Discussion in 'other anti-trojan software' started by peakaboo, May 25, 2003.

Thread Status:
Not open for further replies.
  1. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    a² sounds very promising... :)

    Andreas Haak's preview discussion of a² features - follow link above

    _____________________________________________

    the words of the Author Andreas Haak (AH) follow:

    excerpts obtained from post by Andreas at the link above:


    a² is a completly new generation of malware protection.
    + second line of defense beside your favorite firewall and anti virus tool
    + stand alone anti trojan protection.


    * firewalling mode. That means a² acts like a normal firewall and watches your system using the rules you defined.

    ** "advanced IDS mode". That means a² does not use your ruleset any more. It now uses its "knowledge" about malware behaviour and tries to intercept malware automatically. Its for people that don't want to configure any firewall rulesets.

    it can detect normal destructive trojans or the payload of many worms/viruses

    *** The standard IDS is able to block many malware...
    "firewall bypassing trojans". Well, the standard IDS of a² is able to detect them, too.

    **** Also leaktests are blocked etc. . So you can easyly secure you favorite firewall. In most cases modern malware tries to kill malware protection software. Of course a² is able to detect this behaviour and secures your primary line of defense...

    ***** keyloggers like Magic Lattern. Most virus and trojan scanners do not detect them. A² is able to block them in general. Some new backdoors like the new Optix Pro tries to hide himself using API hooks. This works similar to keyloggers. So they are also detected:

    _____________________________________________

    something I (peakaboo) wrote earlier this year:

    Short of that just wait for a²...

    http://www.a-2.org/forum/viewforum.php?f=1&sid=b5674360dbdef8482814adcec026ab42


    BTW, good to see Andreas tweak so that all Windows OS can enjoy...

    just an append here (from peakaboo)...

    Don't know how many machines are still out there using Win 95 & soon to be pulled from M$ support win 98.

    One way to stop M$ from rolling over consumers (lining their pockets at consumers expense) and forcing upgrades when existing OS works fine is for great programs & programmers to allow their software to work with all versions of Windows to the extent possible.

    some Examples of great programs which I am familiar with that are compatible with win95:

    Proxomitron
    AdShield
    Cookie Wall
    Look n Stop
    Spybot Search & Destroy
    Script Defender
    RegCleaner & JV16 power tools

    to name but a few...

    It's looking like Andreas will try and add a² support to this outstanding list. Hope so anyway...
    ;)
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You missed Port Explorer :D
     
  3. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    >alpha version example follow link above

    The last time I visited Andreas I saw an installer for a² on Andreas' screen. In normal cases Andreas do the installer only if the other stuff is ready. So I guess he prepares the first release.

    >a² is a completly new generation of malware protection.
    >+ second line of defense beside your favorite firewall and anti virus tool

    That is exact what a² is designed to be.

    >+ stand alone anti trojan protection.

    This is just a side effect *g*. In my opinion it would be a very good first line of defense, too.

    >* firewalling mode. That means a² acts like a normal firewall and watches your system
    >using the rules you defined.

    You should say that a² is not a real firewall. The firewall mode means not only deny and permit network traffic. It means you can deny and permit virtually any action on your system concerning processes, files and registry entrys.

    >**** Also leaktests are blocked etc. . So you can easyly secure you favorite firewall. In
    >most cases modern malware tries to kill malware protection software. Of course a² is able
    >to detect this behaviour and secures your primary line of defense...

    Just a little sidenote cause it was asked inside the a² board, too. You can easyly add software of your choice to the "malware protection" group. That means you can easyly add a not so well known virus scanner to the list with only one click.
     
