TDS-3 with BartPE?

Discussion in 'Trojan Defence Suite' started by Morpheus, Mar 16, 2005.

Thread Status:
Not open for further replies.
  1. Morpheus

    Morpheus Registered Member

    Joined:
    Aug 13, 2003
    Posts:
    45
    Hi folks,

    Just wondering if its possible to run TDS-3 from a BartPE boot disk. If so has anyone written a plugin for it?

    Thanks,

    Morpheus
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    TDS is a Windows application

    Dolf
     
  3. helloworld

    helloworld Guest

    BartPE is a windows operating system
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    In theory You should be able to do a scan from bart pe, BUT it would only be a file scan and I doubt if the memory scans/registry scans etc etc would work

    One thing that does come to mind though is whether that would infringe the licence as you have a license to install on one computer and that does appear to be an attempt to avoid paying for a multi licence if you are using TDS to clean multiple computers

    I'm not saying that you are but it COULD appear so

    I'm sure taht Gavin will know better whether it will work but I do know TDS has to be installed to do most of it's scans rather tahn running from a cd
     
  5. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    It would be interesting to see, but I expect that it will be more useful to wait for TDS-4 because that will(1) have much better unpacking support than TDS-3.

    IMO it is the memory scanning in TDS-3 that is the jewel in its crown, the more exotic packers can hide a file on disk fairly easily but that won't be the case once it is in memory (and execution protection is a key part of TDS-3 working as well as it can)

    Wayne/Gavin, it would be good to think about "how-to" allow people to easily incorporate TDS-4 into a clean boot scenario like this for scanning and the computer or computers(s) that we have the product licensed for

    If people want to have a disk that allows them to scan multiple computers without having TDS installed maybe you could even create a license category that allows TDS-4 to be used for one off scan's by a named operator on multiple computers using removable media (network share, cd/dvd, usb key/disk)....
    If you have the license cost based on something like the avg number of distinct computers that would be scanned each week so that you are giving fair value for money and getting fair compensation in return
    This would obviously be most useful for computer shops where they routinely deal with other peoples machines, or maybe even medium sized business that want to check periodically with TDS (as an alternative/backup to the other methods in use)

    NB:
    (1) this is just an assumption, but it's fairly unlikely that the version of TDS-4 that still allows disk scanning(2) would not be as strong as possible in this area in order to be as effective as possible
    (2) another assumption based on the previous comments that there will be several versions of TDS-4
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    If you go to the TDS-3 Purchase Page you will see that a roving license is available for a rather reasonable price if you're a support technician. Actually, it's a decent price even if you just want to handle multiple PC's in a home/acquiantance group. Not sure about the media/install requirements, but the basic license category is available now.

    Blue
     
  7. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Blue,
    Thanks for that I haven't ever looked (as must have been obvious) seeing as I only needed a personal one...

    Its good to know that the roving license exists (in case I ever have need of it), and you are not wrong about it being good value....
     
  8. Morpheus

    Morpheus Registered Member

    Joined:
    Aug 13, 2003
    Posts:
    45
    Thanks for the info,

    I was looking at this as a simple potential recovery scenario on my machine that is licensed for TDS-3 rather than any multiple machine scenario. Basically I set up a Bart PE boot CD just in case I ever get into a situation where I am unable to boot into windows/clean from within windows due to unforseen circumstances such as a virus or trojan infection. My idea was to then be able to clean the system using the BartPE CD. Memory scanning shouldn't be an issue as I would be trying to remove infected files from the machine rather than those resident in memory which in theory would not be loaded under this scenario. The registry scan issue may be more of a problem however when thinking along these lines.

    I am probably being slightly paranoid here as I am thinking about a trojan which disables TDS-3 thus stopping me running from within windows. TBH if my machine was that comprimised I would probably be inclined to reformat the drive anyway. How are people here generally preparing for this sort of problem.

    Thanks.

    Morpheus
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I just don't know if it will work or not

    I think it's a matter of trying it for yourself and see if it works on a clean machine

    the main problem I can forsee is that if TDS finds an existing TDS key and TDS installed on the computer the version on the Bart PE disc might not run as the inbuilt TDS protection against copying & piracy might come into play

    I thiunk for this one send an email to support@diamondcs.com.au and ask them and point them in the direction of this thread as it would be interesting to get an answer as it could happen to any of us

    I have a BArt PE cd just in case but I haven't attempted to put TDS or KAV on it
     
  10. zacksam

    zacksam Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    2
    TDS-3 is working from within BartPE (also if there is an installation of TDS-3 on the hosts HD). It is only possible to run a filescan, Registry redirection of the registry residing on the HDD does not work at the moment.
    As it is one of the best trojan detectors i allways run a filescan from within BartPE and do the rest (registry cleaning) when the host system cleaned from the maleware files.
    To find suspect autostart entries Hijackthis will show them also when the system is booted with BartPE (registry redirection working).
     
  11. Morpheus

    Morpheus Registered Member

    Joined:
    Aug 13, 2003
    Posts:
    45
    Thanks Zacksam.

    I'll give it a try.
     
Thread Status:
Not open for further replies.