WG necessary when you have TDS ??

Discussion in 'Trojan Defence Suite' started by Hurricanetracker, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46
    Got a small question . Is it wise or necessary to have wormguard present on your system when you already have TDS, REGRUN, AVG pro and numerous anti spyware apps in place ??

    What does it do which all of the others don't o_O
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Hurricanetracker, I have WormGuard resident with all of those types of applications and WG still picks up potential malware where others fail, especialy possible scripted malware & dual extensions.
    One of the benefits is that WG allows you to view these file safely making it very easy to decide what to do.
    WormGuard does not run as a process but uses a hook, as a file is opened WG scans the file and normally allows the file to run unless there is anything suspicious that requires the users attention, so using extremely low overheads.

    Treat WG as another useful tool. part of a good layered defence. :) Pilli

    Here is a list of features from the DCS website:

    WormGuard has many features you won't find in other products, including :-
    Analyses files generically using heuristic and intelligent rule-sets rather than relying on signatures for known worms - this is the future of worm interception.

    Uses a unique non-resident execution hook method to render WormGuard immune to the TerminateProcess and SuspendProcess vulnerabilities that affects all other active security systems.

    Provides worm-detection for ALL executed files and filetypes, ensuring the file is safe BEFORE it is allowed to run, making infection almost impossible.

    Has four primary and six secondary core detection engines built-in to handle executed files depending on their type.

    Provides network administrators with the power of blocking the execution of filenames/filetypes on all machines on their network with immediate effect.

    Neutralises many severe Windows vulnerabilities, such as the use of hidden extensions, multiple file extensions, and excessive spaces in filenames.

    Provides extended universal detection and analysis of Macros across all Microsoft Macro formats, such as DOC, XLS, and MDB.

    Provides extended universal detection and analysis of command files, such as COM, PIF, BAT, and CMD.

    Provides Deep-Scanning to detect password-stealers, keystroke-loggers, IRC worms, references to known worm authors, and much, much more.

    Allows the Network administrator the complete ability to customise/disable WormGuard user options.
     
  3. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46
    Are any conflicts known with the other applications . Will tell you what I have running here :

    - Regrun gold ( one of the best investments I made too date ) - running resident
    - Spybot ( need I say more )- running resident
    - Spyware guard-running resident
    -AVG pro 7 - running resident
    - MS anti spyware- running resident
    - Agnitum outpost pro firewall-running resident ( chose this one, because it has the least trouble with the other apps running - not because it's necessarily the best out there )
    - TDS - I start this one up after boot has finished , because it seems to have trouble with MS anti spyware .
    - spyware blaster-running resident
    - adaware SE with all addons ( not running resident )

    I did have process guard installed but this definitely had a conflict ( I think with regrun, but am not sure ) and crashed all the time , so I uninstalled .

    Port explorer seems a nice app , but I already have both wintasks pro and regrun which encompass a process-monitoring utility also .

    I like the stuff at Diamond CS a lot , but overlapping too much isn't such a good thing also ( it only adds to the computer booting extremely slowly in the end ) .So it's a bit of a dilemma which ones to go for .REGRUN is a definite though : best one out there , in my opinion .

    these days you can't be too careful , especially with a broadband connection - meaning you're online all the time the system is running.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    WormGuard should not conflict with any of your Apps :) and uses very low resources.

    ProcessGuard should also run with no problems, Reg Run Gold does not conflict with PG on my machines and I use all the apps that you do, although I do run Giant AS rather than MS's beta clone.

    What version of ProcessGuard did you try?
     
  5. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    I'm also a user of both of these programs. No conflict here.
     
  6. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    WG does conflict with my Audigy 2 EAX Console. It will not load with WG resident and takes a reboot to get it to run afterwards. o_O
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Eliot, Then you need to add the file to the WG allow list>
    Here is an example from my allow list:
    C:\windows\system32\restore\restrui.exe This allows System restore to work properly when WG is installed.

    HTH Pilli
     
  8. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46

    Definitely not the one from 18-1-2005 which I downloaded now . I'm going to try the free version first - if that doesn't show any conflicts or "crashing behaviour " I'm pretty sure the full version won't either .

    Also downloaded the trial for wormguard- going to see if that shows any "bad " behaviour .

    Way I see it worm-infections are pretty dangerous and aren't covered by anti-virus or anti trojan software .How does wormguard manage to stop worms anyway - from what I've read about how worms work this is nigh on impossible because these things multiply so rapidly and "mutate " on the fly .

    Redownloaded port explorer as well , going to compare this to the features covered in the software I already use and see if it's a big enough "improvement " to warrant purchasing .
     
  9. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Ahhhh, I forgot about that. Now to add the final link in the chain. Thanks Pilli.
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    You should not have any problems but please follow the install/uninstall instruction sticky: https://www.wilderssecurity.com/showthread.php?t=16931

    @ Eliot Just browse the path and add, sometimes it may require a little research to define which file needs to be added. :)

    Pilli
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    While you should be able to run PG and WG together, PG in my view would provide the greater benefit so it is worth trialling/configuring/testing first.
    A properly configured firewall will counter most worms, since it will block any unsolicited network connection attempts. The only danger then are worms spread via "legitimate" means like email attachments or webpages (and anti-virus software will detect many here).
     
  12. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46
    Sofar so good, re-installed the new processguard and it doesn't seem to wreak havoc on system . One thing I did note when it was installed : it seems to interfer with my AVG antivirus : when AVG starts : both the DB-date is missing and the e-mail scanner is disabled - presumably by either processguard or wormguard .I am able to manually restart AVG - mailscanner and to "get " the date for the virus- signature-DB but don't think this is supposed to happen :)


    However : don't know how to get it to be "allowed " , have no clue what the files responsible for initializing virus DB and personal e-mailscanner are called . If I put these on the allow-list of both WG and PG I should be in business.


    Noticed there's no tray- icon for WG , is this supposed to be the case ??
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    If you have had PG in learning mode run your various security / internet connected programs and their sub programs then ProcessGuard should pick them up.

    WormGuard does not have a tray Icon. Once you have opened the GUI and installed protection it will remain hidden until something awry is found,
    To test, create a text file called something like WG.txt.exe (note the double extension) then double click it and WG should throw up a warning box.

    HTH Pilli
     
  14. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46
    That is sooo true . I just did what Pilli suggested and made a file with a double-extension . Wormguard didn't even have the time to react - I immediately got a warning from AVG instead - it was even hard to get rid of that warning :)

    this means a thumbs-up for AVG as well ;)
     
Thread Status:
Not open for further replies.