  4. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    and Gladiator Antivirus is compatible, I run it on my wife's Win95C system. :D :D
     
  5. digitaltune

    digitaltune Registered Member

    Joined:
    May 26, 2003
    Posts:
    3
    Is there a download available? I go to the website, but on all pages except the forum I get a php error o_O
     
  6. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I just went to the forum discussion this am and a post from AH dated Mon May 26, 2003 9:00 am indicates an impending release of a download. Check here over the next week or so. Click on download. In the words of the author:

    "So be patient ... "

    ___________________________

    also I wanted to add the following info. (my perspective: the beauty of a well thought out plan to help assure compatibility with other software)

    From an AH post:

    Well,

    it (A²) will work with any firewall or anti virus monitor. Why?

    Quite easy. A² does not use any driver - it adds a new layer of protection to the system api. Thats why its fully compatible with any system driver driven security tool (anti virus monitor, firewalls, intrusion detection systems etc.).

    BTW:
    Thats the reason why I decided to use a an API layer instead of system drivers. Most AV monitor drivers a quite poor written and there are many conflicts if there are more than one file system filter drivers ;o).

    BTW:
    A² will process and block ANY action before any anti virus monitor or firewall can block it *g*.
    _________________
    Regards, Andreas
     
  7. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    Well - its in fact not a PHP error. As far as I remember Andreas had some problems with its hard disk drives. He uploaded the CMS but not the CMS data. I will call him to fix it. Will only take 5 minutes to upload the data files. But as far as I know him he is busy with his girlfriend at the moment *g*.
     
  8. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    >also I wanted to add the following info. (my perspective: the beauty of a well thought out
    >plan to help assure compatibility with other software)

    Well, thats in fact the main reason why a² tries to avoid any driver. Most AntiVirus Filesystem Filter Drivers are very poorly written. There are many side effects if there are 2 drivers loaded. So a² tries to avoid drivers.
     
  9. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    just been having a lil look at the shots ya placed of a2 on your bored looks very promising a tool that can give you blanket of protection from basically every kind of nasty out there :D OUTSTANDING !! good job

    cant Wait till its done and i can get a copy to have a look at coz if this is as powerful as it looks then it could make a nice addition to my arsenal of tools

    now a few questions

    now as well as blocking scum-ware like viruses Trojans key loggers etc does it have a Scanner & Cleaner to scan & Clean your system of scum-ware eg an AT AV Anti spyware etc that sort of thing

    is a2 going to be freeware when its done ??

    how complex is a2 i mean to work is it newbie friendly ??

    well thats all i can think of for now well nite nite and Blessed be
     
  10. angel

    angel Registered Member

    Joined:
    Mar 7, 2003
    Posts:
    44
    Location:
    22. district, Vienna, Austria, Europe, Earth
    >Scanner & Cleaner to scan & Clean your system of scum-ware eg an AT AV Anti spyware etc

    Yes, a² has a scanner and a generic cleaner. The scanner will use fingerprints (cause it is simply needed to say what malware it is; the detection itself does not rely on signatures). The engine is pluginable and has a common interface. So if you want you can plug in your own detection methods. Officall plugins for a² and the engine are signed and you will get a warning if you try to "plug in" unsigned modules. So I do not see any security issue regarding this plug in features.

    As I said primary a² uses fingerprints and you are able to generate own fingerprints (similar to TrojanHunter). For very common trojans etc there is a signature based plugin that detect whole families (SDBot, Optix etc.). There are also modules for polymorphic trojans (DDick, Aphex tc.) and heuristically modules for windows viruses for example.

    At the moment Andreas has some interesting discussion with certain anti virus vendors. The goal is that a² interoperates with already installed anti malware software. That means a² can use an already installed anti virus program for scanning for example. So you do not have to scan with NOD32, KAV and a² - you simply have to scan with a² and the Kaspersky AV and
    NOD32 integration enabled.

    The clean engine works "generic". It will try to automatically scan your system including the registry for traces of the found nasty and will offer you to delete it.

    The advanced IDS of a² has a "logging" function. That means it logs what registry keys had changed and what files were created. So if you later decide to delete or quarantine the file it is able to undo all made changes.

