Do I need DiamondCS software?

Discussion in 'Trojan Defence Suite' started by frank4553, May 30, 2005.

Thread Status:
Not open for further replies.
  1. frank4553

    frank4553 Registered Member

    Joined:
    Sep 14, 2004
    Posts:
    25
    Hi All

    I have been reading through this forum and like the sound of TDS-3, ProcessGuard and Port Explorer. However I have the following installed on my computer and wonder if they would give me any further benefit?

    Registry Medic V3.0
    Nod32
    Zone Alarm Pro
    Ewido Security Suite Plus
    Tenebril Spycatcher
    SpywareGuard
    SpyBot

    on Windows 2000 (sevice pack 4) amd all latest windows updates.

    I think that's it!!

    I use Firefox for my browser (and sometimes K-meleon...very fast!!) and Outlook for my e-mail.

    Am I being a bit overcautious or slightly paranoid in considering the above 3 software packages

    Any views would be much appreciated.

    Regards

    frank4553
     
    Last edited: May 30, 2005
  2. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Process Guard could give you some additional protection, but my take is "no", unless you really download wildly stuff from obscure networks/p2p and wildly click on everything (or have children that do that on your computer).

    I'm running well without any DiamondCS software (very similar setup to that of yours) and I'm fine.
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Hi frank,
    We have a wide variety of software including many free utilities, but in regards to whether or not our software will help you I'd advise you first to try it yourself - there are free downloads available with all of our software, and secondly to listen to experienced posters here who are familiar with our software. With all due respect to halcyon he is not very familiar with our software so is in no real position to tell you whether or not our software will help you - the fact is only you will really be able to answer that question and only be trying the software for yourself, and I'm sure there'll be some knowledgeable folk along soon who'll be able to shed more light on how they use our software and how our software may be able to help you. :)

    Just looking at your current software setup, you have your main bases covered in an anti-virus and firewall, but you have nothing preventing those programs from being terminated/hijacked/modified/attacked/etc etc. This is where ProcessGuard can dramatically increase your security - not only will it prevent such attacks, but it also prevents a wide variety of other attacks, including arguably one of the strongest defences against rootkits available at the moment.

    You have an anti-trojan program, but you may also want to try our anti-trojan program. TDS has been around since the very first trojans, it has the largest database, detects trojans in more ways and is considered by most to be the most comprehensive anti-trojan system available. It was the first anti-trojan to have daily updates, which first started several years ago.

    In regards to spyware you have that base covered, as well as a registry program but I'd also encourage you to try Ghost Security's RegDefend, as that - like ProcessGuard - provides kernel-level protection, something which very few programs offer.

    What about the programs that automatically start on your computer? You may like to try our freeware AutostartViewer program, which allows you to instantly see and control all known autostarts.

    What about the programs which are using the ports on your system? We've developed Port Explorer so that you'll know exactly which program is behind which port. It has been compared to similar programs and is considered by experts to be the leading port-to-process mapper for Windows, and is the only port-to-process mapper with true support for Windows 95/98/ME. We've also made a command-line version called OpenPorts, which is free.

    We also have a variety of other miscellaneous utilities - all free - which provide various capabilities and analytical advantages to the user. CmdLine for example is the only tool available which allows you to see the command line parameters of all processes on your system. Advanced Process Termination offers a wide variety of ways to terminate stubborn applications, and also provides an easy way to test how easy it would be for malicious software to attack your security software (and also test how ProcessGuard protects against such attacks). Our IRClean program will help keep your copy of mIRC clean, and our DelLater program allows you to delete files on reboot - ideal for files that can't be immediately deleted due to being locked/in-use. Our TaskMan+ program elevates the security privileges of Task Manager, allowing you to see extra processes and do things such as terminate processes you wouldn't otherwise be able to touch.

    So as you can see we have a wide variety of security-oriented software, and while I'm sure there aren't many people who use every single one of our programs, I'm sure you'll find several of our offerings to your liking. Like I said, most of it is free, and that which isn't free always has a free trial download anyway so you have nothing to lose and everything to gain.

    Anyway I hope that helps give you some idea of what awaits ... :)
    Best regards,
    Wayne
     
    Last edited: May 30, 2005
  4. frank4553

    frank4553 Registered Member

    Joined:
    Sep 14, 2004
    Posts:
    25
    Thanks for your replies Wayne and Halcyon...a lot to think about there!

    I must say, if I have the choice between a free and full version of software, I tend to go for the full. It costs I know, but otherwise I feel I'm missing out on something and maybe only getting a half-way solution.

    However, it may be worth trying your free trials to get a feel for them.

    Regards

    Frank
     
    Last edited: May 30, 2005
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Frank,

    You appear to have very strong security at this time, but if you are looking for incremental protection, as Wayne described, I think you will find lots of value in the products that Wayne mentioned.

