Why Anti-Trojans?

Discussion in 'other anti-trojan software' started by Firefighter, Feb 18, 2003.

Thread Status:
Not open for further replies.
  1. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I am a bit of confused about the real need of Anti-Trojans.

    I have used first Kaspersky Personal Pro 4.0 and then F-Secure 5.40 as my backup Anti-Virus some half a year. During that period they detected some 10 trojans and backdoors. All that time I had Tauscan 1.6 as my Trojans detector, but when I made full scan to my PC after Kaspersky or F-Secure with Tauscan Anti-Trojan, it detected none such kind of infections. So I decided that a very good Anti-Virus is enough for me when it is capable to remove trojans and backdoors too. :rolleyes:

    Can anyone show really independent tests were for example KAV, F-Secure, RAV or DrWeb are within with other most respected Anti-trojans in the market? :)

    PS. For me if someone detects 95% and the other 90 % isn't enough to convince me that I really need that kind of stuff, because it may still be within natural variation in that case! ;)

    "The truth is out there, but it hurts"

    Best Regards,
    Firefighter!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Firefighter,

    If my AV detected 90% of all trojans, I would still use an AT.
    Why?
    Because specialists have a tendency to concentrate on one subject and because I like a layered defense.
    Or, as Paul says it: Don´t put all your eggs in one basket.

    Regards,

    Pieter
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Ya Firefighter

    At first of all I feel need to remind all trojan horses are not intruders but installed as default by M$; one of those is Telnet.exe in system folder. Patch for disabling it available at M$ sites. Not a one antiprogram recognizes it as a trojan untill you use any antitrojan program heuristic option for scanning. (not sure they find it at all ). Trojans open ports, they connect to the net; only scanning all your computers 65 535 ports you make sure there are no trojan horses running, there are no open ports/backdoors. Use a portscanner like ANTS 2.0.
    Second thing I have to remind is that trojan horses are not viruses at all; they are server applications connecting to the net for several different purposes, all evil.
    I do not tell all of this because you might not already know all this, but because of "newbies".

    Take care :) ^Ari^
     
  4. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    KAV (and F-Secure which uses the KAV engine) is properly the best anti virus program for trojan detection. But for nearly all other av programs this is (still) not the case. So a 'normal' antitrojan program besides KAV does mostly not make any sense (but it also does not do any harm ;)).

    I personally think that the only antitrojan program you can benefit from running together with KAV is TDS-3 due to a lot of tools that help to find also 'unknown' systems which might not be detected by KAV.

    wizard
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    As I have said earlier I appreciate your opinions but the facts are those what I am most interested in! :D

    So can anyone show different independent tests, where for example the av:s I mentioned above are with the best possible anti-trojans so I can make my own decision about the real need of anti-trojans? My PC has so small hard disk that there is an other use of different programs than pure waste! :rolleyes:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  6. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    believe the proof of it is in are you well protected . I chose to follow the wizards advice sometime back and in addition to my KAV have added TDS3 as an additional layer of protection. My system is a lite one and so for me I do not want to follow the trend of loading it up with two or three diffirent anti virus programmes and trojon programmes .when that which I have, does all that the advocates of many programmes achieves. For me the facts speak for themselves, and that is in the results that I have in safe cyber journeying. Simplicity is a wonderful thing .
     
  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Firefighter.

    I think I see what you are asking about.

    A test with AV programs and AT programs regarding trojan detection?

    I personally don't know of any such test.
    But if there is one,I also would be interested in looking at it.
    I'd be curious to see how KAV performed in a trojan test compared with AT programs.


    I have layered protection(TDS-3,Trojan Hunter,NOD32).

    But I am curious.
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi everyone..

    Well I can say from experience that there are plenty of trojans on my drives that are not detected by antiviruses - sometimes for a long time perhaps forever, and are detected by TDS. I see many collectors hunting down these trojans for that exact reason. They are rare and not detected by antivirus scanners.

    Luckily, many are detected by TDS generic detection, or by memory scanning. Having something like Port Explorer never hurts either, it is part of my analysis routine and rarely is there no prior indication of a trojan before I start adding detection.
     
  9. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    Are the tests done here http://www.hackfix.org/miscfix/icons-av-all.shtml reliable on this subject?
     
  10. gabor

    gabor Guest

    http://www.anti-trojan-software-reviews.com/past-trojan-reviews.htm

    and an old test from 2001:

    http://www.claymania.com/tests-trojan.html
     
  11. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    Hi, I have read only one big combined AV and AT test on the Technodrome24 sites made about 5/2002. It has been removed now, but the best 2 AV:s (Kaspersky engine) detected over 99 % of those 4 386 Trojans and Backdoors when the best AT, TDS 3.2.0, detected only 47,42 % of those things. :eek:

    If that is b... s...? So there have been some 9 months time to proof something else, but nothing has happened! ;)

    I think, that here is something suspicious!


    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  12. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    Well whether the results at Hackfix are reliable or not no one has answered but according to their tests:

    None of the AT programs - Cleaner, Tauscan, PestPatrol, or PC Doorguard found 100% of the trojans but Antidote, Kaspersky, McAfee, Norman and PC Cillin did catch 100%.
     
