Is TDS-4 a high priority for you?

Discussion in 'Trojan Defence Suite' started by richrf, Jun 4, 2005.

Thread Status:
Not open for further replies.
  1. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    Since I am a licensed user of all of DiamondCS's products, I was thinking about how I would prioritize future product development, so here it goes:

    1) WormGuard: My gut feel is that there are holes in my script/worm defense, and since I am big on shutting down malware before they can start to do anything, I think there is probably lots that can be done to firm up WormGuard into a more modern product with updates that reflext today's OS/Browser vulnerabilities.

    2) ProcessGuard: There have been some enhancements requested, such as restricting child processes that I think would be really good additions to the product. File monitoring would also be nice, but not a high priority for me. What I woudl really like, is a nice User Manual that digests all that we have learned on this forum to help newbies through the initial installation process, and Learning MOde.

    3) TDS-4: Frankly, I feel I am covered with KAV 4.5 and upcoming 6.0 and really am not that interested in TDS-4. I think that pouring more money into a trojan detection is probably going to yield less overall incremental improvement for the dollar spent, than further research in pro-active prevention projects and staying on top of closing operating system holes.

    4) ProcessGuard: Seems to be doing everything I need at the moment, so low priority.

    Well, that's my take on things. Any other comments?

    Rich
     
    Last edited: Jun 4, 2005
  2. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    It will be interesting to see how KAV 6.0 compares to many of the upcoming versions of AT software. It will be interesting to see if there will be added value in any of the future AT products over KAV 6.0.

    I do believe Wormguard will provide added value as there are fewer solutions on the market to providing protections against scripts or worms.

    Just as a aside...it appears to me that most security companies are trying to be a all in one solution. Firewalls are adding anti-virus solutions....anti-virus adding firewalls....AS adding trojans....AT adding spyware and everyone jumping on the heuristic/ids bandwagon.

    I do hope that some security companies remain specialized because as time goes on, I see more and more conflicts between different security programs all trying to do the same thing....become one huge suite.

    I think I will probably stick with companies that emphasize doing one thing extremely well instead of becoming the all in one solution.



    Starrob
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Starrob,

    Yes, I agree. The challenge that all AT developers have, such as DiamondCS, is how to provide added value, over and above what AVs are delivering nowadays. Kasperksy is very solid in all departments and getting better. Other AVs are also adding very strong AT protection.

    While the AT vendors, can position themselves as the "backup AT" to the AV, this is a precarious marketing position. DiamondCS has to figure out how to make TDS-4 a "must have" piece of software. In the past, TDS-3, has had unsurpassed detection and cleaning capabilities, but this is becoming less and less of a differentiator as other ATs (e.g. Ewido) close the gap and AVs take over as the primary detection mechanism.

    The DiamondCS group is a very smart group and hopefully they can come up with more "must have" products that add a new level of security such as ProcessGuard and hopefully an upgraded WormGuard. I am sure there is much that can be done to increase the usability and security in their pro-active security line of products. But another good AT? I dunno. Seems like a might crowded marketspace at this time.

    Cya,
    Rich
     
  4. -.-.-.-.-

    -.-.-.-.- Guest

    "TDS-4: Frankly, I feel I am covered with KAV 4.5 and upcoming 6.0 and really am not that interested in TDS-4."

    I do not how you come to this conclusion. Currently, it seems that KAV offers almost zero protection against many trojans ( http://scheinsicherheit.sc.funpic.de/example.htm ). What's the purpose of detecting tenthousands of trojans if it frequently takes less than a second to make them undetected?

    Even scanners with good heuristics like NOD32 can be relatively easily bypassed and, moreover, the proactive detection in respect of trojans leaves something to be desired: as you can see from the recent AV Comparatives report ( http://www.av-comparatives.org/seiten/ergebnisse/report06.pdf -- the online report is buggy and cannot be correctly viewed with certain browers like Opera) only 28% (550 of 1.976) of the new trojans could be detected.

    This does not necessarily indicate that TDS-4 will be better. But perhaps it will feature certain proactive features like an IDS (as attempted by Emsisoft) or at least a comprehensive memory scanner in combination with relatively safe signatures (as attempted by Ewido).
     
  5. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    I'm wondering if they will go somewhere along the lines of what Giant did, before MS bought it's AS product...that is, make a AT that prevents Trojans installing in the first place...well....one that will compliment PG in any case.

