Is an AT Really Needed?

Discussion in 'other anti-trojan software' started by JerryM, Mar 10, 2006.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Reviewing the tests conducted by AV Comparatives, some AVs have a 99+% detection rate of trojans. If one uses one of those AVs what does an AT do but take up space?

    I realize that Ewido at least does well at ferreting out spyware in addition to trojans. I once had a trojan attempt, and BD caught it and got rid of it before Ewido. I understand that the AV should detect it first, and the AT would be a back-up.

    I have a 'lifetime" subscription to Ewido, but if I did not, I think that a good AV with a high detection rate of trojans makes the AT obsolete.

    What do those of you with expertise in the security area think and recommend?

    Thanks,
    Jerryo_O
     
  2. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    No it it not, at least, according to my opinion.

    Most good paid antiviruses (Kaspersky, NOD32, Symantec) and even the free ones (especially AntiVir and avast!) detect more trojans then even specialist anti-trojans. With a good antivirus you should be well recovered from trojans.
     
  3. Jaws

    Jaws Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    210
    Hi Jerry,

    Ah, you just made the AT industry cringe with your post.

    While I'm far from being an expert, here's a thread from last summer you may - or may not - find interesting on the value proposition of ATs.
    https://www.wilderssecurity.com/showthread.php?t=88736

    Regards,
    Jaws
     
  4. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi Jaws,
    Interesting thread. While I do not know enough to make any kind of technical argument and examination of tests that are considered reputable indicates that the top AVs do the job of detecting and deleting trojans.

    I cannot argue with the layering principle.

    Firefighter ran some tests in March 05 in which he compared detection rates of AVs alone and then with an AT in combination.
    Some were helped, and some were not. For instance, BD 7.2 Free alone detected 80.3% of trojan like Malware. With Ewido it detected 96.5%.
    ON the other hand, eScan free alone detected 96.5% and with Ewido 99.1.

    Today AVC tests show KAV alone at over 99%. I think that today BD needs an AT to get to the top, but KAV does not.
    So I conclude that by choosing the right AV an AT is unnecessary.

    Jerry
     
  5. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Well, look at it this way. Over the past couple of years AV vendors have gotten a lot better at trojan detection...pretty much why Diamondcs stopped offering TDS-3. But you still need an AT as a good backup. If you use adaware, spybod S&D, and a program like windows defender (all freeware)then you should be ok. Running online virus scans like bitdefender AND kaspersky is a surefire way to get rid of trojans.
     
  6. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    One more thing, ALWAYS keep teatimer enabled in Spybot S&D. It is probably the best feature of the program. Any registry change that is detected will be picked up by this. Trojans need to create a registry string in order to execute each time your computer is restarted. Spybot can prevent this.
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Unfortunately Spybot is not compatible with Bit Defender. That is my current AV.

    Jerry
     
  8. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    What do you mean by not compatible? I use both and they work excellent together.
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    That is what BD says. They recommended that I remove it, and their read me txt says so.
    I used it with BD for over a year, and had no problems. I did not know they said it was not compatible with BD. However, with the recent problems, and I acknowledge I had too much on the machine although I fail to see why those that are only on-demand interfere, BD indicated I should remove most of the programs that I had used for awhile with no problems.

    Those are listed on one of the earlier posts.

    So that's all I know about it. I uninstalled it and have only kept Ewido and Spy Sweeper of the apps they recommended be removed. I did not use Tea Timer anyway.

    Jerry
     
  10. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    I don't understand what would cause BD to interfere with spybot....it might be spybot picking up something that classified a BD file as spyware...but I doubt it.
     
  11. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    It could be that bitdefender detects changes in the registry the same way spybot does...but for me this hasn't caused a problem whatsoever.
     
  12. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    FWIW, an AT is probably lot better at cleaning trojans than an AV because it is designed specifically for that. Also an AT usually does realtime memory scanning better than an AV, and an AT in the manual scanner looks for other signs of trojans, in the registry, in open ports, and in the ADS streams, etc. -- not just in matching file signatures. HTH .. ;)
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks to you both.
    Although I had rather learn the easy way, the "school of hard knocks" does get the point across faster sometimes.

    The comparison you made Randy makes sense. It is probably to have both if they do not conflict.

    Jerry
     
  14. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    It's the AV's scanning engine that makes the difference. The scanning engines of kaspersky, BD, and nod will be enough.....without a doubt...but there is no need to pay for an AT program....A-squared is free and it does a fine job of detecting trojans missed by the above 3...but I doubt the above 3 will miss a trojan!
     
  15. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    I would be interested to see factual data to back up this opinion. ;)
     
  16. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    well...lets look at Vbulletin. All 3 Av's pass with flying colors. Why? Because
    of their scanning engines...yes signatures count as well
     
  17. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    And also how quickly they come out with those signatures for Trojans... although the AVs are getting better... just the same I'll stick with my layered protection. An AT should be obtained if one has the funds to do it... AND THAT IS MY OPINION! ;)

    EDIT: Don't know how I missed it the first read, but I just saw a another good opinion see post by RANDY BELL
     
  18. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    if funds are of concern...a good AV which has excellent AT properties is
    Antivir: http://www.avira.com/
     
  19. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    LOL Teatimer is a joke anyway.
     
  20. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    glad you find it funny
     
  21. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    I would say absolutely YES !

    Why, because most people can't run more than one AV at the same time. And even though some are better than others at Trojan detection, no AV etc catches everything. But you can run an AV and AT full time together, as i do. So this greatly increases your chances of protection across a wider range of nasties.

    If you choose an AT that excells in memory protection, and jumping in just as soon as possible before any nasty can do it's deeds, and works in more intelligent ways than others as well, then that's another bonus. The only one that i've found that does all this, and is as light as a feather too, is BOClean, which is what i'm using very happily.

    StevieO
     
  22. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Oh no it won't! :(

    TeaTimer will only pick up on Reg changes to those keys it is protecting, and there are relatively very few of those. Have a look at the comparison chart in this thread:-

    https://www.wilderssecurity.com/showthread.php?t=32823

    There are an awful lot of places in the Registry a trojan can get started from that are not covered by TeaTimer.

    Good AVs are virtually lethal at picking up known trojans as they are written to HD, but they are not so good at picking up all the debris if it gets on your system. An AT would be a useful adjunct for this purpose. Have a look at this thread to see how much junk can be missed by the various scanners:-

    http://spywarewarrior.com/viewtopic...&start=0&sid=6ccd8bee78d3977d590a9f10c788ef39

    Another thing I like about an AT is you can leave it running realtime while you carry out certain tasks that you need to disable your AV for (installing, defragging, using another scanner etc); more than once I have stupidly gone online having forgotten to reactivate my AV - so I'm glad that at least the AT was running.o_O
     
  23. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    But if you install a rootkit, and/or a RAT, it's too late by the time you get around to running an online scanner.
     
  24. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I'm not sure one way or the other. I know people love to yada on and on about "layering", but ATs do tend to eat lots of CPU. It isn't like there isn't a real trade-off to running another real-time scanner.

    I've found a couple trojans that KAV 5.0 didn't detect (without trying--I'm not talking about going to some known-trojan site, or "lab" samples, as Eset likes to call them. These were real, live, in-the-wild trojans). I don't know if an AT would have detected them (I didn't run one at the time, and I'm still not sure I want to).

    I'm currently playing with BOClean, and using it with NOD32. But when I dump NOD32 for KAV, I most likely will not be running any additional AT.
     
  25. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Unless they use one of the non-registry startup methods, like Win2K/XP/2K3's startup script method, or startup shortcuts.
     
Thread Status:
Not open for further replies.