Just a headup that many others are catching up.

Discussion in 'Trojan Defence Suite' started by tempnexus, Mar 6, 2005.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    Currently over the past 3 weeks, my TH has picked up few strains that TDS-3 missed. (of course I"ve sent it to TDS) but that's not the point. The point is that TDS-3 is now an ancient pieace of software and many others have cought up or surpassed it's detection. A few years back TDS3 was virutally the sole AT (along with BoClean, but TDS was the sole scanner AT) that could detect most of the newest threat, but not now. :(
    So whatever you are doing and whatever takes so long, please take a note that the threats have evolved and we need a solution to fight it. (Most of the newest threats are now in form of really abnoxious spyware that later downloads remote controll trojans so we need to kill the first in order to prevent the second). We need TDS-4 and it's supposed super improvements. (yes I do have PG but in reality nothing beats a nice new scanner since even with PG we can make mistakes and allow things to load that we didnt want). (Not every decision is a smart decision, afterall we are just humans).

    Please release TDS-4 any time within the next year. :)
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there, which nasties did you find and what did DCS lab tell you they were, did you also test them for instance with Kaspersky or Jotty's online filescanner? Where they trojans and how were they scanned?
    And of course: did you close all scanners completely with all resident protection to give TDS full access to all the files?
     
  3. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Please release TDS-4 any time within the next year. :)[/QUOTE]
    hmmmm .
     
  4. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    Yes I did close all other progy's. I scanned it in SafeMode. (they were ID are infector and ILookUp).

    Yes I said within the next year since for the past 2.5 years it's been said that it will be "released soon". So now I am hopeing that it will get here by next year.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    It is a shame to say but true - No scanner of any type catches all and I doubt they ever will. That is why Wilders recommends a layered defence, no current security tools are 100% and never will be.
    Personally I hate scanners, I have AV, AT & AS scanners and I do not want any of them as I prefer prevention rather than cure. Getting yousrself infected with those items, if not intentional, was probably due to a hole in your security procedures, this is not a criticism but a fact of life to most users.
    So review your security requirements regularly, be objective and take whatever measures you can to PREVENT a re-occurrance.

    No offence intended. Pilli :)
     
  6. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Hi,

    I think the purpose of the thread was to highlight that the other ATs are catching up, not that one must have a layered approach for improved security or that AT's will never catch everything. But this makes a good set-up for an argument which will never be put to rest until TDS-4 is out.

    What is missing to really be objective about this is a AT test. I have seen a few highlighting how ewido combined with various AV solutions would improve detection rates, but not comparing the better known AT - ewido, TDS, TH and ... KAV!.

    No offence intended, 'K.
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I did not think it was a race? :) Competition is a healthy thing that, hopefully, drives all the AV AT etc. companies forward.
    If you do not think that a layered defence is part of this topic then I believe you may have failed to take account of the bigger picture. No single AT, AT or AS is foolproof so logic says use more than one to double check. To stop possible conflicts then you would use one resident and one on demand.

    You are correct in saying that there is no recent AT tests with any meaningful results.

    DCS has always stated that TDS3 should be used with a good AV and I am sure that TDS4 will be the same in that regard.

    TDS3 comes with a lot of other tools that you may or may not find of value but I guess most TDS3 users would call them added value.

    Cheers. Pilli
     
  8. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Comparing scanners just by using one or even dozens of trojans is far too incomprehensive, you need thousands - ideally tens of thousands, and you'll get a pretty clear image then - this really is the only solid way you can get a reasonably accurate indication about how each scanner performs. However if you don't have a trojan archive of that size (and who'd blame you ... :)) you can get a good idea by comparing the list of detected trojans from each scanner, although be aware that some families of trojans/worms etc are sometimes covered by just one name entry, whereas another scanner might use a name for each variant. Another comparison can be made by watching each day how many new detections are added to the database of each scanner, and obviously the more days you do this the better overall picture you'll get, just as you get a better overall picture when you use a larger testbed of trojans. However, this method also has the same shortfall in that database counts are calculated differently from one scanner to the next. So again if you want a more accurate picture of how each scanner is performing then you really need the largest testbed you can put together.

