Discussion in 'Trojan Defence Suite' started by controler, May 15, 2002.
1. sent in file
2. updated today
3. still detects Lockdown as a RAT
Your [ and [ /codes ] were not in the exact place for that.
And what is DCS reply?
They are not replying
I better leave the HTML to you dear
Lockdown put the signatures uncrypt into memory. So many other (more reliable) programs produce due to the weakness of Lockdown a false positiv. IMHO if you use TDS-3 than there is no need for this LD-garbage anymore.
Mr Wizard? Mr Wizard?
Time for this one to come home.
My Copy of LockDown is free
My Copy of TDS-3 is a TRIAL and I am not worthy to get a beta copy.
Now you don't see me calling TDS-3 GB do you?
"Lockdown put the signatures uncrypt into memory"
Did you mean to use English to explain your Quote above? And ment to write encrypted?
You should take this up with Michael Paris if you are so sure LockDown is GB
Hey controler, I don't know how familiar you are with the history of Lockdown, Mr. Paris, PC Help, and various and sundry parties, BUT, there are a lot of people around that have some very strong feelings one way or the other. The story goes back a ways, and there are lots of ins and out to it.
I try to allow others to make up their own mind about products and not criticise them for the choices they make.
I can only suggest at this point in time, if you put your trust in Lockdown, I hope you have researched it at least a bit, so that there is a reason for your trust.
There are a lot of programs out there I consider garbage. I always have what I think is a good reason, based on investigation. Sometimes I pop up with my thoughts about a certain program being garbage. When I do, hopefully people don't take it personally if they happen to like that program.
I guess all I'm trying to say here is there is a reason people do not care for Lockdown, and if in using the product you are happy, and do not find a reason to dislike it, fine. However, it would be my personal opinion, fwiw, that you would be better served by TDS3, BOClean, or Trojan Hunter.
I hope I have said nothing that would upset you farther as that is not my intent.
Hold on guys, may i remind this part of the forum is about TDS and TDS finding a possible false or not false alarm in another product, for which a thread is running, waiting for DCS replies.
If it comes to opinions about products and comparison i really must ask to open another thread for that in the general forum parts, where are certainly suitable places.
Everybody for sure is free to have opinions about products and a healthy discussion without flaming or namecalling and such is certainly encouraged, as we all can learn from other peoples experiences and explanation on which these opinions are based.
Hey sweetie, Thanks
You know thats all I been trying to do here is get feedback from TDS about LockDown false Alarm.
I didn't see ROOT mention exactly why he hated LockDown but I have read all the PC-Help stuff and of course you knowm me by now and would do anythimng to help anybody. nuff said.
I replied to your email as soon as possible today. Just to recap, Lockdown has some trojan signatures stored - in PLAIN TEXT - inside the main executable. This means that any scanner looking at the process when it is running will see those detection signatures, and by chance we make a detection on those
As explained, signatures should always be in an external, updateable, ENCRYTPED database - for many reasons. TDS-4 will not detect this, we will make some changes to the main TDS executable which is the best way to get around this false detection.
Just the other day DCS reprehend SpyCop for finding a spy-bot string in your dcsmutex.dll and detecting it as a Trojan.
You advised SpyCop developers to improve the _primitive_ way they use to find trojans.
It seems DCS also sins a little by storing trojan related strings in _plain text_ inside executables (.dll)
I don't care a bit about LockDown but with the 16 (?) advanced methods TDS3 uses to detect torjans , a false positive relying on a text-string is a bit surprising.
I'm sure you can find a way to eliminate this false-positive.
Well then this should prove to be interesting and a good thing since both TDS and LockDown are comming out with huge releases in the next few weeks.
It is nice to see the two working together for the good of all now.
Things are really going to start getting nasty in this old world in the next year.
And Yes it is ODD that everybody uses internal txt signatures instead of pulling them all from an external database.
Peace to the world
LockDown has it's own signature database which is
not a part of the executable. If you look in the LockDown directory you will
see a file called sigs.l2k and sigs.bak. These are the signature database
uses. If you were to move both of those files and put them into another
folder and then scan
them with TDS you will see that they are not detected as Trojans. Next open
in advanced mode and scan the running process with TDS and you will get a
a Trojan. Then go to the scanner in LockDown and look at the file signatures
and you will see that you
have no file signatures loaded. Close LockDown and copy the 2 signature
files back and reopen
it and you will see that it now once again has signatures. Scan again with
TDS and you will get
another false detection from it. This will prove that the signatures are not
built into the executable.
