Anti-Trojan is must?

Discussion in 'other anti-trojan software' started by aigle, Feb 14, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    If someone is using AV, firewall, and Antispyware( with or without HIPS), is there is any need of Anti Trojan software( like a-squard, ewido etc).
    Are they more capable than antispywares and AVs for detecting Trojans.

    I can,t understand everybody on this forum talks about there anti-trojans but if I see the computer related web-sites( like pcmag.com,pcworld.com, cnet.com), they are totally free of any reviews about these products. At least you don,t find any recent reviews, may be old ones only. I just get an impression that these are in fact now obsolete as antispywaes and AVs are quite good to replace them.

    Am I true or not?

    Also I don,t know if ever I use some free anti-trojan,what should be the best choice?
     
  2. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Hi aigle,
    :eek: Certainly NOT obsolete, you still need those anti-trojans.
    While your AV can detect some trojans, it still advisable to run one or two anti-trojans.
    The same applies to anti-spyware. (running Spy Sweeper & Ad-Aware & SpyBot)
    What one could not detect, will certainly be picked up by another. :D

    Even I run Ewido, while having KAV on my system. :D
    Take a look at Ewido and A2.
    Give them a spin. ;)
     
  3. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    not very neccesory to purchase a antitrojan when you have kav,nod32,norton,mcafee, or bd.... you can just use free versions of at's to make sure nothing went by
     
  4. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Trojans are the stealtheist hard to detect most advanced dangerous programs made by hackers. So we have to install a dedicated anti-trojan program to detect and remove them from our pc. Even if some antivirus and anti-spywares can detects some of them we still need a very good anti-trojan program. :cool:

    Popular Free versions w/c turns into full if you register it are Ewido and A-Squared...also install ProcessGuard coz it also can adds some layer of protections against trojans. ;)
     
  5. wxboss

    wxboss Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    33
    Location:
    Jacksonville, FL
    I agree. I admit that I used to be anti-trojan illiterate, but you just can't take any chances nowadays. I run NOD & BOClean along with several anti-spyware programs, a firewall all behind a NAT router. Sounds like an overkill? Not really. As time goes on, and more and more people become slowly more educated, the maleware writers also become more sophisticated. There is some really bad stuff out there, and current trends seem to indicate that it won't get any better. I wish I could find the link, but I saw a summary of last year's history which detailed the rise of spyware/trojans. It clearly showed that the proliferation of new trojans shot above the production of new spyware programs.

    To the OP, just take a look at your question for example, and how many anti-spyware apps are out there now. Quite a few, yet how many people are aware of anti-trojan programs and their need for them. Very few indeed. It's no wonder trojans are on the rise due to the difficult nature of recognizing them and the general public's ignorance of them.

    The whole point of all these apps are to prevent an infestation. For that reason alone, an anti-trojan should be an intregal part of everyones security setup.
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Today, we can see that the AntiVirus are adding much less signatures for virus than for other malware, like trojans, worms and spyware, so their capability for this kind of threads are much better now than before...

    I think that it's a good idea to have, at least, a good anti-malware scanner to scan your system and complement the protection that your AV can offer you...

    I use ewido anti-malware for on-demand only, and I highly recommended it for you... ;)

    Remember that nothing is perfect...
     
  7. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    The way things look like the're going you might need an AT more than an AV, plus a rootkit defender or 10 as well !


    StevieO
     
  8. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Exactly that is why I say stop educating people! As long as there are easier targets, they are less likely to go after me.

    For example I used to be obsessed with pointing and correcting errors everytime I saw one in a post made by someone here. But nowdays I don't borther. For example I just saw Erikalbert make an erronous claim about TrueCrypt + Shadowuser, because he doesn't get how truecrypt works but I'm not going to say anything..... Let him believe what he believes lol.

    Are trojans really that difficult to detect compared to say worms? What special magic can they do, that other classes of malware cannot? To turn it around, what special magic do anti trojans do that antiviruses dont?
    Memory scanning to handle packers?

    Is trojan detection really *so* different from antivirus research?

    **********************************
    The reason why worms or viruses seem to be more easily detected is because they have a greater chance of being in the signature database since they are far more widely spread! A fast spreading variant of sobig is snagged by various honeypots and analysed compared to a say targetted malware...


    I disagree. Preventation is good, but it does not necessary mean adding a antitrojan.
     
  9. wxboss

    wxboss Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    33
    Location:
    Jacksonville, FL
    I understand your arguments, but I try and live by the old saying, "An ounce of prevention is worth a pound of cure."

    Being naive today is a personal liability when it comes to the Internet especially if the pc is shared and uses a high-speed always on connection. I do a lot of financial related transactions online, so I take pains to ensure that my system is safe, clean and won't expose what I have worked hard to acheive.

    Granted, AVs, and anti-spyware apps are getting better at detecting trojans, but they are still a ways away from being reliable enough to replace a dedicated program like BOClean for instance.