    Also wondering if they'll extend this to make it an AT/AS...considering they are similar sorts of threats.

    I figure this would position it well, as the AS market is quite a big market, and an AT/AS would be much better equiped to prevent & clean trojans/spyware than an AV would be.
     
  6. Pollmaster

    Pollmaster Guest

    My view is that this is probably a dying product. This is an area fully covered by most AV products and several freeware standalone products. The technology is pretty low tech compared to the other products, so it's easily duplicated.

    I doubt Diamond CS would want to put more work into this.

    Probably the least successful of all products in the stable.

    This is a technically superior product , that is as yet unmatched in terms of protecting processes from modification, though competing products are on the horizon. PG does have the advantage of being first to the market

    On the other hand, PG is unlikely to appeal to anyone except for the hardcore computer security hobbyist market, as it's extremely specialised compared to other all in one solutions like anti-hook,safe n sec, antimalware ,SSM, etc which cover more areas (including registry monitoring)

    I do agree that within it's specific area, PG is pretty complete. Extending, execution protection to cover more like proper handling of parent-child processes is something that can be done pretty easily, but that I think it probably the only thing technically wise that PG might improve on.

    Other areas, are similar , mainly minor tweaks on the interface, better display of information, allows more fine tuned rules etc. Doable, but not too expensive to implement.

    The future of this product depends on whether Diamond wants to focus on the niche market or on trying to capture a wider market.

    The later would mean that they should resist attempts from their hardcore niche crowd to make them add geekier and geekier features. As it is, PG is already a pretty daunting product.

    I'm interested to see what TDS-4 will be like. Personally, I think TDS currently occupies the same position in the AT market as KAV in the AV market., Like KAV they have the most complete signatures and rely heavily on signatures.

    Other ATs like Ewido feature superior memory scanning.

    Listed already.
    Well, that's my take on things. Any other comments?
     
  7. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Glad to see this topic here because I was wondering too, with KAV 5 Pro, whether I really need any more backup. So far I have not had the need ever to use any DCS programs because my AV has taken care of everything. I bought them as back up but have never had to use them so I can't say that they are 'must have's'.

    True guys, unless TDS 4 becomes a 'must have' then most will stick with their AV's. AV's like Kaspersky and NOD32 are squeezing these kind of products out of the market unless they can come up with some definite realtime use for them. As a backup it's good to have them on the shelf but so far I can honestly say I've hardly ever had to use them. So I wouldn't miss them if they disappeared. There's just too much protection available on the market already for users to choose from and most of it is excellent.

    Dave
     
  8. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Dave,

    I have similar experiences. With KAV approaching 99% detection rate - even for trojans, there doesn't seem much room for anti-trojan specific products. It makes sense for AVs to cover all of this territory, since they stand at the front-line and are intercepting all of the files in any case.

    I do see a on-going need for "system sentry" products such as WormGuard, ProcessGuard, and RegDefend. A well packaged product can guard against zero-hour attacks which the AVs aren't able to detect with 100% assurance - even with heuristics. The best heuristics (NOD32) can only do about 70% now and I think it will be a long time before heuristics can approach 99% (which is the gold standard). So there is room for a "fail-safe" product line that will guard against all types of intrusions but guarding all major entry points as far upstream as possible.

    I think the market for stacking downstream detection tools one on top of the other (e.g. multiple anti-trojans, spyware, buffer-overflow detection, etc.) will rapidly diminish over time.

    Rich
     
  9. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Rich,

    I belive that over time, because of the massive cost to industry of downtime due to infections, the internet will be 'screened' through a special portal before being passed onto the end user. The ISP will take over spam and AV as well as virus and bug detections and put every security product out of business except those who provide their products to the ISP's. We're looking at the next generation here.
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi worldcitizen,

    What you say makes the most sense, since putting security into these "choke areas", would be most advantageous. I can see it happening over ten years, if the large commercial institutions see it to their benefit. A "secure" network would certainly be a way to differentiate product offerings.

    Rich
     
  11. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    It is already diminishing for me. I am starting to find out that putting too many detection tools on top of each other only slows my computer down while providing maybe only a extremely small protection benefit.

