Trojan Trap help

Discussion in 'other anti-trojan software' started by AAP, Jul 30, 2003.

Thread Status:
Not open for further replies.
  1. AAP

    AAP Guest

    Hello,To all

    Well here i am again looking for help if you please
    i just Installed Trojan trap3 & the Install with great
    no problems at all tell i was trying out my software
    & i do have 2 problems hope someone can help here

    Now problem

    1) Can not run TDS keep gething an Error
    tell i disable TT3 then all works great not good

    2) Can not run Ad-Aware tell i do as i just said above

    & are there any links or forums to find help with
    this program i like it but it looks hard well that's
    it for now LOL any help at all

    Good luck
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi AAP,

    Ah, finally, another TTT3 user. There don't appear to be very many of us around even though it may be the single best piece of security software available. (How's that for a strong opinion? ;) )

    Can you give a little more information here? What "application group" do you have the executables for these programs in? Perhaps you've just got security set a little too tight on them or perhaps on other dependant apps.

    TTT does take a bit to configure, but, once setup properly, you will have some pretty powerful security on your system. You just need a little patience and time.

    Also, exactly what errors are you getting?
     
  3. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,LowWaterMark

    First good day to you now here are the 2 Errors
    i get this first one is from TDS

    Please tell MS about this problem send Error Report

    & the one for Ad-Aware i know about it's an Error
    where you have to place all of the files in

    Unrestricted Applications which i have to both of them
    & stell no go or am i missing something here but here
    is what is odd on the other puter running XP Home i
    had the same 2 Errors so i placed them in Unrestricted Apps
    & all was good so i don't see why it will not do it on
    the other puter running XP home as well odd A

    well i thank you for your time & help

    Good luck :)
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hey AAP,

    I see you've joined as a member here, welcome! ;)

    Hmm, both systems running XP Home and it works on one but not the other, right?

    First, what changes from default have you made in TTT? If TTT was installed after TDS and Ad-Aware, their executables would have already been in the unrestricted applications group.

    Does your unrestricted group have the vast majority of your system's executable files in it? Have you moved other EXE files (especially any core Microsoft system files) out of there and into more restricted groups? Some can be moved but a lot can't. Also, have you changed the unrestricted groups "Execution Settings..." options at all? It should look like the image below so that no restrictions are enforced on that group.

    If possible, if you could provide the whole actual text of the error message, that might also better indicate the problem.

    Another option is to deinstall TTT on the bad system, it should come off very cleanly but check for remnants anyway (files and registry) and then reinstall. Let it catalog all existing EXE files, like TDS and Ad-Aware and place them into the unrestricted group. Make no changes in TTT at all, but let it run, then see if these programs work normally.

    - LowWaterMark
     

    Attached Files:

  5. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,LowWaterMark

    You are a forum GOD had one look at your gif
    removed what i had checked & hey i have my
    TDS & Ad-Aware which i would not go without

    Oh i been a member here about oh say 50 times
    & other forums & i always forget the passwords
    all but Lavasoft hmmm what is up with that :)
    so i installed PGP so i could hide all my passwords
    great A but i can't think of the password for PGP o_O

    now back to TTT3 should i start playing with this
    bad boy do you have any more tips on how to set
    this up i can't see why more are not trying this program
    out it is one great tool but you need to work with it
    which i will it is one of them got to have Tools

    once again thanks for taking the time to help
    say hi to paul for me :)

    Good luck ;)
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Initially, the biggest decision will be determining which programs to move out of the unrestricted group and into another, more secured group. You see, you want to leave the "unrestricted applications" group completely unrestricted so that you won't block functions on key system programs. (Though the one restriction you can safely check in the unrestricted group is the "Checksum guard". That will let you know if any applications in that group have been changed, which can be valuable since you really are trusting those apps completely. I do have that option checked, I just didn't show it in the image above.)

