Discussion in 'other anti-trojan software' started by random, Aug 13, 2004.
does anyone have a good list of anti-trojan software that one should have installed?
TDS-3, Boclean are two of most popular. TDS-3 has it's own sub forum on this site. There is also Trojan Hunter, Ewido and A Squared.
Lists of Antitrojan software here;
Free Antitrojan programs include Ewido and A Squared, (there are also paid versions) while the 3 big commercial scanners are BOClean, TDS-3 and TrojanHunter, all highly recommended.
is anti-trojan biased?
i mean i'm not doubting what they do but i'm wondering if they get paid for listing the software
anti-trojans list of software looks pretty thin for an anti-trojan site and the review they gave for digital patrol makes me wonder the way they review software and pick them
Well you could just go with Kaspersky AV. It has Trojan detection on par with most of the AT apps and protects you from viruses, worms, malware, riskware, dialers and a few other things I'm sure we don't even know about.
Ewido seems to have great potential. www.ewido.net However it's still going through growing pains and I wouldn't recommend buying it just yet unless you enjoy paying full price for software that isn't quite there yet.
A2, PestPatrol, Boclean, TDS3 are others that might be worth looking into.
Rather than posting a general question like this, it's best to run a search because 99.99% of the time this topic has already been covered.
I wouldn't recommend Pest Patrol, the False positive king, to anyone, the others are ok. Also good to know, A2 & Ewido are free, the others will cost you a few bucks.
I have to agree with timewarp about pest patrol .To many false positives.
AFAIK, there are only four ATs which feature a real memory scanner. If an AT does not have a memory scanner it will most likely perform worse than Kaspersky or McAfee. Therefore, if you want to use a separate AT in addition to your AV you should check out:
BOClean (process mem scan, apparently no DLL mem scan, resident guard)
ewido security suite plus (process + DLL mem scan, resident guard does not support mem scanning)
TDS-3 (process mem scan, heuristics, but no DLL mem scanner, quasi-resident guard does not support mem scanning)
Trojan Hunter (process + DLL mem scan, resident guard)
guess those four are pretty goot anti trojan software
they keep on popping up in everybodys mind
I believe ewido plus has heuristics.
Why do you believe so?
According to ewido ...
" plus-version Realtime monitoring of the entire system with a guard working at kernel layer
plus-version Memoryscan detects active threats
plus-version Self-protection guarantees gapless monitoring
plus-version Scan inside archives
plus-version Secure detection and deletion of DLL-Trojans
plus-version Generic Hijacker protection
Daily database updates
Patch proof by using strong signatures
Analysis tools (startup, connections and processes)
Generic crypter detection through emulation
Generic binder detection
Quarantine for suspicious files"
... there are no heuristics in respect of Trojans. There is merely a generic hijacker protection. In addition, I have never seen ess plus generically detecting a trojan. Have you?
Btw.: I am not a native speaker. Do say "there are no heuristics" or "there is no heuristics"? I am confused because it says heuristics and not heuristic. In Germany, we say Heuristik (singular). I would be grateful if someone could tell me how to properly use the English expression.
I'm thinking back to the web page when they launched the free version a couple months ago... I specifically remember they had heuristic detection of trojans and malware on the list. Haven't seen the latest and greatest product page.
Dunno maybe they were equating generic detection to heuristics. Other thing to consider is that ewido they might not have been able to implement all the features they had on that page and stay on schedule.
Fish can speak more to this as he's from Ewido.
"There are no heuristics" is the appropriate phrase if there is more than 1. "There is no heuristic" if it's singular.
The current version hasn't got heuristic detection yet, but as soon as detection and speed is good enough and the guard stable/reworked, it'll be included.
I do not remember the old ewido webpage talking about heuristics. Moreover, I have never seen ewido generically detecting a trojan. Old free version was using approx. three cumulative signatures for detection. New version uses alternative signatures (which is much better). See here ( http://www.rokop-security.de/board/index.php?showtopic=4405 ) for a more detailed discussion in German.