    >is a2 going to be freeware when its done ??

    Donationware. If you enjoy a² feel free to donate an amount of your choice. Therefore you will get high priority mail support, daily signature updates and you can disable the splash screen. If you does not donate you have only weekly or "if needed" signature updates, low priority support and support inside the board and you will see this cute splash screen for 10 seconds on system startup *g*:

    http://www.a-2.org/a2splash.jpg

    >how complex is a2 i mean to work is it newbie friendly ??

    Main goal is:
    Everyone that is able to use ZoneAlarm should be able to use a². There are many assistants that analyse your system and auto protect your already installed malware protection systems and sensitive system areas. It also adds sensitive software like your mail client and internet browser to a special group of programs so there is no way to hide them or to inject any type of code into them.

    If you are an absolute beginner you can put a² into "advanced IDS modus" . With this option enabled a² works nearly automatically.

    Of course you can "fine tune" the rules and there are very detailed ways and possibilities to configure the system firewall. For example its possible to allow access to special files or registry parts only to a few applications. So you can easyly secure the config of your programs from manipulations. Create a rule:

    Opening of HKEY_Local_Machine\Software\Kaspersky including subkeys is allowed to "c:\program files\Kaspersky AntiVirus\AVPCC.exe" only.

    Now a² secures your Kaspersky configuration. Or you can say that a² should ask you if a program tries to add itself to the registry run keys.

    Or you can allow appplications to open files inside the windows directory for reading but not for writing. Or you can deny applications to open forreign processes etc. .
     
  11. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    thanks for your reply well thats answers my questions for now the only other question i have at the moment is when will it be available for people to have a look at ?? say like a beta version for instance ?? because if its going to be as easy to use as za then i think id like to give it a test drive when its ready
     
  12. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    The first components are due to roll out this week, but Andreas has been bitten by his dog! The wounds look pretty painful, his arm is black and blue with puncture wounds, so he's taking it easy right now.
     
  13. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Wish him well from us! Not a very nice dog?!?
     
  14. Well ... just look at:

    http://www.a-2.org/forum/viewtopic.php?t=28
     
  15. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Heck,,,I got worse scratches than that from the lady that was here last night :D.







    Just kidding! I do wish Adreas well!
     
  16. controler

    controler Guest

    Looks like SHARK bites :D

    Actualy that dog must be a guard dof to do that. Guessing Pit Bull
    You need to get a shocking collar dude.
    I rasised coon hounds and know the only way to train a dog is with a shocking collar.
    Go to Ebay and buy one now or shoot the dog ;)
     
  17. xam

    xam Registered Member

    Joined:
    Feb 14, 2003
    Posts:
    20
    Anyone have any info regarding a release of this prog ?

    The web sites forum keeps saying it will be soon, but when ?
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    xam,

    Drop the software developper an email ;)

    regards,

    paul
     
  19. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Actually the software developer has already sent out email to all those who indicated they wanted to test.

    :)

    With instruction for those receiving it..how to respond back to him.
     
  20. xam

    xam Registered Member

    Joined:
    Feb 14, 2003
    Posts:
    20
    So you have tried it ? Cool.
    What is it like ?
     
  21. xam

    xam Registered Member

    Joined:
    Feb 14, 2003
    Posts:
    20
    There still does not seem to be a great amount happening with this project. I wonder if the phrase "vapourware" may be appropriate ?
     
  22. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Please contact the software developper - no doubt he will answer to your questions.

    regards.

    paul
     
  23. controler

    controler Guest

    Over the past 6 months I have applied to test it twice from the sign up site and never once got an e-mail.

    con
     
  24. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Maybe it should be called ants squared rather than a squared? :D
     
  25. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Can't use the name ANTS internationally.. seems to owned by another entity and product. :(

    If you squared it ..would be in twice as much trouble on paper.. but if you are only 1... the effect is the same.

    :)
     
Thread Status:
Not open for further replies.