    The "preconfigured groups" are pretty important, so that might be a good place to tweak first. If you use IE, OE or Outlook, those three groups can help you really control just what those applications can access on your system. The IE group may well be the most important. Limiting the directories and registry locations that IE can access can really limit the exposure from possible exploits in IE. These three groups are already secured in some ways by default, but, additional adjustments can be made.

    One thing I've found very valuable for those groups, and a few new ones I've made, is to specifically block the directories and registry keys of my key security software. For example, using the Advanced Mode under View menu in TTT's Admin tool, for the IE appl group, you can go into the file and registry security sections and mark as read-only all the areas related to your AV, FW, and other security apps. So, if IE is ever "out of your control" through an exploit, it can not possibly change anything in the file folders or registry keys related to your security tools.

    This can be done with other groups as well.

    In the image below, the key things of interest are: 1. Notice how many programs are in the unrestricted group (look at the scroll bar and you'll see that a lot of programs are contained in there). For the most part these are things like the core windows exes and most of the major \Program Files\ based applications (again, only trusted programs, of course).

    2. I've created a couple additional, special function, groups. "Hide Personal and Security" is one that allows much functionality for the programs contained in there, but, marks as read-only my core security products and as "no access" my private files (financial & tax info, and other personal items). I run a few programs in there that need a lot of rights on the system to work, but, that I still don't trust 100%. So I sandbox my most critical apps and files from being accessed by those programs.

    My favorite new group is called "Special Testing". It is an almost all "Ask User" (prompt) application group. It allows read-access to all core areas, except personal files, but for any form of write or update access, in files or the registry, it prompts me for approval first. This allows me to run a program and determine just what things it wants to write to the system, and I can decide real-time if I want to allow it.

    Those are just a few thoughts for you to consider.

    My warning to new users of TTT is simply this: Don't restrict programs that need deep system access. Such programs include your AV, Firewall and complex security products. If you don't trust those programs then even TTT won't help.
     

    Attached Files:

  7. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,LowWaterMark

    Once again thank you for the help & time
    i will give what you posted a try see how it
    gos well let you know if all is good wow this
    is one great program talk to you soon

    have a great day

    Good luck ;)
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    FYI - The links below are a few screen shots that show various options that are configurable within TTT3. The examples shown are specific to the Internet Explorer application group, but can be applied to any existing or newly defined group.

    These images are included as download links rather than active image tags in order to save download bandwidth for those who are not really interested in TTT configurations, but who have clicked the link to this thread. (I believe the green (allow) and red (block) properties are self explanatory.)

    1. Restrictions on: System Services

    2. Restrictions on: OLE/COM

    3. Restrictions on: Process Spawning

    4. Restrictions on: Misc System Service Controls

    5. Restrictions on: Filesystem Access

    6. Restrictions on: Registry Access

    AAP - you know most of this already, so this is included for those who are interested in the capabilities of a powerful sandbox, but who haven't tried Tiny Trojan Trap yet.
     
  9. PikeDude

    PikeDude Guest

    Hi,

    I'm kind of interested in trying it out, does Tiny Software still support Trojan Trap 3 because I went on their website any there was no mention of that software anywhere there. I found out where to download it but without any updates or support from Tiny Software, I'm reluctant to try it out. Thanks for any help.

    Regards,
    PikeDude
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    TTT3 is now a previous version meaning that Tiny no longer directly markets or supports it. They have all the components of the sandbox included in their newer versions of Tiny Personal Firewall. TPF3 and TTT3 were the current release as of 10 months ago, then TPF 4.0 came out. That was very quickly followed by TPF 4.5.

    TPF 4.5 is the current release version, and TPF 5.0 is in the Beta software cycle, and if all goes well, it'll be final release soon. Though interestingly enough, Tiny Software is actually selling TPF 5.0 right now, even though it's still in Beta.

    TPF 4 completely changed the interface and many other components from version 3. I tried it and thought it was seriously lacking, so I returned to TTT3 while waiting for the next major version. Tiny must have thought there were problems with the entire 4.* version set as well because now 5.0 is another complete rebuild of the product. It looks much more promising than the 4.* disaster. (Yeah, 4.* was that bad - in my personal opinion.) I have updated my license so that I currently own TPF Pro 5.0 though I still use TTT3.
     
