Recommendations for Anti-trojan softwares

The following link is F-Secure Blacklight's website.
http://www.f-secure.com/en_EMEA/products/technologies/blacklight/
I am not sure about its current status, but I guess maybe it has combined into F-Secure Anti-virus, so no more updates for stand-alone F-Secure Blacklight.

 

I would like to know which software I am using has the best HIPS? In my opinion, Outpost has the best HIPS.

DEP protection has been enabled by default. And I would like to know which option in the DEP settings is better? The first option "Turn on DEP for essential Windows programs and services only." or the second option "Turn on DEP for all programs and services except those I select:". In order to avoid conflicts, I selected the first one(also the default one).

I've been using Sandboxie already, but thanks for your suggestion anyway.

 

No idea have not used them.. use the one you like.. Outpost seems to have a nice HIPS.. Myself are relaying on CIS. Very powerful and a fav if you like playing with settings. Probably the most powerful hips out there.. D+.. Still some disagree due to it leaves all options up to the user..

"Turn on DEP for all programs and services except those I select:" Is more comprehensive and "secure" theoretically.. But you need to add some programs manually there or else they will fail to run. If you by some reason has major problems with it then using the settings you have now will serve fine.

 

Thanks for your suggestions.

 

Think the same thing, pootel - AWESOME avatar! Had to begin use this in another forum - hope it's okay with you.

 

No Problem. Feel free to use it.
Just out of my curiosity, which forum did you mean exactly? Security forum also? Hope this question won't bother you.

 

To take it short: yes, it's a security forum. It's the first forum I've ever joined.

 

You do not need anything but if you consider to have good anti-trojan program in future for whatever reason then Trojan Remover from simplysup.com is very good choice.

 

I would add my few cents into the pool.

AV will detect all sorts of malware regardless of its name. You don't need 1 anti-virus, 1 anti-trojan, 1 anti-keylogger, 1 anti-spyware, 1 anti-rookit.

Last few years I tested quite a few anti-trojans and the result is utterly abysmal. Despite its name they miss far too many modern trojans. It appears they are merely a waste of system resources to let them run in the background. Anti-trojan market is dead and only consists of a very small market. So it isn't surprised they don't have adequate resources and money to software upkeep and signature updates.

I only install 1 AV (Avira) which has the best detection rates throughout the year according to AV-Comparatives and AV-Test. The best thing is it's free. Free is hard to beat.

There is a simple way to stop rookit fast and cold without anti-rootkit or updating your signatures. Don't open the door wide all the time. Most users are using admin account so it means any software is free to change whatever they want on a system including the kernel. No rootkit can work if you completely lock up the cores of the operating system from modification. HIPS and limited user account can do the job for you.

 

I think that has it in a nutshell. Separate AT software is unneeded as there are excellent AV & FW programs out there that do the job already.
But the point about not always using a PC in 'Admin' mode is the one thing that let's 95% of 'average' PC users end up malware infected.

By the way, I love the avatar of 'pootel' as well - if only for the wonderfully naive wishful-thinking that it represents.

 

You could try Trojan Hunter (http://www.misec.net/trojanhunter/). It use to be a good anti-trojan nowaday I'm not so sure about the pertinence of having that kind of software (anti-trojan)...

 

Check the link, and you'll see why it isn't working (cause it's not ).

I don't remember the last time I considered AT software, but I remember I was interested in only-realtime BOClean back then - before it went to COMODO ofc.

 

Try this : http://www.misec.net/trojanhunter/

 

Haha, "cheater".

 

No way I would let you go with that! LOL

 

If you still think you need a antirootkit, almost very antivirus company makes one now but there are a few that are made by one man shows that are very good and most are still being updated.

Here is a small list and not in any order. RootRepeal has just been updated to cover
a variant of the TDSS rootkit that has somehow been preventing a lot of anti-rootkits from doing their low-level disk scans

IceSword
Gmer
Cmark
KX-Ray
RootRepeal
Kernel Detective
Unhackme
Radix

 

Thanks for all recommendations above.
And sorry for my late reply, it was because my email subscription to this thread has been automatically disabled. Strange.
Luckily I came back to this thread "manually" and found those new replies.

Thanks.
But WOT has warned me that Gmer's site contains malicious files.
And KX-Ray sounds good, but I can't find its download link.
By the way, I've tried Radix before, its nice.
So I am going to try RootRepeal now and see how it works!

 

Anti-Trojans have been incorporated into most anti-virus/anti-spyware programs so they are obsolete today. Your current AV/AS will detect and remove any malware recognized as a Trojan.

 

It's funny then that we see stuff every day that flies past all AV scanners...

 

Really - MSE identified and quarantined some Trojans I accidentally downloaded from the Internet. So a specialized anti-Trojan is no longer necessary. Back in the days when AV caught only viruses, a separate AT made a lot of sense. Today AT/AS technology is integrated into AV/AS suites for throughly comprehensive anti-malware protection.

 

Seems that you've swallowed the AV marketing speak hook, line and sinker. I see stuff in the lab every day that AV scanners miss completely so saying that specialized AT/AS programs are no longer necessary is almost comical. Just goes to show that with effective advertising you can make people believe almost anything.

 

uuuhm, however like this you go nowhere...

The issue is not piling up signature based scanners one over the other to detect threads other tools fails to detect (and this applies to any product including dedicated trojan scanners), you will end up like with "chinese boxes" or Russian Matryoshka and the effort will, most likely, not proportional to the benefit.

The way forward is instead to complement signature based tools with other security measures such as HIPS, behaviour blockers and/or sandboxing.

Dedicated signature based AT/AS programs within the above scenario are less and less attractive, needed or desirable....

Cheers,
Fax

 

Actually, from what I've seen here at Wilders, people are pretty savvy about what you refer to as "effective" advertising... and by "effective", I am making the assumption that what you really mean is "misleading". Most folks here at Wilders demonstrate a pretty good ability to decide whether or not a product is worthy, or redundant, or useless or necessary. I think you are a bit off if you attribute a Wilders member's opinion to having swallowed a marketing scheme.

Well said.

 

Yes AV keeps missing new and unknown malware. But since it's called AT program it doesn't mean it's really specialized in trojan detection. It's actually much worse than AV. There is a review one or two years ago which many ATs only detect about 1X% ITW samples while the mainstream AV can detect 90-99% ITW samples. AT market is very small and they don't get enough money to improve their products and keep them up-to-date. AT is a dying business.

Also it shares the same problem that AV has - blacklist approach means new and unknown could get passed it. You are hardly adding any security benefits by adding yet another blacklist-approach program.

How many programs are coming out in the world? How many of them do you really install on your computer? Blacklist approach is a bad point to start with. What we really need is a whitelist approach. All files should be denied to be executed by default except specially approved by you.

Sandboxing/Virtualization/Security policy software is what you really need.

 

You may wish to try AVZ from www.z-oleg.com. It is PARANOID AND AGGRESSIVE!

Dave