Good trojan defenses?

Discussion in 'other anti-trojan software' started by Comp01, Dec 1, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I am going to test out Trojan Remover, I am also installing System Safety Monitor again, and am waiting for a2 free to completly release, So I figure a2 free, and System Safety monitor should be a good defense system against trojans?
     
  2. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Good luck .According to a post on the DSL forum SSM has died. I may be wrong but I can't really trust free protection. Would you trust a free gun to defend yourself?
     
  3. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Uhh, Whats there to trust about System safety monitor? lol, its a sandbox program essentially, And it doesnt seem like its dead to me, look at the site http://maxcomputing.narod.ru/ssme.html?lang=en
    Seems well active.
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Indeed SSM is alive and in outstanding shape with a new version.
    I cannot comment on A2 but I never put my faith and trust in products that are works in progress. Ok to use them, but understand they do not claim to be finished products, therefore use with caution.
    My preference for Trojan protection is either KAV, TDS, BO Clean or Trojan Hunter.
    It is always my opinion that the brain should be the first line of defense and learning how to surf and email safely is 90% of the battle.
     
  5. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    So how do you come to the conclusion that a2 is a "good" defence tool when
    a) the program is not finished yet and
    b) the program has so far never been reviewed by independent sources?

    wizard
     
  6. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    a) I Have the 'beta' release version, seems good to me.
    b) Not every program on your computer has been reviewed by independent resources, now are they?, if you base all your software decisions on reviews, I have pitty.... Because if you never try a program yourself, you have no idea, IMO alot of reviews are biased, And yes, they are also biased ones here at wilders.
     
  7. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    In terms of AT and AV software they are. I can't just do a decsion to use security software because it has a nice GUI. What counts is how good the detection and the engine is. An unfinished beta can't give you the same impression as a full version especially if in the beta parts of the engine and the signatures are missing.

    wizard
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @wizard- I do hope that your comments do NOT mean that you are not giving a² a trial. I value your assessments of security programs, & I am intensely curious to read your further reviews of a².

    regards.......bellgamin
     
  9. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I have given a² a trial and that's why I tell the people: Hey stop and wait it's not finished. A² is at a stage for the moment where you can't say this will be a good program or not. The expectations on Andreas to deliver something "fantastic" is very high amoungst all of us. But as the trial shows yet, a² is not there yet.

    So let's be realistic and wait and see how the thing develops and base the decisions on facts and not just on "expectations".

    wizard
     
  10. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Cant help but put in my 5c :D

    Process Guard (and add everything in your firewall ruleset to it)
    Port Explorer to see those connections, none of which are hidden.. dont even need PE really
    Good firewall and AV
    Bit of common sense

    You're already 99.9% of the way there, it would take a custom trojan designed JUST for you, and plenty of social engineering.. even then it would be hard for an attacker, your firewall cant be killed or injected into (forced code injection, firewalls like Sygate already handle other methods). So I guess they would go for exploits in your OS or browser. Patch those up ! :)

    ..add any trojan scanner for good measure that is frequently updated, not necessarily TDS either
     
  11. JamesD

    JamesD Guest

    As long as it fires, who cares if it's free or not. The guy's equally dead.

    Personally I wouldn't trust an expensive gun I didn't build myself or at least have the plans to, so I can see how it works.
     
  12. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    Since this thread began as a free anti-trojan defence I'd suggest adding the following things to the previus programs:
    - a free good online scan http://www.trojanscan.com/;
    - changing SSM with Abtrusion Protector;
    - Trojan's First Aid Kit,
    - using HijackThis,
    - using the settings you can find here. http://www.markusjansson.net/
    Of course in this way you are not completly sure but it's a good starting pont.
     
  13. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I think dumping SSM for AP is not what everyone would suggest.
    I happen to feel SSM offers much better protection and superior support. Opinions abound I suppose.
     
  14. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    SSM also works with (at present )more operating systems than AP which doesnt support 98 or ME i believe.
    ellison
     
  15. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    trojan first aid kit is no longer supported, in fact it hasn't been updated for aeons.. recommending it here is a disservice to all.
    it is actually dangerous to use it coz you might feel you're protected.. a false sense of security is more dangerous than insecurity IMO
     
  16. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Definitely ! :eek:
     
  17. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    Since it was said a2free is a "work in progress" i suggested the installation
    of trojan first aid kit using an online scan, too. That is, trojan first aid kit and an online scan are added to a2 free to achieve the minimum security.
    I think that only a madman could recommend trojan first aid kit instead of a2 free., so I didn' t think I could be misundertood.
     
  18. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    hey tfak has no use whatsoever.. read me NO USE!
    IT'S JUST A WASTE OF HD SPACE...
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Useless as an AT, yes; but perhaps TFAK isn't TOTALLY uselesss. After all...
    It will tell you everything that is running -- visibly or invisibly -- on your system. And it will *kill* any running process that you tell it to kill.

    Or am I missing something?
     
  20. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Well it will show running processes that aren't cloaked or a driver rootkit. Having said that a process viewer is something everyone should have at least a couple of isn't it ? :D
     
  21. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    good point bellgamin on viewing/controlling/kill aps.

    I think the only thing one can say about a program which is functional but no longer supported, is are there other programs available which are supported and which provide the same or similar function. Also there is the danger of naivite by the 'ignorance is bliss crowd" in thinking they are covered when they are not.

    for Ap control/kill/viewer, 2 actual working programs come to mind. 1st one I am familiar with the other I am not.

    1) for those running below windows 2000 and for those who run at or above windows 2000 but make the choice of using this software:

    I recommend System Safety Monitor (freeware but he accepts donations for future development). Max is very responsive to his users and I say that 1st hand. Contact the author via email if you have a problem.

    with SSM you get the kernel Ap control & also registry control. Not sure what new goodies are in the new beta SSM 1.9.4...

    http://www.wilderssecurity.com/showthread.php?t=17132

    http://maxcomputing.narod.ru/ssme.html?lang

    for those running at or above windows 2000:

    1) Process Guard (I have no experience with) (freeware for 1 Ap control, payware for more control )

    http://www.wilderssecurity.com/showthread.php?t=17323

    http://www.diamondcs.com.au/processguard/

    2) A squared (a² personal) should be coming out with a full plate of stuff in this genre (only the scanner is free, the full suite is for pay and it is still being developed)

    http://www.a-2.org/en/

    so again my opinion no need to stick with software which is no longer actively supported if there are alternatives, which there are.

    exception below:

    proxomitron lives even though engine no longer being developed since the filters are the key :cool:
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I agree, peakaboo. For a well-supported program that wil kill processes & do lots of other stuff -- I recommend Process Explorer. It's a small program with a BIG usefulness. Get it free from...
    System Internals

    You are gonna looove me for introducing u 2 this little darlin' sweetheart of a proggie! :cool:
     
  23. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Thanks bellgamin,

    I'll give it a try. Looks good... nice & light on resources.

    Just curious when you say "program that wil kill processes" does it do so automatically or do you have to manually intervene? In other words does it have a trusted group of Aps and anything else is disallowed?

    just like to get some insight before I try it.

    BTW I was just at that site last night looking at another program "pagedefrag"

    lots of goodies over there...
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    It's manual. Just right-click on any listed process & there is an option to kill it.
     
  25. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    If you want a good advanced terminator try this and only 29KB: http://www.diamondcs.com.au/index.php?page=apt :)

    And another very useful system utility, mainly developed for power users who want to know what's going on in their Personal Computer. It may also be used by programmers as a tool for tracking their applications.
    http://www.faberbox.com/fabertoys.asp :D
     
Thread Status:
Not open for further replies.