardinal rules:
    1 Make doublesure there are no apps on board you don't trust before you install - TTT will assume they should be 'unrestricted' if it finds them resident when it is installed over the top.
    2 Restrict ALL! your apps which talk to the internet.  
    3 Put you data directories in the 'confidential directory' category on install.

    The only change to my previous habits which has been necessary is that if I want to download stg, or send an attachment outbound, I have to 'loop it' thru the downloads directory.  I find this a small price to pay for the additional protection afforded my data.

    The only bug I've found so far is that it seems to mistrust a second user if its installed in a multi-user environment - behaves perfectly for the user who installed it, but if A.N.O logs on, browsing becomes impossible 'coz of all the warnings it throws up - but its then fine when the original user logs back on.........  Fine for 1 user per box, but no good for hot desking etc etc....

    But don't get me wrong - its a great app.  I hope I can beat the  multi-user thing, 'coz I want three copies, not just one for my own box.......
     
  7. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Bubs, you're making me reconsider!  Oh, okay - I know I want to!
     
  8. FanJ

    FanJ Guest

  9. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    Re no learning mode, no, it doesn't have one in the standard sense.  However, it does have it's own version of a learning mode in which you put a specific app in learning mode to ascertain what it needs to function so you can more knowledgeably tailor its settings.  I haven't used that yet, as the info bubs laid out really does take you most of the way there.

    For the added security it provides, this is definitely worth the effort.

    Re conflicts with Norton, if true, one more reason to get off the bloatware train.  ;-)
     
  10. Grummy

    Grummy Registered Member

    Joined:
    May 8, 2002
    Posts:
    46
    Location:
    Ohio, USA
    I'm thinking on giving TTT a try out. One area I'm curious about is that I've been told that sandbox type programs use a lot of system resource because they run in the background. I only have 192 of ram. I'm wondering if it could slow my box down too much. Any comments as to the resource usage and/or if any slow down occures is appreciated.
     
  11. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
    These are from Task Manager in XP.  It doesn't seem to use too many resources.


    Agentw.exe 00CPU and 6924Kb memory usage.  - just monitoring.  (No change with or without Activity window displayed)

    Tuconf.exe 00CPU and 6736Kb memory usage.  -  Administative Window  displayed for configuration purpose only.
     
  12. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Anyone here know how to stop the TCP/IP guard from being permanently greyed-out?
     
  13. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    checkout...i've wondered the same thing.  I'm guessing that it's greyed out unless you have the entire TPF 3.0 app installed.  I asked this question over at dslreports, here's a link to the thread.  So far only one response, but the guy runs tpf 3.0 and it's not greyed out for him.

    http://www.dslreports.com/forum/remark,3279793;root=kerio;mode=flat
     
  14. Thanks for the response.  I would agree with your diagnosis.  It's shame TTT's documentation is so sketchy - good docs would have lifted the program's learning curve tremendously.
     
  15. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    I agree completely.  The app is great, the documentation is quite lacking, and I"ve heard Tiny isn't particularly eager to support it due to the low price point.
     
  16. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,402
    Location:
    North Carolina, USA
    Hello all,

    I can indeed testify to the lack of support question.  I have e-mailed them 3 times in 3 weeks trying to solve an installation problem and they do not even acknowledge receiving my e-mails.  (See http://www.security-pro.co.uk/yabb/YaBB.pl?board=antitrojans;action=display;num=1015496810 )  It like I am e-mailing no one.

    From my experience support is nonexistent.  And that is correct, they do not promise any kind of support for TTT.

    Regards,
    Kent
     
  17. Soul_Flame

    Soul_Flame Registered Member

    Joined:
    Apr 7, 2002
    Posts:
    41
    one note:  over at dslreports there's a tiny/kerio forum that is mostly for firewall related stuff, but we're hoping to have a faq shortly for TTT.  If folks have questions about this app, I'd love to see more posts over there.  I suspect over time it will become very active as more and more users discover what this kind of app can provide.
     
  18. Developer

    Developer Guest

    Re: Tiny Trojan Trap - Support DOES exist

    They do answer support emails!

    TTT support is provided by Securitae (they developed TTT) and not directly by Tiny Software.


    I emailed them with an issue and got a response within 48 hours from a Securitae representative who was very helpful.

    Try the direct TTT support email: support_trap@tinysoftware.com
     
  19. Grummy

    Grummy Registered Member

    Joined:
    May 8, 2002
    Posts:
    46
    Location:
    Ohio, USA
    Just a question which comes to mind. What happens if you get TTT all set up and then you later install a new piece of software. How dose TTT react to the new instalation ? Will it ask questions as to what rules you want applied?
     
  20. Developer

    Developer Guest

    TTT will alert you the moment you start the installer of a new app (as the installer itself is usually a new app)

    For every new app, TTT asks you to select to what group you want to add this new app (High Restricted, Medium, etc.)
    After you make your selection the app will execute while TTT monitors it and allows actions according to the group.
     
  21. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    Re new apps - if it talks to the internet, restrict it.  Use the preconfigured MS app settings as  a guide  If doesn't, don't - put the app in 'unrestricted' - unless
    1.  You REALLY understand how windoze hangs together  or
    2.  You earnestly desire to drive yourself totally insane or
    3. You want to get to the place where rule 1 above applies, and are tough and bright enough to get there without going to rule 2 by mistake.

    (and yes, i am a TTT fan!)
     
Thread Status:
Not open for further replies.