Real Time Protection?

Soul_Flame, I am not quite convinced that I understand what your concerns are but I will have a try anyway.

As a previous responder indicated, TDS3 can be set to scan various memory objects on launching. Hence you will have a known clean indication at this point and if Exec. Prot is enabled than you don't need to be concerned with something launching from memory later on as it would need to bypass the Exec Prot to get into memory in the first place.

Does this answer your concerns?

 

TDS is told to be very populair with people to protect them for their own kind to put it this way.

 

Hi Dan, thanks for posting on this thread.  

Let me put my remaining concern this way.  Is it possible
for something to, as you put it, "bypass the Exec Prot to get into memory in the first place."?  If this is categorically impossible, then I can rest assured that execution protection is sufficient when combined with memory startup scans.  

My concern is that something COULD get into memory after that initial scan, and then launch from there, thus bypassing execution protection.    When I read Mem's post, it sounded like some time of ongoing memory scans is happening with his configuration.  

But anyway, I guess I'm looking for one of two things:

1.  either it's absolutely impossible for something to get into memory after the initial scan, and with TDS-3 still active, or

2.  there are real time options that will catch something executing from memory, and not from an executable file.

Either 1 or 2 will make me a happy camper.  I hope that makes sense.  Let me know if it doesn't, I'm still struggling to learn more about this technology.

Regards

Rick

 

Well, there are no absolutes but...

I believe your second option is about right. Unfortunately I am not too conversant with programming so Wayne or Gavin can offer a more decisive answer to the question but I believe that if something goes into memory in the form of "data" and that something refers to that "data" to launch it as "code" then it would have to do it via the Exec Prot hook which is written to prevent this sort of thing.

Dan

 

Rick,

As stated by Dan:
"Well, there are no absolutes but... I believe that if something goes into memory in the form of "data" and that something refers to that "data" to launch it as "code" then it would have to do it via the Exec Prot hook which is written to prevent this sort of thing."

It is my understanding that the different memory scans on startup gives you a "clean" system and by execution protection your system is monitored and therefore kept "clean".  For something to enter your memory it must be executed thusly going thru the "hook".

You ask:
"But anyway, I guess I'm looking for one of two things:

1.  either it's absolutely impossible for something to get into memory after the initial scan, and with TDS-3 still active, or

2.  there are real time options that will catch something executing from memory, and not from an executable file.

Either 1 or 2 will make me a happy camper.  I hope that makes sense.  Let me know if it doesn't, I'm still struggling to learn more about this technology."

As nothing is impossible, I beleive # 1 is accurate, and TDS affords you more protection than any other AT on the market  TDS makes things as nearly "absolutely impossible" as they come.

If I am wrong in any of my statements, I am sure I will be corrected, and I welcome it.

ALL things considered, you will not find a better AT than TDS-3.2.1 and when V$ is released it will be even better!!!

Regards,
Kent

 

Wayne responded to an email I'd sent him, and addressed this question directly.  Based on his response I"m satisfied that TDS will provide sufficient real time protection.  Moreover, I'm quite eager to see what features will be included in the new upgrade.

I will be purchasing a license for this fine product within a day or two.  Thank you to all who took the time to contribute information on this and other threads.  It's much appreciated.

Rick

 

We all are looking forward to v4 which must be astonishing and is still kept secret even for us! If it is now already the best, what will be the v4 even better?
Great that Wayne answered your technical questions satisfying.

 

Rick,

Glad to hear of your decision.  Wayne answering your e-mail personally is just one example of the great service that DiamondCS provides to their TDS users.  And as Jooske said TDS-3.2.1 is already the best, just wait for all the improvements and add-ons in v4 (which is a free upgrade to all registered users).  Plus as a registered user, you will have access to the private forum, a great service where many experts (and newbies) can answer any and all of your questions.

Again, I say welcome!!!

Regards,
Kent

 

puff...thanks for the welcome.  And reading your signature, I can't help but noticing I don't think you have enough security software loaded on your machine.  Wow, I don't even know what half of that stuff is.  I'm gonna get an education just researching the stuff you run, lol.

Anyway, i look forward to using this fine product and interacting with you folks on the private forum.  

Rick

 

Soul flame you got money=) if so buy it i know your doing shoping but to be honest no other trojan detector offers so much how ever if you just one a quick fix.

click your done just get the  trojan remover called the cleaner lol.

or go look at another trojan detector read the list of features and compare it to tds list of features after that only coment i have is

are there any more quistions i rest my case.

 

Looking forward to welcome all the new faces there too!