What has the most ruthless AT protection?

Discussion in 'other anti-trojan software' started by Tom772, Oct 12, 2005.

Thread Status:
Not open for further replies.
  1. Tom772

    Tom772 Guest

    Hi, I was wondering what has the Hardest and most Ruthless protection when it comes to Trojans? I have heard A-Sqaureds IDN protection is very good? Any replys would be very helpful,

    Thanks T
     
  2. Mikkey

    Mikkey Guest

    A2's IDS feature is it's best feature. But it is also very prone to false positives due to it's aggressive nature. I would not call any of the other AT's 'ruthless' or even 'aggressive'. BOClean, Ewido, TrojanHunter detect through signature's. IMO, they don't have anything that is as aggressive as A2's IDS feature. But as i said, it will produce FP's which is something the other three do rarely.

    M.
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Hi Tom772 and Mikkey,

    The issue that Tom772 is talking about has some interesting aspects. When does proactive protection vs. detection occur? For example, a network worm/virus can be detected at a firewall and therefore protect the user from the worm/virus even getting onto the system. So, with regard to ruthless protection, one could imagine an IDS coordinating with a firewall to block suspicious data (trojans) entering the system as "mowing 'em down before they get a foothold" - and this would certainly qualify as more ruthless than letting the nasty things get onto the system (which all signature based scan-oriented ATs appear to allow) only to be detected after that fact, as with BOClean, Ewido, and TrojanHunter. Note: this also requires some knowledge about what and how to recognize it accurately. Also, one would need to consider all attack vectors (communication channels) into the system to provide complete coverage with this scheme.

    Another more interesting (and nefarious) scenario would be a trojan that doesn't look like a trojan - akin to multiple parts that come together based on different triggers after they get onto the system (not unlike a rootkit that has stealthed itself, but these data files may look harmless out in the open - what better place to hide when you look harmless, but are not![think of hiding a key in the open with other keys, lots of keys]) - not unlike terror cells. Now, that would be a case where I would really like an agressive IDS, false positives or not, with some default actions like tag, disable, quarantine it - and ask questions later. That, in my mind, makes "ruthless" necessary!

    -- Tom
     
  4. Yes. I always felt that while piecemeal protection (one app for registry scanning, one app for signature scanning, one app for network scanning etc) has some advantages , it makes it hard to see the whole picture.

    Any single action by itself might not be conclusive proof of malicious activity, but put them altogether....
     
  5. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    BOCLean detects heuristically, as well as signatures.
     
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Hi john2g,

    Well, having heuristics does not mean that all possible attack vectors are covered, just the ones that exhibit known behaviors to date, as with signatures the new kid on the block first needs to be recognized before it can be detected by signature.

    -- Tom
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.