I would suggest that you try the above to verify this to be correct for your own peace of mind.
The TDS/LD issue has been talked over extensively by now; DCS has provided an answer in this thread.
This should do as for TDS vs LD in the TDS forum.
In case you feel the need to discuss LD any further, you are free to do so in an appropriate other forum. DCS forums are not the appropriate ones, and for that reason off-limit from now on.
No offense mend, but we'd like to keep our forums as "clean" as possible, meaning relevant threads/posts in relevant forums.
"No offense mend, but we'd like to keep our forums as "clean" as possible, meaning relevant threads/posts in relevant forums.
Very unprofessional there dude The issue was not resolved about the file sigantures and furthermore this was the correct forum. The issue was with regards to TDS false alarm. Wouldn't the readers want to read about all that stuff?
You dissapointed me.
I have no problems in you commenting on me being professional or not; that's anyone's perogative. I do mind being referred to as "dude". Please refrain from such remarks.
As it seems, I've choosen the wrong words here, thus let me refrase:
As long as the issue is focussed on TDS flagging false alarms (regardless what other software is involved) I don't have any problems with this thread being continued.
In case the focus comes down to specific other software - in this case LD for example, this is the wrong forum, and a new thread has to be started on the appropriate other forum.
I'm sure you'll survive.
You want reading about all that stuff? Just search the web for reviews on LD and have look at http://www.wilders.org for an overview of good anti trojan software.
desn't like being called dude. hum what does this tell us ? LOL
I doublechecked and his sign shows male, amI wrong here?
Actualy since my life is in turmoil , and am sure you like eharing that. I won't post anymore
controler - Absolutely no one here is going to take any satisfaction in the fact that your life is in turmoil right now - if you knew any of us personally, you wouldn't be hearing many songs about how life is but a bowl of cherries on our end, either.
With the turmoil part of your life, feel free to email me if I can be of any help or if you just need someone to talk to.
The issue with the detection you brought up is a valid one - hopefully, someone from DCS will stop around and try to explain it.
Please just be realistic in your expectations here, okay? We all like TDS - if we didn't, we wouldn't have a forum here for it. That doesn't blind us to any issues that may arise with it's use - it just let's us relax about it until the problem either gets thoroughly explained and understood, or fixed.
Just my .02 Pete
Well said Pete.
Controler, I an sorry to hear things are not well with you. It seems fate (if you believe in that rubbish) has been dealing some bad circumstances to many people on this forum lately. Truly saddening. As with the rest, I am honestly sorry to hear that. Whether you like TDS3 or LD makes no difference to me in that respect. you are still a human and worthy of compasion.
'nuff of the mushy stuff. Back to biz...
Until Diamond Computer Systems responds to the valid challenge posted by Controler:
There is no need to post further in this thread. Ten-Forward is an excellent place to discuss the woes of the world (and the existance of fate ), NOT here.
Gavin/Wayne, we wait for your answer.
He Pete, with all those .02 you spent today in the forum, that's about a large sunday icecream! Good to have it all cool down and to enjoy.
I am sure nobody would like to walk in other people's shoes if they knew more backgrounds.
It's good doing business here in a forum where we know all people being helpful and patient with each other and respectful. So we all can learn more by the day and build this intelligence knowledge base.
Just to let you know of a couple of things.. firstly DCSMutex.DLL does indeed have a couple of plaintext strings, however these are trojan names and not signatures - the actual mutex signatures are encrytped.
Lockdown does indeed have an external database, however it does also have signatures stored inside the main executable. Open it with a hexeditor and take a look There is no reason for this, or the signatures should be encrypted..
The only ways NOT to detect this is to ignore the file itself, or reduce detection capabilities of memory scanning (no thanks). The next release of TDS will be updated to have removal of this, but a database update will not change anything of course.
That is a fair enough answer for me.
Unless you disagree controler, lets consider this topic wrapped up.
Separate names with a comma.