    Having said that, there's never room for complacency when it comes to scanners of any kind and there's always room for improvement, and we look forward to showing you some of the improvements we've made soon :)
     
  9. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    Yes I know about layers, that is why I infect my VM enviroment which is running all the protection.
    I take a new strain I find. Then I run one instance with just TDS-3 and infect it. Then I see how badly it gets nuked and if at all. Afterthat I UNDO it. Then I run the same with just TH, or just KAV, Nod32, BoClea, Tuscan etc...
    All I am saying that in the past it was very very very rare that other AT (Except BO) cought anything without TDS-3 catching it first. But nowdays over the past few months I find that TDS-3 is getting less accurate and/or other AT are getting a lot better at their job (which is a good thing to see). (esp when it comes to othermalware that walks a thin line like spyware/trojans).
    All I am saying is that I am a concerned customer and I do not want to see TDS fall from grace. In the past TH was a scaner that could not hold a candle to TDS-3, it's defs files were lacking, it's scanning speed was slow and it was high on resources. But currently TH has cought up so much that in many instances it's on the par or sometimes better then TDS3. This just goes to show that over the years others have evolved while TDS3 stayed the same. It's been a quite a few years and I think that we do need an update. Afterall TDS-4 is a product and not a religion :) so a faith based promise of release is getting old. :)

    P.S.
    I know the tools of TDS-3 and I do use them. But in the end it all boils down to detection.

    P.S.S
    I am a loyal DCS customer, I have PG, TDS and Port Explorer. Hence, I am concerned. Any other customer would say...screw this, and would move on to others.
     
  10. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    I understand your concerns which are quite natural, but again you seem to be comparing two scanners based on a very small number of trojans; you may as well flip a coin! If you compare how many signatures we add every day, as well as the size of our database - the largest of all AT databases, as well as our long history (back in the beginning it was just TDS and BOClean), you'll find it pretty hard to find anything that compares. Just compare the list of trojan names to start with, but like I said you really can't get a reasonably accurate picture of the performance of scanners without a large testbed of trojans, but some people have done such tests and TDS has always returned extremely good results. Also be aware that some scanners which are more susceptible to false positives than others may give you the impression that they're outperforming other scanners when in fact they're actually making an error.

    You must realise though that it's the databases and scan engine that determine whether or not a trojan can be detected, not the scan program itself (which is more or less just a user interface that tells the engine to go to work) - if a trojan isn't detected then it's simply because it's not in the database. Send the trojan to the vendor and they'll add it to their database. Every vendor has samples that other vendors don't have. The databases themselves contain code so although the user interface of TDS3 hasnt changed, the scan databases and scan engines can/do change. Also its worth noting that TDS was the first anti-trojan scanner to have daily database updates, the first anti-trojan to take on-board a fulltime analyst and that was back in the 90s (as opposed to the programmer doing everything from development to sales to support to trojan analysis and detection, which is still how it is for nearly all other AT vendors), and TDS is still really the only scanner that also utilises non-conventional detection techniques (such as mutex detection, memory object detection, file trace detection, registry trace detection and so on) in order to detect trojans from more than one angle, effectively providing for a multi-layer scan, so you don't just detect trojans - you detect them as comprehensively as possible, making it as hard as possible for the trojan to bypass detection. We're very proud of our history of always being several steps ahead (if we weren't I wouldn't bother writing!), including in the development of new detection techniques and engine refinements, and we're not going to let that slip in a hurry or get complacent. You said you have a TDS license so you'll be able to get that upgraded to a TDS4 license for free (even though TDS4 is a complete rewrite - a brand new program), so you'll soon be able to get an even clearer picture of just how far ahead TDS really is.
     
    Last edited: Mar 7, 2005
  11. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    do you mind to give us some details Gavin?


    Thanx
     
  12. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Wayne,
    I must give you credit. You've been perfectly consistant in your responses to inquiries into the release of TDS-4. You maintain that TDS-3 is both adequate and competative, which I believe to be true. However, you consistantly miss the boat when it comes to identifying the real issue. What people are upset about when they raise this issue has little to do with the quality of TDS-3. They are really upset about the lack of communication. A while back you took a step towards improving communication by hinting at a release time frame. This time frame has long since past, but you warned that the apprehension to giving a release date was due to the fact that development was going on in undocumented areas and that the time frame was unpredictable. Therefore, not meeting this time frame is perfectly reasonable. I've said it before and I'll say it again, a lot of the frustration could be avoided with better communication. Simply let us know a revised expected release date and many will be happy. Continue restricting information flow to your customers and you will continue to struggle with this issue.
     
  13. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Hi dallen,

    Take a look at this post, Wayne said on the 11th of February "2-4 month" :) So it will be between mid april to mid june.

    https://www.wilderssecurity.com/showthread.php?t=65895
     
  14. FanJ

    FanJ Guest

    Hi,

    Let me, as one of the very first members of the DCS private forum (LOL, I think I was member #7 way back in those years), make one thing absolutely clear:

    I have the greatest trust in DiamondCS !!!
    I know those guys a little bit ;)
    They know what they're doing !
    TDS-4 will come when they think it is ready.
    I am absolutely happy with my TDS-3 !
    I love it :p

    Please forgive me:
    I get so sick of all those postings time after time "when comes TDS-4....".