    Some may disagree, but how many AVs can keep you safe from rookits? I still firmly belive that a dedicated anti-trojan program is worth the investment.

    I'll get off my soap box now :)
     
  10. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Too late, Securityx went in to shoot him down... Sigh...

    How about the one preaching moderation in all things?.....

    So you have faith anti-trojans can detect rootkits? Any evidence of that?
    From what the scaremongers are saying rootkits once installed are well neigh undetectable anyway LOL!!!!
     
  11. wxboss

    wxboss Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    33
    Location:
    Jacksonville, FL
    Like a moderately infected pc?

    To the OP,

    Your habits will dictate your need for anything beyond what you currently have in place.

    I apologize for taking this thread in a direction it wasn't intended to go. That being said, there are a couple of good, free ATs (take Eldar's suggestions) that could do nothing but help to strengthen your current configuration.
     
  12. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Well I'm not sure if the *possibility* of a infected PC is worse
    than a PC that is always critically loaded down with security apps such that it works slower than one that is merely moderately infected.

    :)

    Just one more security app, won't hurt right? :)
     
  13. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    I wanna have a PC that takes 1 hour to boot up, freezes every other minute, popups by security software detecting legitimate files...I think I'd feel safe and dumb at the same time.
     
  14. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    is an anti trojan a must

    short answer yes

    long answer

    the best aproch to compuer security is to layer your defence just as adware/spyware and viruses requier specific detection and cleaning tools so do trojans because you will find that if you get infected with a trojan even if one of your other tools detect it there unlikley to be able to remove it properly which will result in you becoming reinfected

    while tools like this have there limits becaue thay relie of signiture files and there for requier continuas updates to maintain there effectivness there still needed

    ultimatley the best aproch to computer security is to not become infected in the first place and thats where IDS (intrusion detection systems) comes in these work on a similuer principle so av at as however thay are able to detect and block all forms of malware with out the need of signiture files and there for is able to protect you from unknown threats unlike at, av, as and do not requier continuas updates
     
  15. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Heh if you think ATs are bad, you should try what this forum loves to call HIPS.

    "legimate files" ? Try "legimate behavior", more ways to prompt than legimate files... :)

    I recommend ZA Pro + KAV beta 6 + Processguard + neovguard or

    or

    Safe N sec + Appdefend + Regdefend + Out post pro

    You can't fart without your security software prompting you for permission.
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    2-3 years ago, it could be said that anti-virus scanners did not detect trojans very well. However that has been redressed and there are some cases of AV scanners outperforming anti-trojans (see here for an example) which was one reason why DiamondCS discontinued their anti-trojan scanner TDS-3.

    As such, the only reason for using an AT scanner is if you believe that your AV software may not detect all the threats you encounter - this should only apply to those who practice "high risk" activities such as downloading files from anonymous sources (file-sharing networks, Usenet, IRC, etc) which are far more likely to contain malware modified to evade detection by AV scanners.

    Of course, there is also the alternative of process protection software (Process Guard and its ilk) which relies on user setup rather than signatures. This, in many cases, would provide equivalent (or better) backup than a second scanner.
     
  17. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    With Process Guard I could fart and follow through without it prompting me for permission.
     
  18. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Thanks for sharing, now let's keep things on topic here....

    In considering various product options on the market (AV/AT/AS/HIPS/etc.), it is important for a new user to realize that the segmentation is largely historically derived based either on the evolution of the type of threat or the view of best route to protection. Major AV producers were somewhat slow to respond to the surge in spyware, creating a niche opportunity for AS producers, who filled the gap. I tend to view the situation with trojans similarly, although I tend to link trojans and spyware since spyware often employs trojan downloaders as the infective vector. Over time, AV producers have responded by generalizing their coverage of malware. Decent AV's currently cover all forms of malware rather well.

    So, is an AT a must? Well, ask yourself what gap is being filled by the product you are planning to install. If it is a "standard AT", are you basing this on clear indications that your AV is somehow lax in trojan coverage? For the record, I do have an AT installed, it is BOClean. I purchased and installed it for two reasons only - process memory scanning and compatibility with my main AV's. This does plug a minor gap in the AV products I use, but it is much less an AT vs. AV issue and more related to how BOClean and the AV's I use function. Is that is gap that every user should be concerned about? You tell me.

    Blue
     
  19. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    I recommend turning off your pc :D
     
  20. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Ah, I see you trained her to recognise that farting by you isn't dangerous! Did you train PG to recognise that farting by anyone else isn't dangerous either?
    :)
     
  21. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    Per definition a trojan horse is any malicious code disguised as a desirable program and utility. The word trojan describes a vehicle rather than a specific type of malware.

    When you initiate/run/install a trojan, you believe you install a desired program, so you probably accept everything during the installation process. You are probably logged in with administrator rights, and probably have turned off various protection utilities as well.

    The trojan way is a hacker's dream! You have set aside all your protective measures because you expect a friend, not an enemy.
     
  22. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Well put, Stein :)
     
Thread Status:
Not open for further replies.