    As you might expect, some of the most valuable features of ProcessGuard are in its licensed version - e.g. protection against installation of rootkits, global hooks (keylogger) protection, system services (this one in particular protected me from a bad problem a couple of months ago). If you like the product, I am sure you will find value in the paid license. But definitely check it out first to make sure it is what you are looking for.

    If you decide to install, remember to turn off all of your protection tools, because it appears there have been some problems lately with protection tools preventing a full installation of ProcessGuard.

    Rich
     
  6. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Whenever a software company offers a free trial version it's always a wise idea to take advantage of that, before you decide to make a purchase. It allows you to get a feel for the program for yourself, it allows you to ensure that features you want are there (and no unwanted 'features' like ads or spyware), it allows you to ensure the program is compatible with your OS and hardware, and it can prevent you making a purchase that you might regret had you not tried it first. (I'm a software developer though so I didn't say any of that, ok? :))

    But like I said, most of our software is in the form of free utilities - we only sell 4 programs and those are at very low prices, so you've got nothing to lose by trying them. If you don't like any of them simply press Ctrl+Delete on them from Explorer, but at least by trying them you'll know whether or not they fit into your arsenal. :)

    Best regards,
    Wayne
     
  7. frank4553

    frank4553 Registered Member

    Joined:
    Sep 14, 2004
    Posts:
    25
    Don't worry Wayne I won't tell anyone you told me that :blink:

    Good idea to try the trial versions.

    Do they have to be bought separately or do you have a special offer to buy all three!! :D

    Frank
     
  8. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Yes, if you do, you certainly will buy the products.

    As you can see, i am testing Security Software for my job,
    since the early 80's and i have bought licenses of all the products you have mentioned.

    Do a 'search' on these forums and see what others think of these.

    ;)
     
  9. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
    Wayne is too modest to mention the great support you get from DiamondsCS, it is second to none, and apart from the great products themselves, is one of the main reasons I am a Licensed user of several products.
     
  10. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Your site is not working very well :doubt:
    (Opera user here)
     
  11. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    Just to echo comments of other DiamondCS users, I too have all of DiamondCS products. Across the board the products and service has been great. Actually, the more I learn about security, the more I can appreciate what DiamondCS has done. They are usually ahead of the curve, since they can see the problems coming and build products in anticipation of the problems that lie ahead. Great job guys! (Ditto to Jason over at Ghost Security).

    Rich
     
  12. frank4553

    frank4553 Registered Member

    Joined:
    Sep 14, 2004
    Posts:
    25
    Wayne and Everyone

    Downloaded trial versions of PG, Port explorer and TDS.
    Very impressed...and would you believe it....TDS found 2 Trojans which I have deleted.

    Looks like the plastic will be taking another hammering! (English saying) :)

    Thanks

    Frank
     
    Last edited: May 30, 2005
  13. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    ... I rest my case about taking advantage of free trial versions. :)

    Anyway I hope you enjoy using the software, I've no doubt your personal security knowledge will also strengthen as a result, ultimately making you the strongest security weapon in your arsenal.

    Have fun,
    Wayne
     
  14. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    TDS-3 catched trojans that Ewido did not?

    Can you name these trojans? It would be to the benefit of all of us.

    I've had false positives with my paid copy of TDS-3, so you should be wary of those as well.

    regards,
    halcyon

    PS As for the support of DiamondCS, I respectfully disagree. I think they are not very reactive compared to the best of security companies, and I'm writing as a paying customer who has given them bug reports, which they have disregarded.
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Like Gavin (and others in the field) explained countless times, every scanner / company has to deal with occasional false positives. We users can help by submitting posible false detections as quick as we discover them after a scan so the company can correct the situation asap.

    There is no difference in scanning with the evaluation or the registered version. The differences are in other parts.

    Maybe not including in the current TDS3 version does not mean definitely ignored.

    The best company? No discussion on that here please. ;) We don't like pissing contests here.
     
  16. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Hi again Halcyon,
    I can't speak about Ewido obviously, but TDS has a larger database and has existed for many more years - since the very first remote access trojans (when there was just TDS, BOClean and Lockdown), it is still the only AT scanner supported by a fulltime analyst, and it detects trojans in more ways than any other scanner so there's nothing surprising about his findings, and we're pleased his system is now cleaner and more secure for it. :)

    Just on that note, our primary list of trojans can be found here:
    http://tds.diamondcs.com.au/primary.txt
    It only includes primary names.

    False positives are virtually impossible to eradicate from scanners with strong detection, but FP's in TDS are extremely rare - TDS has a lower FP rate than virtually any other scanner as all of our signatures are manually and carefully hand-picked after thorough file analysis/disassembly/debugging. This is a slow and expensive way of adding signatures but is the only way to ensure that signatures are of high quality and minimal chance of false positives. The very few times that there have been a FP our track record shows that they were quickly corrected.