    It comes when it comes, period !

    Jan (stepping down of his soap-box ;) ).
     
  15. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Antarctica,
    Thank you...I misssed that. Maybe it should be placed where it is easier to see, not buried in some posting. After all, the goal is improved communications with customers and potential customers.

    Wayne - DiamondCS,
    Last time, I missed out on the opportunity to make a bet with you. You offerred and I failed to reply in time. I would like to ensure that it doesn't happen again. I bet that TDS-4 won't be out by July 1, 2005. Maybe the wager can be a copy of Trojan Huntero_O

    Jan,
    With all do respect...you hit the nail on the head when you raised the issue of trust. There are some people, apparantly like yourself that have trust in DiamondCS and are content waiting indefinately for TDS-4 (a product that you were not promised when purchasing TDS-1), and there are others, like myself, that feel that TDS-4 was part of the purchase when we bought TDS-3 going on 2 years ago. Granted there was no promised release date, but it was strongly implied on the website that it would be released in 2004. Now, DiamondCS will give a million reasons (all are real, legit reasons) for why the product hasn't been released. However, some of us are feeling that trust is an issue.
     
    Last edited: Mar 7, 2005
  16. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159

    Dude....why the MBA in your sig? Didn't anyone tell you MBA's are a dime a dozen?
     
  17. couldbe

    couldbe Registered Member

    Joined:
    Dec 22, 2003
    Posts:
    34
    Kegel

    "
    Dude....why the MBA in your sig? Didn't anyone tell you MBA's are a dime a dozen? "

    what's your problem and why air it here
    second thoughts don't reply I'm not really interested

    couldbe
     
  18. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    couldbe,
    Thank you.
    Kegel,
    Please don't ruin a perfectly good thread by making personal remarks that are unrelated. That turns into flaming, which ends up getting threads closed. I know that your intentions were not to get this thread closed and I doubt that your desire was to upset anyone because I read many of your other postings and you don't seem to do that kind of thing. How's RegDefend? I've been thinking of looking into it. Also, you should take another look at Firefox. I thought as you initially, but a closer look caused me to rethink.
    If you must know, I put it there so that people will think I'm smart. However, it doesn't work because ultimately they end up discovering otherwise when they read my postings.
    By the way, it would take a lot of dimes to buy the average M.B.A. from Krannert, as the average starting salary is around $86,000. Of course that does me no good as I will be entering law school in the fall. So my salary will remain negative.
     
    Last edited: Mar 7, 2005
  19. FanJ

    FanJ Guest

    Hi,

    My own posting might have been a bit strong (although I said I was on my soap-box ;) ).
    But I also would like to make clear that it wasn't my intention to hurt someone.

    That being said, I too would like to ask to respect each other.
    We might not always agree on some topics, that's OK; but I fully agree with Dallen and Couldbe: let us all have respect for each other.

    Thanks !
    Warm regards, Jan.
     
  20. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Dallen,
    Customer communication is very important to us and its an area we're proud to say that we receive very few complaints in. Again it's not something that any business can ever get complacent about, and a reflection of this is that we have two forums (this one here at Wilders and also one at DiamondCS) and have provided free email support to everyone since the mid-90s. If you have a question just ask and we'll try our best to answer it for you, in our own time, at our own expense, so we're not stopping anybody from communicating with us, and even before you stepped into this thread I'd made two comprehensive posts in reply to the thread starter.

    However, Dallen, the only questions you ask (or rather suggestions) are about our upcoming software that we haven't even released yet, and as with any author we have every right to say as much or as little, or even nothing about it until its release. Other than quenching your personal curiosity and wasting our time nothing is achieved, it is not much different than any upcoming novel or film, and whenever we do say anything about it you turn it against us anyway.

    You've shown in the past that we're damned if we do and damned if we don't - if we say nothing then you have a go at us about lack of communication, yet at the same time if we do provide any information such as a rough estimate of a possible release date then if we are ever unable to meet that then you turn our words against us and have another go.

    And all this even though you know you won't be paying a cent for what is a completely new program.

    Anyway Dallen this is just wasting more development time .. again .. and as you've said your piece twice I'll close this thread so we can all go and do something productive. As for your wager you'll have to find somebody else to play your little games.
     
    Last edited: Mar 7, 2005
Thread Status:
Not open for further replies.