  11. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hi LowWaterMark,

    Thanks for the info, that's what I thought had happened although I wasn't sure. I tried TPF 4.5 and then TPF 5.0 (even though it was beta) and both version I found a little to complicated for me. I had trouble getting stealth on some of the ports straight "out of the box" so I figured it was a firewall for the more advanced user.
    Right now I'm running a trial version of LooknStop and like it, although I had wished to use the sandboxing features.
    Again thanks for all the help.

    Regards,
    PikeDude
     
  12. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Well, you can't get a much better firewall than LnS so I'll hope your eval goes well.

    Also, I see you joined as a member here, so Welcome to Wilders Security Forums!! :)
     
  13. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Thanks :D
     
  14. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,LowWaterMark

    Well here it is as i was asking before is there a way
    to use TTT3 to watch over a program you Install to
    see what that program is trying to do like say what
    it is trying to do in the Registry Or say in the System files

    what i am trying to find out is if i Install a software
    then run this software is there a setting in TTT3 which
    will let me know what this program is trying to do to
    my puter before i let it run all over the place or anyone
    know of this type of programs

    well you all have a good one

    Good luck :)
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi AAP,

    Yes, there are some very powerful controls that can be setup in TTT to let you know what a particular program is trying to do. First, here's a quote from one of my other posts above regarding an application group I've set up to do this very thing.

    Since you generally care most about the updates, changes and writes that an unknown program is doing, this type of group allows any application in it to have normal read access to the files, registry and various system services. It only pauses and alerts (asks) you about anything the program is trying to write or dangerous system services it's trying to run.

    To set up such a group, first make sure you are running the TTT Administration Tool in Advanced Mode. Now, create a new application group. I called mine Special Testing, but the name doesn't matter. See the image in Reply #5 above. Notice where "Special Testing" is? Right-clicking on the "User Groups" folder gives you the option for creating a new group.

    In the dialog box that pops up where you name the new group, you'll have a choice of making the new application group a restricted or unrestricted group. Select the restricted box.

    Now, using the three buttons on the left, "System Security", "File Security" and "Registry Security", you are going to customize the new group, setting virtually all configurations to allow all the read-like accesses, and setting all other options, such as write, delete and so forth to "Ask user".

    Let's look first at File Security (see image). Notice in the middle window (Explorer like interface), I have the highest level (the "Files" item) selected, so the settings I make at that level will carry down to all disks and folders below. Special Testing is selected in the upper right, so the settings made in the lower right section will apply to just that new application group. In that settings area, the "access" tab has all the read-like settings allowed (don't forget to scroll down in there).

    [​IMG]

    This has now allowed read access to the entire file system for that application group. From there let's set the "Ask" configs. In the next image you see I've switched over to the "ask user" tab. In there I want to enable all the remaining forms of access that aren't the read ones from the first tab (things like write, delete and append...). When these are set as you like, hit the "Set" button just above that box and you've secured most of the file system accesses.

    [​IMG]

    Now, a little more tweaking in the File Security section may be desired. If you look at these images, you can see, for example, the "Temp" folder is green. Well, I decided to alter the security for a few key folders from the new defaults we just set above... Basically, I've granted "Full control" for this group on a few folders because I did not see any reason to not allow programs I'm testing to access a few of the common work areas on the disk. You'll have to decide if there are certain work folders you want to allow like this.

    Basically, at this point any program run in this new group now must ask you for any write or delete operations it wants to perform. TTT will hold the program at that very point until you either allow or prevent the access request.

    More security ideas for this group in the next post.
     
  16. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    As you continue to build this new program testing application group in Tiny Trojan Trap, the next area you probably want to secure is the Registry. So, as with the file security set above, select the Registry Security button in the left panel and proceed with setting first the full "read access" rights and then set the rest to Ask the user.

