Is the need for a dedicated anti-trojan dead

Discussion in 'other anti-trojan software' started by Threedog, Feb 8, 2008.

Thread Status:
Not open for further replies.
  1. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    With most antivirus and antispyware products detecting Trojans, is there a need to be running a separate Trojan app any more?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I would say yes. Theres few dedicated anti-trojans left and the current anti-spywares and anti-viruses are very capable of handling trojans.

    Plus theres also non-blacklist methods of handling (any) malware.
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I would have to agree with WSFuser.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi.

    Count me too.

    But I like to know what are those dedicated AT apps , if any.
     
  5. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Actually you mean No!

    You don't believe there is a need for any dedicated anti-trojan because you believe....

    1) Antispyware and anti-viruses are very capable of dealing with trojans
    2) non-blacklist methods can handle trojans

    and even if 1 + 2 does not hold there are very few anti-trojans around anyway to use...
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Unless WFSuser's answer was referring to the thread title.
    At least that's the way I took it.
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    BOClean (its anti-malware but I always remember it as an anti-trojan from when it was a paid app)
    TrojanHunter
    The Cleaner
    Correct. I was answering the title.
     
  8. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Some of the very best what used to be AV programmes that have become "suites" that purport to deal with Trojans only do so at a so-so level hence the (for now) continued need for anti-Trojan programmes. One day the "suites" will probably become more competant to be as good at anti-Trojan as they currently are as anti-virus.
     
  9. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    The only one I ever used was Boclean and there were times when it nabbed onto something that the AV didn't. But lately either my av or SAS will grab it before Boclean ever reacts. I have been thinking on going without an AT but was wondering what the general consensus around here is on it.
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I say no, if you have the right AV.;)
     
  11. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    I agree with you trjam
     
  12. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Me too.
    Jerry
     
  13. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    Perhaps, non-signature based HISP or Behaviour Blocker can do a better job in catching trojans. My thinking are follows:

    Trojans work like sleeping cells. Stay domain until getting a marching order to launch a strike. Abnormal behaviours coupled with alterations in registry etc should alert HIPS and Behaviour Blocker to react and act accordingly. Correct me if not so right.

    Take care.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    no you are right perman. That is why I use a AV that has Hips included.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    There is no alternative whatsoever to whitelist apps for the future because garbage makers will always play and revel in the publicity and/or revenue they'll reap for their clever crafts.

    It boils down to sandboxing/virtulaization + HIPS for any real prevention since HIPS overtake critical system functions ahead of the malware approaches and those others promptly evict their presence after reboot.

    At least thats how i view it.
     
  16. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Yep... I think HIPS and a sandbox are the best combination currently as they actually work one as the primary line of defense the other as a fail safe.
     
  17. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    I run AVH AM - which is the AV and AS combined. As an AT, I believe AVG AS is up there at the top, so I wouldny bother installing a dedicated AT (not many about - Trojanhunter and the Cleaner I think - the rese cover more than trojans)

    I run SAS pro for redundancy. Also have Unhack me for rootkits.
     
  18. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    We oldies remember the days, when we could build a layered defence
    of a anti trojan ony, a firewall only and a antivirus only. etc.

    But these days are gone, not one recent test shows that a anti trojan only can find just as much trojans then any top 10 antivirus does.
    In fact they find less, and will never participate in such tests.

    What would you use besides this anti trojan only?
    A antivirus that is unable to find trojans o_O You need to buy an antivirus anyway.

    It is perhaps i nice gadget for people who want to run this for testing purposes of their hobby.
    The ending of TDS-3 and the fact that boclean is for free now, is proof to me
    that antitrojan-only's are end of life.

    of course there were cases that such a program could find a trojan which other products could not find.
    But it would be nice if they would agreed to be tested in lets say, av-comparatives together with the antivirusses to see how they perform on Trojans.
     
  19. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Yes.

    I agree with you Tuatara. :thumb:

    (For the record I am an XBoClean user). Nancy and/or Kevin even admitted that AV are now much better at catching trojans.
     
  20. Judge Dee

    Judge Dee Guest

    What would be the reason for this?
    More staff? More money?
     
  21. Judge Dee

    Judge Dee Guest

    I guess I'll ask the question again, with another question.
    Is it true that AVs are better than ATs in catching trojans?
    If so, why?

    Regards
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yes, it's true.
    Because trojans/backdoors/spambots blended with ad/spyware/keyloggers and hidden by rootkits are by far the most prevalent kind of malware nowadays. File infectors, macro viruses, script malware, network worms are almost a rarity currently.
     
  23. Judge Dee

    Judge Dee Guest

    Thanks lucas1985.
    I guess I had no idea they were getting so unbelievably sophisticated.

    Regards
     
  24. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Trojans evolved from "simple" RATs like Netbus and Back Orifice to sophisticated momey-making ad-clickers, spambots, IRC bots, password-stealers (PSW) trojans, keyloggers and rootkits.
     
  25. controler

    controler Guest

    This is getting to be a long thread of opinions.

    I am currious to know if any of you have tried real maleware in a test with
    an AV compared to an AT?

    If so which ones? and did you have your AV turned off while testing the AT?

    Isn't Boclean still being developed viz comodo?

    controler
     
Thread Status:
Not open for further replies.