    With all due respect, we're only a small company - it's not possible for us to provide the level of support that a large security corporation can, but still we provide FREE support - at our expense - to anyone who emails us (not just registered customers). We even provide free forum support - I'm responding now, aren't I? :). Bug reports are never discarded, they are added to our various To Do lists but unfortunately we're not able to respond to every single email we get as we simply don't have the time or resources considering the volume of email we receive every hour. Thankyou for understanding.

    Best regards,
    Wayne
     
  17. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Wayne, I understand DiamondCS is a small company. I also think TDS-3 and Process Guard are very good pieces of software (take it for what you will, I'm just an end-user not a self-confessed security expert, like some other people here in the forums :)

    But you must also respect my right to offer a little bit of criticism, when I see it's valid.

    I don't mean it as an offence nor do I want to make it personal.

    I'm just saying that I've received false positives with TDS-3 and that my requests for fixes have not been taken very seriously.

    Whether one thinks they are valid, is a completely another issue.

    I'm just here to say that there are ISSUES with EVERY company and every software.

    For example, picking one at over another, because one finds two trojans that another does not find, is not necessarily the best method of software selection and does not guarantee that "other" to be free of faults.

    This is just my opinion of course and based on the stance that working security is a process, not a product.

    friendly regards,
    Halcyon

    PS Also, as a continuation, I could say that if one starts to go on the "let's stack defences upon defences" software product route, one should also start considering obscure hacker site tools (like VICE, knlps, etc.), harder to use tools like RootKitRevealer, multiple-AV, multiple-AT, multiple registry defenders, multiple-firewalls.

    After all, they all have holes/failings (this is undeniable).

    So why settle only on one or two, when one can install them all?

    To me this is a sign of software silliness and too much reliance of products.

    A much higher level of security can, imho, be attained by one good AV, one good AT, one good firewall and a set of security policies and practicies.

    It also saves money, configuration, time and a lot of hassle in the end.

    Again, that's just my opinion and not a proof of anything.

    - the same
     
  18. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Sorry to step in here, but...

    How can you tell? It's the same reality twist like:

    Which is just not true as some statements on your website like:

     
  19. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Hello fish, and welcome to the DiamondCS forum.

    Analysis of other anti-trojan software and their databases makes it easy to see exactly how many different trojans and so on are covered (with the only real exception to that being it's never possible to determine how many variants are detected by one signature). Although (as many people are finding out) it's extremely difficult to compare anti-virus/anti-trojan scanners using traditional methods (ie. testbed scanning), the internals of the scanner - the code itself and its databases - do not lie, although our findings are for our eyes only - we do not and will not release any information regarding the technologies or databases of other anti-trojan software. Also, having an enormous collection of trojans ourselves also makes it easy to see how other scanners compare against each other. Analysis of daily updates also helps because you can see exactly what is getting added each day.

    I've just updated that to read the FIRST anti-trojan system with daily updates, but there still aren't very many with daily updates and they have only started daily updates in the last year or so, whereas we've been updating daily for something like half a decade now.

    Best regards,
    Wayne
     
    Last edited: May 31, 2005
  20. frank4553

    frank4553 Registered Member

    Joined:
    Sep 14, 2004
    Posts:
    25
    Will name Trojans when I get home from work.

    One was DDoS.Rat.rBot.?? (can't remember last letters - will edit later).

    The other was a 'Live Trojan' unidentified.


    Frank
     
    Last edited: May 31, 2005
  21. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    As there are several thousand Rbots it's very possible that TDS had detections for that one earlier than other AT tools and at times the opposite will happen, it all derpends on the first "victim" to find a sample asnd who he submits it to first
     
  22. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Like dvk01 said, rBot is an extraordinarly widespread remote access trojan so it's not overly surprising that you were infected by it - you're certainly not the only one, but it's good to hear that youve deleted it. Extended detection aside, TDS has primary detection for some two and a half thousand variants of rBot (see the primary names list) - it's a massive family, and due to its popularity we proactively seek rBot variants so we often encounter new variants before anybody sends them to us, there's just so many of them out there.
     
  23. FanJ

    FanJ Guest

    As the topic of this thread being "Do I need DiamondCS software?", I would like to say that I'm extremely happy with the programs from DCS that I have on my W98SE box:
    TDS-3, WormGuard, PortExplorer, and some free ones :D

    Keep up the good work DiamondCS !!!

    Thanks !!!
    Cheers, Jan.
     
  24. frank4553

    frank4553 Registered Member

    Joined:
    Sep 14, 2004
    Posts:
    25

    I tried to set up the e-mail option in TDS to send the files but failed miserably!

    I entered my outgoing server name (mail.btinternet.com) and my e-mail address and tried the test....it failed. Am I doing it right?

    Frank
     
  25. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    if I remember rightly BT internet block port 25 at the BT servers from relaying and you need username & password in the email program to use it

    TDS3 only has facilities for email address rather then user name which can be and frequently is different from email address

    Hopefully tds 4 will allow for the use of smtp authorisation servers which many ISP's now use to cut down on spam message relaying
     
Thread Status:
Not open for further replies.