    In the registry section for my Special Testing group, I simply set the top level permissions and did not tweak any areas below that top level. Therefore, every key in the registry is treated the same as the settings at this top level. Read is allowed for everything, but any updates, writes or deletes will require user approval.

    In the image below you'll see what I mean. The registry settings are made via the same Explorer like interface. Selecting the highest level (called "Registry") and on the right selecting the new Special Testing application group, you can then make the settings in the lower right screen section.

    [​IMG]

    In the "access" tab shown above, all the read-like accesses are enabled. Below you see the "ask user" tab has all the write and update operations selected. Hit the Set button and you are done with the registry settings.

    [​IMG]

    Now, before I describe the settings I've made in the "System Security" section, (perhaps the most powerful area of control in TTT), I wanted to just make a side point here.

    Setting all this file and registry security to ask you for permissions for every operation a program is going to perform is likely to result in a whole lot of pop-ups that you'll have to respond to. This functionality works and it works well. Some people might say it works too well. Complex programs can do a whole lot of write operations to the file system and the registry. It can be very overwhelming. So be forewarned about that.

    I do not suggest running any complex utilities (such as an anti-virus or firewall) in such a group. After the first few hundred popups, you'll be sorry you did. But, if you are downloading some simple utility, say one of Gibson's tweak this thing security tools, and you want to know what registry changes it's making, then this will let you see and control them. Once something gets beyond this level of complexity, an All Ask application group is a little too much! At that point I'd suggest you use something like my "Hide Personal and Security" group. If you are running something not fully trusted, then use an application group like that to protect your valuable files, and the directories, files and registry settings of your key security tools. A quote on this group from above:

    On to Windows OS services and component controls...
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Protecting the registry and all the files on disk is important to be sure, but, what about Windows itself and all the other running processes and built-in services on your system? A lot of malware attempts to kill off or take over your security applications as they run in memory. They also try to create servers and spawn other processes to accomplish their dirty work. So, there is one more section in TTT to protect these other system resources.

    Select the System Security button in the left panel to bring up access to the various OS access controls that can be managed. Let's start by looking at the Miscellaneous controls which is where functions like process termination and system shutdown are control from. This is a pretty powerful section, and as you can see it also allows you to control access to the clipboard, limit the amount of memory a program can use and even set a maximum number of window activations.

    [​IMG]

    As with the spirit of an All Ask type of application group, these are set to Ask, however, if there are certain functions you want to always allow or always block, then you can do that, too.

    That's the only image from that section that I'll embed in this post. But here are clickable URL links to screen shots of the remaining sub-sections within the System Security section. Notice that in the Services section, and also the Devices section, there are plus-signs before the section name. Yes, you can assign access permission to any individual Windows Service or Device, or treat all Services and Devices the same. Whatever level of granularity you need is available.

    Services image.

    Devices image.

    OLE/COM image.

    Process spawning is interesting. Here you can decide if you want a program to be able to spawn other programs into new running processes. It's not an all or nothing kind of thing. You can decide what programs can be spawned and which programs can do the spawning. You can choose to have the newly spawned program run under exactly the same limitations of the calling program or let them run with the access rights that the program would normally have if you ran it directly.

    Process Spawning image.

    VB Macro Control image.

    As with the note in the last post, setting all the functions in this section to "ask" could produce a massive number of popups that you'll have to respond to. In my experience, the use of this is not a problem when talking about a small utility, but it can quickly become far too much for a complex application.

    Now, let's look at an example of what level of control TTT can give you when you use an application group such as Special Testing. This last image is a screen shot of the TTT Activity Window. (That's a viewer that displays the latest events that have been alerted, asked & answered, or logged while TTT is running.)

