Newby requests help please

Discussion in 'Trojan Defence Suite' started by Mike_ZZ, Aug 25, 2003.

Thread Status:
Not open for further replies.
  1. Mike_ZZ

    Mike_ZZ Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    10
    Hello everyone my name is Mike and I’m a newby (apologies to AA members worldwide!).

    I recently discovered both TDS and this forum by happy accident – I’m VERY new to security concerns, but it became apparent quite quickly to me that TDS is a highly regarded product and I’d like to purchase it – but here’s the rub.

    I run XP Home with various login ‘accounts’ (Admin level for myself, User level for different family members). At present TDS sits on my account – where it’s refreshingly ‘Mainframe’ interface greets me on start-up (anyone remember the film War games? :)).

    However this is the ONLY place in my current set-up it CAN live, because there are permissions problems with it running on less than Admin accounts (i.e. it won’t).

    I mailed my question to the TDS team and they kindly responded with a good suggestion (essentially run TDS on the ‘user’ accounts with a shortcut using different credentials). However that seemed flawed to me, as to do that I’d either have to be there every time someone went on the Internet, or give out my password. I have an eight year old son who is more interested in what he HASN’T got access to than what he has, so the latter option is really out.

    I don’t want to pester the TDS team (especially as I haven’t yet bought the product), so I’m asking to solicit some opinions on the specific scenario below.

    1)   I’m logged in and TDS is running. I leave the machine and my wife logs on to her (User) account and goes onto the Internet.
    2)   Somebody then attempts to connect to our machine with the intention of doing it harm.

    What would TDS do?
    What can I do to ensure I’m best protected in this kind of scenario?

    Hoping you can help and thanking you for reading this far.

    Regards
    Mike


    PS, this is the first ever 'forum' I've joined - like the smiles!
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Mike_ZZ,

    Welcome to Wilders!

    I'm afraid I have never had to confront that sort of situation so I am unsure how best to guide you. I wonder if there were some means of having it run as a service under a special administrative account. There are a number of App-to-Service type tools around on the net.

    In any case, the DCS team is very active in these forums and once they wake up :) will likely respond to your query, whether you like it or not :D :D

    Anyways, I'm sure you will get more substantive advice from others on this. I guess I just wanted to welcome you to the board (in my own roundabout way!)

    Regards,

    Dan
     
  3. Mike_ZZ

    Mike_ZZ Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    10
    Cheers Mate, appreciated!!
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello Mike_ZZ, welcome in the DCS forums at Wilders too ! :)
    Another option could work if you install TDS a second time on user accounts level too. Can you test if this is for you a workable way?
    In a registered version you can install the exec protection, the resident part in TDS to block any malicious executable before it can do any harm.

    TDS is no firewall, you still need a firewall to block intruders and portscanners. TDS will alert you telling about connection requests on ports from the sockets you configured (upper right) if they would bypass the firewall. No need to run TDS as a server for then you will have those connection requests more frequent. :)

    Please tell us back if one of those install options is workable and successfull for you?
     
  5. Mike_ZZ

    Mike_ZZ Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    10
    Thank you Jooske I will try this in a couple of days after I wait to see if there are additional suggestions as well - then I can form a test plan.

    I'm just a little concerned that two instances of what appears to be an intensive/'clever' program could a) conflict with each other, or b) gobble up resources (I guess I won't know till I try it :))

    Two questions however;

    1)   "TDS is no firewall" - understood, but XP has a built in Firewall, which I've had enabled since day one. Is it the considered opinion that this is insufficient? If yes, could you/others recommend one please?

    2)    "...registered version you can install the exec protection" – understood, conceptually! If/when it executes, does it do so fully automatically, or does it require ANY user ‘driving’? If the latter, then the question of XP user permissions may again foul the issue. I have visions of TDS saying “Hey – you’re being attacked – I can help you get out of this – just press OK”, and then XP saying “You do not have the authority to perform this action…..” :'(
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    XP firewall should be disabled, install Zone Alarm, Tiny PF, something else :) free of course..

    Execution Protection simply requires that you have TDS running. Double click on a file, and TDS will scan it. If it is detected as a trojan, TDS will disallow access and the file will not run
     
  7. Mike_ZZ

    Mike_ZZ Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    10
    Thank you Gavin, I'll look for these two firewalls tonight. Out of interest - why "disable" XP's 'firewall'? will it conflict with the software you're suggesting? :doubt:

    If I understand you correctly, an execution protection triggering event will bring TDS out of its minimised/taskbar state and in the "Alarm", "Name", "File" sub area display the offending process offering the delete options??

    May I just say thanks to the people who have answered this 'post' so far. The learning curve for me is steep I feel like a goldfish looking at the ocean!
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Mike_ZZ,

    Explanation and downloadlinks for firewalls can be found here: http://www.wilders.org/firewalls.htm
    Roughly said the XP firewall only blocks traffic coming in. It does not control outbound traffic, so you would not be alerted to any spies on your computer sending information.

    Regards,

    Pieter
     
  9. Mike_ZZ

    Mike_ZZ Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    10
    Thanks Pieter,

    just downloaded Zone Alarm and am having FUN (in an Oh GOD what's it doing now [glow=red,2,300]NOOOOOOOO![/glow] way) :D

    Mike
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I went for the ZA Pro version as it has so many more options and settings, but this i leave to the advice and expertise of the other people writing in this thread :)

    I noticed a few times a file didn't want to start and i noticed the exec protection had actively blocked it, scanned the file and yes, it was unsafe. So that is a very great feature.
    Maybe somebody could write a nice warning script for the occasion or maybe such interaction can be included in future time.
    If WormGuard blocks it you get a popup with explanation and options to look inside the file in the safe mode.
    Somebody was rather creative in modifying those warnings even for an 8 year old very understandable as you can find in some screenshots in the WormGuard area here.

    I really like the way you're thinking of secure computing!
     
  11. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Lol ! :D

    I agree with Jooske that the pro ver of Zone Alarm is far better than the free one so if you have that amount in your budget you might want to download the trial so you can see the feature differences.

    ZAP was the first personal firewall I used and I went from ver through ver 3 with it and was quite content. A very nice balance of ease of use and good protection. Another very easy to use firewall is Kaspersky Anti-Hacker.
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    It is the ease of use and now in this version 4 the expert rules and other options, so i get educated step by step as i have not the intention nor time at the moment to learn deeper wonders of rulesettings and configuring a firewall in the smartest way.
    I'm forced more often to lower some default security settings from it then tighten them more up!
    Good to see in the ShieldsUp! test all those green stealth boxes. And still having connection with internet :D
     
  13. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    You raise a good point, as always, about the need for useability. Too many people equate the "worth" of a firewall product with how well it can be made to block all questionable activity. The problem with that is that many users simply do not have the time or inclination to set these "very configurable" firewalls properly and so take shortcuts in the config that lessen the security versus what they might have got in a simpler and easier to use product. :doubt: :)
     
Thread Status:
Not open for further replies.