    Starrob
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Starrob,

    Yes, That is also my conclusion. If Kaspersky, for example, is truly providing 99% protection against all malware, then there is very little incremental value in adding other layers of software that are essentially trying to do the same thing. For me, the big incremental benefit is attempting to build a defense against zero-hour attacks (where there are no signatures available yet), or "cloaked malware", that is not on anyone's radar screen yet and can even avoid heuristic detection. Thus, my interest is elsewhere in the "system sentry" camp - e.g. Wormguard and ProcessGuard.

    Rich
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Starrob, you can have as many prevention, detection and scanning tools on your system as you like, but you should not try to run them all together permanently.
    The DiamondCS tools form a very nice layered security with most of the elements covered.
    Now add an AV, a firewall, extra spy/adware scanners, RegDefend, etc.
    You might like to set one of your tools for permanent protection like in NOD32 or KAV, whatever. If you configure that tool to not blocking all access to files alarmed on you give other scanners also a fair chance to detect anything and give their opinion.

    I think if we look at the evolvements in the tools released lately we can expect detection and protection from all possible aspects and all sides.
    If this gives special inspiration for the wishlist please post it there. :cool:
    I like guarding and scanning and other detection with the many network tools and plugins and all the goodies for safe communication, scripting etc., and the bunches of other possibilities which might like toys to play with but can really add to security, especially the scripting.
    Of course we can expect next generation detection.
    But fortunately TDS-3 is still on top of everything (if the whole system is configured well and TDS-3 given a fair chance to access every place) and has a daily growing detection database.

    Add to that the very nice support everywhere, so worth having all those diamondgoodies on our systems.
     
    Last edited: Jun 5, 2005
  14. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    For me, I like Process guard and Regdefend the best because they do what they do without slowing down my computer at any level that I can notice..

    What good is it to run so many security apps that your computer runs like a snail? KAV is ok but KAV alone is too much for some computers and won't let most people run a lot of additional programs so anyone using KAV (unless they have a very fast computer and lots of memory) can not run a lot of other things in addition to KAV.

    I have a interest in wormguard because I am interested in script protection and it does not take up a bunch of memory or slow a computer down (At least from what I heard) but I'll wait on wormguard 4. If Wormguard provides a benefit without making my computer like a snail then I'll use it.

    As for TDS.....I am waiting for TDS-4. TDS-3 does not solve my real-time memory scanner needs. I will have to see if TDS-4 provides a better real-time memory solution or IDS solution (without slowing my computer down) than some of the other solutions out there.

    The key for me is optimum protection without killing my computer speed.


    Starrob


     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The first part is prevention, so you're good starting with ProcessGuard and RegDefend.
    WormGuard will help with the scripts, the exec protection in TDS-3 will block malware from executing and installing on your system.
    Those two function more like a hook so not taking resources till they are coming into action.
    No need to wait for version 4, as you do know registered users are upgraded for free.
    I use Port Explorer all time.
    BTW: you do know you can try out all programs for free for quite some time and get all the free products from the site?

    Lot of optimizum for the computer settings can help for speed :cool:
    There are many tips and sites mentioned in the forums here.
     
    Last edited: Jun 5, 2005
  16. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Building a layered defence, by selecting anti malware products yourself,
    will soon the end of an era.
    This is getting too complicated for the avarage user.
    And even for the insiders it gets more difficult, because it is almost
    impossible to buy a firewall-only firewall or a AV-only Anti Virus.
    So stacking the products yourself creates an overlap, that costs
    System performance and may create conflicts in lots of situations.
    And is more expensive.

    So it is logical that the larger Anti Malware companies are building Secuity Suites that prevent you against all kind of malware (spyware/spam/virii/trojans etc..
    So you don't have to ivent the wheel yourself.
    And they are getting better and better.
    So i do think that at THIS MOMENT an Specific AntiMalware product,
    has no extra value anymore.

    Ewido is (and A2) no Anti Trojan product ONLY, it is an:
    Anti Trojan,Anti Dialer,Anti Worm,Anti Hijacker,Anti Spyware,Anti Keylogger etc.

    Tiny Personal Firewall 2005 Pro is not a Firewall-ONLY
    A firewall,Process protection,Dll-Protection,Registry Protection etc. etc.

    Kaspersky (and NO32) not a AV-only, but detects more Trojans, then the Anti-Trojan-Specific tools do and faster because you find them BEFORE you use a on-demand scan in most cases
    And what is a Trojan or what is Spyware? in the old days,
    the diff. where easy now those are getting more and more overlap.