    To give a little background, a couple months back AVG6 Free started including a small executable in with their definitions update. Well, the moment the AVG update process ran that EXE, TTT caught it and asked me what application group to run it in. While TTT was holding the process, I used Windows Explorer to look at the file and clearly it had come down via the AVG update. So, I selected the Special Testing group and let it run. I got multiple popup inquiries as it ran and replied to them. Here's the summary:

    [​IMG]

    Notice the sequence. I had started the AVG control console and told it to do an online update. The rest of the activity is the sequence of programs and logged accesses based upon the settings I have in TTT. When AVG extracted and ran this new utility program, free_txt.exe, I was asked if I wanted to let it to set a registry value. At that point I let TTT hold it while I went to that key in the registry and made a backup of it. Then I allowed it to continue and do the remaining actions. I was then able to go back and compare afterwards just what it had done in the registry.

    TTT allowed me to determine that Grisoft had change the AVG6 Free product so that it could now only download updates from a single server, all alternate URLs were removed. So, in this case, TTT caught and alerted me to a new program, allowed me to stop it or let it proceed, and monitor what it was doing as it happened. This is perhaps one of the more powerful things TTT can do.

    Whew! AAP, a little more of an answer than you asked for, but it's a pretty complex program and in order for you to be able to "watch over a program and see what it's trying to do", this type of application group would be required. (Besides, I've been wanting to write up something on TTT for a long time and this gave me a good excuse. ;) )

    I guess in summary, TTT allows you to assign access rights and protections to almost any thing (device, file, directory, registry key, system service or OS function) on your system. You can allow, prevent or alert & ask the user, for any of these accesses. It is very granular. But, it is very complex and takes a lot of time to learn and configure.
     
  18. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hey,LowWaterMark

    I thank you for this A 1 info all i have to say
    about this prog is Wow i'm glad i seen your
    post on this it is a keeper for my tool bag
    now to get the info on how to buy this prog
    well again thanks for all the help & time

    Good luck :)
     
  19. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    If you can't buy TTT3 directly, ask the people at Tiny Software if buying the new TPF 5.0 product gives you a key that will work in all the older versions, too? If that works, you can choose to use either.

    I have keys to both TTT3 and TPF Pro 5.0 and the key structure is identical. Also, there is a sale on TPF Pro 5.0 right now at their website. (Even on sale it is $49 US. Regular price is $79)

    However, be warned, I have not tested that the newer key works in the older products. You'll need to confirm that with Tiny since I don't want to uninstall just to test it. Of course, I will one day, as soon as TPF 5.0 is stable, upgrade to the newer product.
     
  20. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hi,LowWaterMark

    Thanks for the info i will give it a try sometime today
    i will let you know how i do on this well again you
    have been some great help on this you have a
    great day all day hehe

    Good luck :)
     
  21. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
    I would like to echo the response that this is the best posting on TTT I have read over the years. TTT can still be downloaded (and maybe even purchased as a seperate program - not sure) from here.

    http://www.webmasterfree.com/software/Security-Privacy/Anti-VirusSpecialized/tiny_trojan_trap_3.0-download.html

    This will result in version 3 .05 suitable for XP,2000, 98,and ME, it is a 9mb+ download.
     
  22. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
  23. AAP

    AAP Registered Member

    Joined:
    Jul 30, 2003
    Posts:
    117
    Hello,To all

    Well i would just like to say it's just nut's not to
    have this program running on your puter stell
    playing with it & going to the help files but i am
    finding out things about my software i did not
    know like i had no idea that when i ran some of

    my items they would run other items i had
    no idea of now with this program i see what
    or where these items are going or want to go
    & thanks to LowWaterMark info on how to setup
    a Groups i can now download an item & see
    where it wants to go or do hey i think you know
    by now i like TTT3 you guy's have a good one

    & LowWaterMark once again thanks for all the
    help & time you put in helping me with TTT3 &
    for posting about TTT3 in the first place well back
    to go play with TTT3 you take care

    Hi,linney

    I also thank you for the post & help i will
    have a look at that link as soon as the wife :'(
    gos out hehe you have a great day

    Good luck :D
     
Thread Status:
Not open for further replies.