Wormguard necessity

Discussion in 'WormGuard' started by Peter2150, Oct 12, 2003.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,363
    Hi all

    I am trying to figure if I really need Wormguard. Currently protecting my computer (XP Pro) are Zone Alarm Pro 4.0, F-Prot antivirus,TDS-3,Spybot, Adaware, and lastly Abtrusion Protector.

    The last is the reason I ask. Abtrusion Protector when installed scans every file on the computer that can execute code, and records it and a CRC thumbnail. Then when anything new tries to run, it blocks it and alerts. (Yes it does have an install provision) I have tested it well, and its great.

    What would Wormguard offer on top of all this.
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Hi Peter2150,

    The difference between Abtrusion Protector and WG is that Abtrusion Protector relies on a database that it builds and does not know whether a file is dangerous, while WG is analizing the code before it is executed.
    So if you know what is running on your system all the time, Abtrusion Protector will do.
    Dolf
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,363
    Exactly, Key is to be sure system is clean before installing Abtrusion. I guess another way of asking is can worms get into anything other than something that executes, and cause damage?
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,896
    Location:
    New England
    Hi Peter,

    One question about Abtrusion Protector... What file types does it register and control? My assumption if .EXE .DLL maybe .SYS and a few others. Does it also handle script files? .VBS .JS etc.? WG can flag (and halt) malicious code in scripts, too. Since such scripts are actually interpreted from the Windows programs cscript.exe and wscript.exe, which may be allowed in Abtrusion, is this a protection that would be of benefit?

    Sorry, I don't know Abtrusion and how it handles these. I use the Tiny Trojan Trap sandbox and it has a special handler for these types of scripts. Just a thought.
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Not that I know of
    Dolf
     
  6. FanJ

    FanJ Guest

    On a side-note:

    1- CRC is not exactly the most secure HASH.
    2- How secure (safe) stores Abtrusion Protector those CRC-checksums?

    And some side-notes to that:
    1- CRC has for "some time" been "cracked".
    Lots of things could be said about that.
    That doesn't necesarrily mean that it is that unsafe, but it could be wise to keep in mind.

    2- An old favourit topic of mine.
    If I (or some program) can confirm that a certain program is OK by using a checksum, why shouldn't a nasty not be able to do that too behind your back?

    That all being said:
    I myself still use W98SE that hardly give you the option to check exe, dll, etc files in real time for changes in checksums. On NT-based systems (2000, XP) the situation is better. And I'm jealous to you on NT-2000-XP who can use TTT or Abtrusion Protector or the like.
    Nevertheless (on my W98SE box) I use several file-integrity-checkers.

    And I most certainly use WormGuard too.
    It's all about the layered defense !
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    And i really like the ability to look inside files in the safe mode to decide better if i should indeed not run the file or take the risk anyway, the scripts detection, the fact it doesn't work on a database which needs updating but has several other ways of detection, the exclusions if we want, and not to forget the new WG4 around the corner all rebuild from scratch with even more possibilities. But those details we're going to know soon enough. And a registered WG3 user can get that upgrade even for free!

    Saved my computer various times from real nasties.
    The double extensions? Fortunately TDS detects them too and they can be real sercurity risks for many reasons written about before.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,363
    Thanks for all the replies. Just took another look at the Abtrusion website. They use a hash algorithym supposedly stronger then MD5. Not a simple crc sum. I don't believe that is will screen out scripts, which is what prompted my original question. Wormguard is cheap compared to the grief people have without protection. Its coming my way. There is also another program I use, but I will put that in a separate thread.

    Pete
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,363
    Since it isn't about worm guard I am posting the note about the other program under the general security issues board.
     
  10. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    I believe abtrusion protector uses a SHA-1 hash, while the current version of SSM is the one that uses CRC.
     
Thread Status:
Not open for further replies.