Is a designated anti trojan program really needed?

Discussion in 'other anti-trojan software' started by ejr, Jan 31, 2007.

Thread Status:
Not open for further replies.
  1. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    It seems to me like between your AV (if you have a good one) and your Antispyware and HIPS, you wouldn't need a designated antitrojan.

    Thoughts?
     
  2. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: This does refresh my fading memory regarding what has been said on Ewido's and Trojan Hunter's web sites; they avocated at the time that AT is the right tool to fill the cracks left by AV and AS. During those days, trojans were very scary malwares which could deeply sleep in your system and get up striking on you right before your watchful eyes w/o any warnings. Yes, AT did have their glory days. Nowadays, increasing numbers of AV and AS or even HIPSs(never heard of during AT era) have included trojans-combat capabilities and often are superior to stand-alone AT apps. I would presume that a specially designated AT app is not that important any more, and I do worry those good old standalone ATs such as Trojan Hunter, their days may be numbered, sad enough indeed.IMO.
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    My strictly personal opinion:

    Yes, ATs certainly have a role in your security set-up !

    It's once again about a layered security approach.

    It's your choice what to run on-access and on-demand.
    And of course it also depends on how much money you can afford to spend.

    The differences between AVs and ATs and ASs, and what more, might be not so big anymore.
    Look at which definitions are added to those.
    And keep also in mind how good they can keep you clean (pro-active) and how good they are in cleaning an "infected" system.
     
  4. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    I don't think ATs are necessary as now there are many AV's with stronger trojan detection than the ATs. I think you use an AT for a second opinion though.
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I understand that AVs normally detect trojans first, but ATs are better at removal.
    It seems to me that if the Av detects, and prevents infection that an AT is not necessary. Nowadays the lines are blurred, and the various applications that were dedicated ATs are designed to also be good anti-spyware and other anti-malware applications.

    I suspect that programs such as AVG AS, a-squared, and SuperAntiSpyware overlap a lot.

    If one has a good AV that has a high detection rate for trojans he does not need an AT. However, I am still a believer in layering as long as one does not overdo it.
    I must say that none of my layering applications ever finds anything or detects anything. But neither does my AV. A couple of years ago my AV stopped a trojan as first responder, and my AT never detected it.

    Best,
    Jerry
     
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    It depends on how safely, and where you surf, and how many others use the same computer, and their habits. No antivirus will catch everything, so including an anti/trojan/rootkit/bot etc product can really help fill the gap.

    I've tried quite a few of them, and finally settled with BOClean as a major player in my defences. It doesn't conflict with any other application, and is very light on resources, and jumps in exactly when required.


    StevieO
     
  7. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I imagine that AVG Anti-Spyware still has the high Trojan detection that Ewido did, but I wonder if the AVG AV hasn't received a mass dose of those signatures, especially since Ewido is now called AVG AS. Also did any of you ever read an old Ewido website? It had things on it about plans to rename Ewido the Ewido Security Suite, and implement RealTime Heuristics and Behavior Detection in early 2006. This was of course before Grisoft bought them, but I wonder why Grisoft never incorporated any of this into the RealTime Guard used by AVG AS? It would be wonderful for AVG AS to have this today, as the EASTER.2010 post below tells me it is needed.
     
    Last edited: Feb 10, 2007
  8. EASTER.2010

    EASTER.2010 Guest

    Probably not, but it certainly does factor in a marked increase of confidence for you and a PC's protection to have one compliment your AV/AS/KeyLogger apps.

    That layered approach is lethal against malware threats and makes most if not all of them of no effect, essentially useless in other words.

    I have hammered away at a couple of test PC's including my own basic working unit with about every form of past, recent, and present threats i can throw at them with tremendously positive results compared to just a few short years ago when all it took was some IE exploited drive-by conceived by a CoolWebSearch variant to bring the house down so to speak. That was because it was much easier for them to update & change their wares to enter a system who most of us only had signature based security that could allow for something to slip in and disable our firewall/AV or what have you then.
    Now we have Behavioral Intrusion Detections know as HIPS and others that are even built into AS/AV apps to some degree and make for great interception rates of possible ill intuder files/downloaders.
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Having AVG Antispyware and SUPERAntiSpyware I don´t bother with anti-trojans ;)
     
  11. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    It would be nice with a test for this because i think it is BS, this has been said so many times in forums that users believe the logic of: anti-trojan better for trojans, anti-viruses for viruses and anti-spyware is better at removing ad/spyware....yada yada, i do not think is that simple, for example a welknown AT who is good at detecting is actually not very good at removing the detection you instructed it to remove and no i won't put a name on it because this will just start another flamewar, i just wanted to say such a test would be very interesting and possibly very surprising. :)
     
  12. EASTER.2010

    EASTER.2010 Guest

    Which offers proof yet again that a Layered approach while increasing programs on your machine also assists in defending/protecting better.

