Is the need for a dedicated anti-trojan dead

With most antivirus and antispyware products detecting Trojans, is there a need to be running a separate Trojan app any more?

 

I would say yes. Theres few dedicated anti-trojans left and the current anti-spywares and anti-viruses are very capable of handling trojans.

Plus theres also non-blacklist methods of handling (any) malware.

 

I would have to agree with WSFuser.

 

Hi.

Count me too.

But I like to know what are those dedicated AT apps , if any.

 

Actually you mean No!

You don't believe there is a need for any dedicated anti-trojan because you believe....

1) Antispyware and anti-viruses are very capable of dealing with trojans
2) non-blacklist methods can handle trojans

and even if 1 + 2 does not hold there are very few anti-trojans around anyway to use...

 

Unless WFSuser's answer was referring to the thread title.
At least that's the way I took it.

 

BOClean (its anti-malware but I always remember it as an anti-trojan from when it was a paid app)
TrojanHunter
The Cleaner

Correct. I was answering the title.

 

Some of the very best what used to be AV programmes that have become "suites" that purport to deal with Trojans only do so at a so-so level hence the (for now) continued need for anti-Trojan programmes. One day the "suites" will probably become more competant to be as good at anti-Trojan as they currently are as anti-virus.

 

The only one I ever used was Boclean and there were times when it nabbed onto something that the AV didn't. But lately either my av or SAS will grab it before Boclean ever reacts. I have been thinking on going without an AT but was wondering what the general consensus around here is on it.

 

I say no, if you have the right AV.

 

I agree with you trjam

 

Me too.
Jerry

 

Hi,

Perhaps, non-signature based HISP or Behaviour Blocker can do a better job in catching trojans. My thinking are follows:

Trojans work like sleeping cells. Stay domain until getting a marching order to launch a strike. Abnormal behaviours coupled with alterations in registry etc should alert HIPS and Behaviour Blocker to react and act accordingly. Correct me if not so right.

Take care.

 

no you are right perman. That is why I use a AV that has Hips included.

 

There is no alternative whatsoever to whitelist apps for the future because garbage makers will always play and revel in the publicity and/or revenue they'll reap for their clever crafts.

It boils down to sandboxing/virtulaization + HIPS for any real prevention since HIPS overtake critical system functions ahead of the malware approaches and those others promptly evict their presence after reboot.

At least thats how i view it.

 

Yep... I think HIPS and a sandbox are the best combination currently as they actually work one as the primary line of defense the other as a fail safe.

 

I run AVH AM - which is the AV and AS combined. As an AT, I believe AVG AS is up there at the top, so I wouldny bother installing a dedicated AT (not many about - Trojanhunter and the Cleaner I think - the rese cover more than trojans)

I run SAS pro for redundancy. Also have Unhack me for rootkits.

 

We oldies remember the days, when we could build a layered defence
of a anti trojan ony, a firewall only and a antivirus only. etc.

But these days are gone, not one recent test shows that a anti trojan only can find just as much trojans then any top 10 antivirus does.
In fact they find less, and will never participate in such tests.

What would you use besides this anti trojan only?
A antivirus that is unable to find trojans You need to buy an antivirus anyway.

It is perhaps i nice gadget for people who want to run this for testing purposes of their hobby.
The ending of TDS-3 and the fact that boclean is for free now, is proof to me
that antitrojan-only's are end of life.

of course there were cases that such a program could find a trojan which other products could not find.
But it would be nice if they would agreed to be tested in lets say, av-comparatives together with the antivirusses to see how they perform on Trojans.

 

Yes.

I agree with you Tuatara.

(For the record I am an XBoClean user). Nancy and/or Kevin even admitted that AV are now much better at catching trojans.

 

What would be the reason for this?
More staff? More money?

 

I guess I'll ask the question again, with another question.
Is it true that AVs are better than ATs in catching trojans?
If so, why?

Regards

 

Yes, it's true.

Because trojans/backdoors/spambots blended with ad/spyware/keyloggers and hidden by rootkits are by far the most prevalent kind of malware nowadays. File infectors, macro viruses, script malware, network worms are almost a rarity currently.

 

Thanks lucas1985.
I guess I had no idea they were getting so unbelievably sophisticated.

Regards

 

Trojans evolved from "simple" RATs like Netbus and Back Orifice to sophisticated momey-making ad-clickers, spambots, IRC bots, password-stealers (PSW) trojans, keyloggers and rootkits.

 

This is getting to be a long thread of opinions.

I am currious to know if any of you have tried real maleware in a test with
an AV compared to an AT?

If so which ones? and did you have your AV turned off while testing the AT?

Isn't Boclean still being developed viz comodo?

controler