  13. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    I have to add that I have seen those old tests, but I want to see those tests made after last spring. :D

    Why I want that kind of facts? I have read so many times lately, that several AV-producers have done serious improvements to trojans detecting, that's why! :eek: :cool:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  14. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    Ummm Firefighter did you go to the page I posted? Those tests were done this month and the anti-trojans tests were done in the last 3 months here: http://www.hackfix.org/miscfix/icons-at.shtml

    How much more recent do you want than the last couple of weeks on some of these tests or are you saying you don't believe these tests or whato_O

    When does last spring come on your calendar because on mine last month came after last spring? :)
     
  15. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Msingle from Firefighter!

    Sorry, I couldn't at first see those AT results. It seems to me that there is not much extra value with an anti-trojan compared with a good antivirus. o_O

    So why to use such things, if the results are so contradictonary? :D ;)

    "The thuth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Firefighter,
    Try this link: http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm
    This is a completely independant review.
    Unfortunately most reviewers ar not always what they appear to be and vested interests are put above objectivity
    Comparing AT to AV is a bit like comparing apples to pears.
    Try the trial version of TDS3 and you will soon start to appreciate the differences :D


    Added URL tags
     
  17. jamming

    jamming Guest

    Anti-Trojans are looking for a different thing than a anti-virus, you can write detections for any detection program, but that doesn't mean it is doing the job for which it was designed. It is like being a Firefighter and trying to use a 2" hose to do a job that a foam machine was designed to do. You might be able to knock out the fire, but it is better to have the right tool for the right job.

    As to what tool is the right tool for AT's for you, well that depends upon what level of protection you are comfortable with, a brush fire requires different protection levels than a Hazmat Fire. Depends upon what kind of things you use your computer for. Try two or three and find the one that is a comfortable fit for yourself. I have my preference which is TrojanHunter, each release gets better and better, while the complexity of it is what you make of it. The Customer Support is outstanding.
     
  18. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Pilli from Firefighter!

    Unfortunately that test you served was over one year old, during the last year it has happened so much with several av:s trojan detecting capability and removing. :eek:

    So far my first choice against trojans is an av, that uses Kaspersky engine, unless someone is capable to justify really better choices. :D :cool:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  19. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    Firefighter,

    You talk a lot about statistics and proof in your posts. What proof or statistics do you have that Kaspersky is all you need?

    If you say it's because Kaspersky caught something that something else didn't on my computer that's highly subjectible to a lot of different things and isn't really provable at all.

    If one person's experience was proof then the free AVG would be all anyone needed because most AVG owners will tell you that it caught things that McAfee/Norton/Kaspersky/Nod didn't catch.

    So where's the proof with test results/stats to back it up that Kaspersky is all you need? :)
     
  20. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    KAV is a combined AV + AT and one of the better as tests show, but not always THE best.
    As written in so many postings and answers here and everywhere all depends on various factors.
    So also for the same reasons was advised various times not to rely on one single product in each class for viruses, worms, trojans, but at least the best in it's class (each separate preferly) and backed up (second opinion idea) by some other and doing online scans regularly as well.
    Lots of fine programs are mentioned and described in the forums here, by people who know what they're talking about.
     
  21. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Msingle from Firefighter!

    I have said earlier in the Wilder's Forum that I can't use Kaspersky 4.0 as my resident, because I have a cellular phone modem connection to the web and KAV stops the connection all the time! That's why I have to use it as one of my backups. :D

    My resident av is Avast 4 Pro and so far I am very pleased with it! ;)

    About Kaspersky as an antitrojan, it's only one choice among others, but I haven't seen an other av in independent tests that is better against trojans as KAV. That's the only reason, why! :eek: :cool:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  22. ChrisP

    ChrisP Guest

    Antirtojans are a waste of money and a fad.

    Tauscan in particular is a terrible product - truly awful.

    Check this link to see how bad it and the manufacturer are.

    http://www.agnitum.com/forum/showthread.php?s=79c1baac9a70f8c0455f402e2a6b4ae1&postid=45372#post45372

    Rather than update their database of trojans - they just lie, saying they have - shameful!

    Stick with a good antivirus from a propper company. F-Secure is fantastic.
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    I fail to see why you think so, given the information you provided.

    You mean it didn't work on your system. Others may be very happy with it.
    Although I think there are better ones for my system as well.

    That is a pretty serious accusation. I hope you realize that.
    I feel you should have pursued that in the thread you referred to, if you really think that that's true.

    I'm glad you found at least one product you trust.

    Regards,

    Pieter
     
  24. jamming

    jamming Guest

    I particularily don't think of AT's as a Fad, I mean I been involved with using one or another of them for over two (approaching three) years. But AV's are considered not necessary by some and Firewalls are thought to be useless to others. KAV is a fine product, but it scans only for some of the things that a dedicated AT scans for, thereby it is not covering the majority of new released or modified trojans which are out there. Whereas a good AT will at least alert you to make furthur inquiries if something is not right, if not detect the new trojan outright based on behaviors of the process.
     
  25. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Jamming from Firefighter!

    You wrote:"KAV... is not covering the MAJORITY of new released or modified trojans..."

    Can you show some tests, where that kind of "truth" is available?

    I have read plenty of tests, in PcFlank's, Claymania etc, where Kaspersky was at least the second all the time with at:s and av:s. For me that's enough. :D :eek: :cool:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
Thread Status:
Not open for further replies.