    The problem of the last years was that there were no good complete suites,
    but this is changing rapidly.

    And i think that you can expect that people are going to buy
    these complete Suites, because stacking Security Products is not their job or Hobby.

    And Microsoft has of course seen, now (after years of wakeup calls from specialists) in the field that System Secuity is a Serious Item!
    (see XP2) and they are buying all kinds of knowledge and companies to work
    on that.
    So perhaps, they will come with a lot of built in solutions in the Next Windows
    version (Longhorn 2007?)
    That will make a lot of Specific Anti-Malware solutions obsolete.
     
  17. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    I think that DiamondCS has an opportunity to build t "System Sentry" suite of products, that would not only augment products like KAV, NOD32, etc., but could potentilally be positioned as a "must have" suite of products to guard against new types of zero-hour attacks. It is difficult to get excited about TDS-4, if it is going to be another anti-trojan package, even if it is best in its class. KAV is already approach 99%, and since it sits higher on the totem poll, it will be the more "must have" product when it comes to AT protection.

    Rich
     
  18. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    I remember growing up as a kid in the late 70's, the prevailing thought was that the United States was going to convert to the "metric system", and that temperature would soon be measured in celsius as opposed to fahrenheit. Never happened.

    I'm not saying that "the trend" of which tuatara speaks might not continue to evolve, but I doubt that it will eventually become a "suites only" approach leaving consumers with no other or little choice. From a costs standpoint, that would likely become too expensive for many consumers, who would then look to turn to less expensive alternatives. And there are always freeware products that many will use as an alternative to the higher priced "suites". People will always look for "specific apps", and avoid packages which contains items and products that they do not want.

    I agree that it is becoming far too technically advanced for most average PC users and novices, and that is where simplicity should play a major factor. Sometimes, I think software vendors get a little too "geeked up" to impress people.....including their competition....with their superior knowledge of the business. While that probably impresses the more technically advanced and savvy PC users, it alienates a lot of "average" users. Programs that are not only effective at what they do, but that come in an easy to use and easy to understand format are what many will want to turn to. And those type of apps can be found as freeware in many cases, and in turn, a lot of users might opt for "free" as opposed to "advanced". And I shouldn't really knock the freebie items out there, because many, many that are just as (if not more so) effective and reliable as their pay counterparts.
     
  19. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Yeah, I think the days of combining many products will soon be over. I think things will more and more start to become a either this suite or that suite type of thing simply because even if the different suites don't conflict with each other, it will start to become too much to run many of them at the same time which will slow down the system to a standstill.

    So...what I am looking for is the best of breed products....there are a few that I think might hang around for awhile and the rest will fade away.

    I think that is why the whose products are best discussions have become so contentious. Both the developers and some end users of some products don't want to be the odd man out when the security industry begins to consolidate.....some don't want to see their favorite products fade away.

    As for me, I don't care so much for all the propoganda....I am simply looking for best of breed....that is why I sample a lot of products and learn to seperate fact from fiction.....I really don't care who fades away because I simply want to be left with the best of breed.....





    Starrob
     
  20. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Talking of suites...probably won't ever happen in the near future, but could you imagine if PG/RD was integrated into an AT/AS ? TDS-5 ??
     
  21. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,042
    and how about this integrated into the OS ? :eek: :eek: but then we are talking MS ;)
     
  22. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Forget it. That would keep MS from doing its own funny business. ;)

    Rich
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    No, years ago it was decided already there will be no Waynedows.
    Working on the DiamondCS Security Suite is enough for the moment.
     
  24. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Jooske,

    Is there a way I can get TDS 3 to start up when I boot without going through all the tests so I can have the protection running automatically when my PC starts? I don't want to have to start it up manually everytime and I don't want other users on my PC manually starting it. I just want the protection to start up for both me and especially other users without any intervention. Is that at all possible? What is your suggestion Jooske regardning how to set this up if it's possible? I'm running PG, WG and PE and have TDS 3 installed.

    Regards

    Dave
     
  25. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Dave,

    The options you are looking for are listed under the Configuration button. Just click on that button, uncheck all of the boxes on Startup Scanning, and check the Yes box for Run at Windows Startup.

    Rich
     
Thread Status:
Not open for further replies.