I believe that the future of AT software (if any) lies with generic detection of trojans. Microsoft claims that their future AV scanner will generically detect trojans. (For this reason they have acquired Pelican.)
Generic detection of standard (non-reverse) trojans is not difficult. You can detect them because they open a port & listen, and do not create a visible window. It's really amazing that most AT software developers still rely upon a signature-based detection concept (the least sophisticated detection method you can possibly imagine).
do u think the memory processes in trojan hunter gaurd is fair??..i havnt got the gaurd on?? Also is it protected in Manual update ? regards maddawgz
I am licenced to trojanhunter and tds but I cannot find the trojanhunter is good. the updates (except for last two weeks) are not frequent but the mem usage is outstanding. the guard is 5mb and scanning about 12mb.
tds-3 is guard (not really a guard):13mb and scanning about 30mb.
but tds-3 is much much better.
in my opinion
1=tds but only for the support (forum)and built in tools and database
2=ewido for huge database and their on access scanner and type of signatures (fuzzy I believe which would be the best I guess)
3=trojanhunter for memory use but not database as tds-3 or ewido
I agree with that. I'm loving TDS-3 for the advanced options and the awesome (and relevent) tools included in the prog. But Ewido, in my experience, is incredible software. I never experienced any program bugs (I know others have), the interface is pleasing and very easy to use, and it just sits there and works effectively. In my mind, it's the only AT that can compete with TDS-3.
Then again, I'm fairly new to the AT scene...
I have one question. I was aware of people and hypes and tried not to let myself in to any of the hypes.
now with ewido I am doubting myself I guess. is it still a hype or is it definately this good?
I am surprised of their database but I was hoping one of these days this ewido (not the free one) was tested by a known tester, like rokop (this is rather old review there) I wonder how it would compete really with the rest of the pack.
Yes TDS-3 and Bo-Clean both have the best support.
I do love Kevins lengthy, personal and informative responces to my question.
I also know Bo-Clean allows you to install on both your desktop and your laptop, TDS-3 doesn't and I don't know if Trojan Hunter does. Maybe someone could elaborate on this?
I really wouldn't worry about DLL,rootkit,low level drivers right now since that and more is being taken care of as we speak.
an on demand scanner adds bloat but since everybody thinks they need it, it is being added to most software now days.
It was just relased a week or two ago. Give it time, I'd bet a couple reviews are in the works.
TDS, BoClean, TH, PP have been on the market for a while and to be honest, I really haven't seen much in the way of credible reviews for any of them.
You are right, it does need some credibility. I am glad they dropped the price though, until they're proven, can't charge the same as your competitors.
Well, although I'm certainly no reviewer, and admittedly haven't used any of the other ATs discussed here, I really do find TDS3 to be more than I thoght I was paying for when I bought it. I have been able to scan the ports of friends in Europe with it and determine what trojan/s they have been infected by and then help them learn how to clean said trojans. Perhaps this is common among ATs; I really don't know - but it impressed me, along with TDS performance in all other areas (on my pc, anyway).
You just have to try a few, see what suits your system, and it's you that has to be comfortable in using it.
One thing, forget Pest Patrol... as tImEwArP said: King of FP's.
Creatures of the Wild,
Warning: I am very opinionated about this one.
BOCLEAN=Trojan Defense Period. I will edit this with a link from a University article when I locate it. Please stand by lol
I understand your concerns this little baby (that WILDERS gives 5 stars too)has not had a lot of ad work on it, but I have used it for over two years email support was outstanding although I hear it has slower response time. I got 24 hour responses and problem was solved on WinME OS in which Norton AV and ZA had a conflict due to limited PC resources. We just slowed BOCLEAN down a few miliseconds. Never had a problem on XP OS on same computer.
I almost got PestPatrol instead but a it also came recomended by another user during a PestPatrol discussion.
I have had various AV and two different firewalls on my machines but have never gone without BO.
Separate names with a comma.