    I recall times when for example Ad-Aware SE would correctly identify some malware but yet could never remove it entirely if at all and oftimes leaving behind registy entries or even files that needed to be removed with HijackThis or a KillBox etc. Hence, purpose of their support forums at the time.

    New methods are being built into better detectors these days but it still serves a useful purpose, at least for my conscience, to employ several types if that's what it takes to minimize the risks of malware infection.
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    You are likely correct. I have just parroted what has been said.
    Maybe someone will do such a test. However, if untrue, then I would say if one has an AV, such as Kaspersky, there would be no need for an AT.

    Added
    I visited AV Comparatives, and see that several of the best have detection rates for trojans in excess of 97%. I do not recall that any AT has that good detection rate, and in my own experience the AV caught the only one I ever knew attempted to infect me. The AT did not, and it was said that was the norm. FWIW the AV was Bit Defender, which was rated 91.54% at AVC for trojan detection.

    Best,
    Jerry
     
    Last edited: Feb 10, 2007
  14. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    So would adding AVG AntiSpyware as additional RealTime Protection along with an AV truly provide better Anti-Trojan Protection?
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    IMO yes it would.AVG AS or BOClean (both in my case)would be an excellent choice.
     
  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i have seen quite a few people using nod32+boclean but it might not be as much soon since nod32 Trojan detection is getting better
    lodore
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I think the top 5 AVs will blow away any anti-trojan software. The AV vendors are taking this seriously, and this time next year, this forum wont be needed.;)
     
  18. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Pretty bold. I think I will keep BOClean no matter what AV I use. ;)
     
  19. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    Agree,BoClean will stay on all my computers until some other app. proves to me it can do a better job.
     
  20. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Same for me.:) Even if BoClean covers only one percent or less of what my AV doesn't cover, it will always have it's place on my PC. It is efficient and best I don't even notice it is there.;)
     
  21. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Well, you do realize, that a year from now, it may be BOClean that made some changes, and it will be BOClean, instead of your AV product securing your PC. All of my statements are based on little knowledge but more gut feeling. Either way, each year that goes by, things do get more interesting, and complicated.:)
     
  22. EASTER.2010

    EASTER.2010 Guest

    It's fantastic that AV's are vastly improving in areas where before we "HAD" to depend solely on other forms of detections such as AS/AT's and all that in order to offset their limitations.

    Today those risks are greatly diminished somewhat but not completely by any stretch nor likely will. Yes, RootKits & stealth hiding of malware have taken center stage that's true and so to ensure protection is adequate enough to breath easy it's always my suggestion to apply the LAYERED approach no matter what.

    As long as XP and the NTFS file system is still being experimented on by malware authors, there will remain a risk no matter how slight that something might slip past an AV and drop in uninvited.

    HIPS comes to mind as the best new deterent to those type risks and they are slowly becoming integrated into "BOTH" Anti-Virus programs and Anti-Spyware programs.
     
  23. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    I don't visit porn and other shady pages so no antitrojan in here.
     
  24. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    So, according to your statement, everyone who has a AT installed is visiting porn and shady pages.o_O :mad:
     
  25. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Of course, that's not an objective reason as to why you'd need a designated AT or not...

    Pragmatically speaking, AV vendors have come a long way in appreciating that trojans are a general malware delivery vector and, as such, should be covered by any product claiming to be a general solution. Most solid products currently cover trojans well. Hence, the general recommendation to layer is somewhat dated and reflects legacy history when products occupied selective niches and focused on specialized forms of malware.

    However, every time I weigh whether the family machines could do without BOClean, KL seems to pull a bonehead update move that kills the updater in a fashion that is not obvious to an untrained eye and does require direct user intervention to remedy. Over the years, this type of problem has happened to me 3-4 times. In one case, updates were missed for a month since I hadn't used any of the KAV WKS equipped machines for that period. Given that backdrop, some measure of pure backup could be considered prudent. It's not necessarily a designated AT, just something that is compatible with mainstream AV's. The solution I've implemented on most of the machines I'm responsible for happens to be BOClean, some consider that a designated AT, others don't, but there are other equally suitable approaches available as well.

    Blue
     
Thread Status:
Not open for further replies.