Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 8th, 2008, 5:54am
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   Pc-cillin & TrojanHunter		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Pc-cillin & TrojanHunter  (Read 660 times)
rico123
Newbie
*





   


Gender: male
 Posts: 20
Pc-cillin & TrojanHunter
« on: Aug 13th, 2005, 8:43pm »		 Quote Quote  Modify Modify
Hi, Should I stop TrojanHunter from running at startup, as TrendMicro's PC-cillin is starts with windows? I would still run the scan for trojans periodically.  
 
Also starting with windows is Microsoft AntiSpyware, with all real-time-agents - ON. Is this another reason not to have, your AT starting with windows?
 
Thanks
rico
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5662
Re: Pc-cillin & TrojanHunter
« Reply #1 on: Aug 14th, 2005, 4:04am »		 Quote Quote  Modify Modify
There should be no reason to not allow THGuard to startup automatically on reboot.  Are you seeing a conflict error message or something?  
 
THGuard plays well together with MS AntiSpyware and Trend Micro.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: Pc-cillin & TrojanHunter
« Reply #2 on: Aug 14th, 2005, 12:20pm »		 Quote Quote  Modify Modify
Siliconman is correct, there should be no conflict between TH Guard {which polls memory} and your other security products: your AntiVirus or AntiSpyware scanners -- since they monitor different things; the TH Guard only monitors memory and doesn't interfere with running programs which it scans as "clean" {legitimate processes that are not trojans, adware, etc.}.  HTH .. Wink
« Last Edit: Aug 14th, 2005, 12:20pm by Randy_Bell » IP Logged
rico123
Newbie
*





   


Gender: male
 Posts: 20
Re: Pc-cillin & TrojanHunter
« Reply #3 on: Aug 14th, 2005, 4:10pm »		 Quote Quote  Modify Modify
Hi Thanks for your timely comments. Could you please comment on the following, (look-in-on-thread):
 
   Wilders Security Forums > Other Security Issues > other security issues  
 Why bother using any anti-trojan program  
 
Also What is a ITW trojan?
 
The stated detection rate for TrojanHunter 4.2 is 23.65%, and the top rated AT TDS is ~50%. While the worst AV is in the ~70% detection rate. Top rated AV at detecting itw trojans is Kapersky with 99%.  
 
the wilders thread will explain why i was concerned about, TH Guard resident with PC-cillin & M$AS.
 
I'm sure Wai Wai is probably incorrect, but i'd like to understand .  
 
Thanks
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5662
Re: Pc-cillin & TrojanHunter
« Reply #4 on: Aug 15th, 2005, 12:59am »		 Quote Quote  Modify Modify
ITW = In The Wild = Trojans that are spreading via Internet and email.
 
The issue with comparison tests that compare security program vs security program detection rates is:
 
There is no international standard used/adhered to for clearly defining what is a trojan.  This means that one security company will/may call adware/spyware a trojan...others define it as spyware or adware or even a virus/worm.  I'm sure there are individual company internal guidelines for this, but these do not transcend across international standards/boundaries.  
 
Naming conventions are not standardized internationally either.  It is very difficult to transverse  "xyz.item" across security programs.  Some security companies do record alias names used by other security companies for malicious items; however, this is does not make it easy to trace a specific malicious code throughout the multitude of security software.  
 
Trojanhunter focuses primarily on trojans and secondly on other types of malicious items with the exception of viruses.  It has no detection/removal engine for viruses.  And as with all security companies, Mischel Security makes decisions as to what malicious items fit into its definitions rulesets based on its standards and TrojanHunter's design criteria.  
 
There are too many comparison tests that "ball up" a whole bunch of malicious items of various types and throw them in the pot.  But is a malicous item a trojan or spyware/adware in that ball?  
 
I suspect you can see where this is going.  It's like running a speed test between all makes and models of cars and then declaring the winner as the absolute best car on the market...even though it may get 8 miles/gallon and cost $99,000....Apples to oranges type testing and then making a declaration without qualifiers.  
 
HTHs
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
rico123
Newbie
*





   


Gender: male
 Posts: 20
Re: Pc-cillin & TrojanHunter
« Reply #5 on: Aug 15th, 2005, 10:39am »		 Quote Quote  Modify Modify
Hi Siliconman, Hmmm! I'm not sure if you read the thread at www.wilderssecurity.com, mentioned previously. The argument is/was the relevency of all AT programs. As the best AT (tested) had a detection rate of ~50% for itw trojans. Pretty low detection rate for  specialized software. Okay! So looking at: http://www.av-comparatives.org/ "on demand" test we see a itw detection rate for AV's in the 90% range. Wai Wai (at wilders) looked at itw detection rates of a group of AV's vs a group of AT's at itw detection.
 
If you haven't looked at the thread you should as some, very talented security experts have commented.
 
Take care
rico
IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: Pc-cillin & TrojanHunter
« Reply #6 on: Aug 15th, 2005, 12:39pm »		 Quote Quote  Modify Modify
rico, I am aware of the Wilders thread and I have to warn you there are a bunch of very zealous KAV Evangelists there at Wilders who push KAV very hard in almost every thread.  This particular thread was started by just such a person who thinks KAV is the Ultimate BulletProof Security Product that covers everything.  Sadly, he is wrong, but I don't post to that thread because I have learned it is futile to debate with those guys, their minds are made up.
 
One thing Silicoman did not mention is that a file scanner like KAV is very easy to fool, whereas AntiTrojans are memory scanners.  One can easily modify a trojan {hexedit, pack, rebase, etc.} to elude detection by a file scanner like KAV {or other AV} but the resident TH Guard will still catch it because the process running in memory is still the same.
 
Take a look at illukka's post in another Wilders thread:
http://www.wilderssecurity.com/showpost.php?p=522349&postcount=25
Quote:
kaspersky is also the av that is the most targeted by trojaners. they all want to make their rat undetected by kav, and it is possible to do so. thats where the AT's come in
 
ive had trojan hunter guard pop up warnings many times, even when my KAV remained silent. same goes for boclean, it has blocked something missed by my av's ( KAV; NOD32 and DrWeb) numerous times.. ut i collect trojans and my chances of seeing an undetected rat are really somewhat higher..and some of them are btw undetected by AT's too

Edit: I broke down and briefly posted to the Wilders thread, but really want to avoid arguing with some of the KAV folks because I know it is futile, hehe ..  Grin
« Last Edit: Aug 15th, 2005, 5:58pm by Randy_Bell » IP Logged
rico123
Newbie
*





   


Gender: male
 Posts: 20
Re: Pc-cillin & TrojanHunter
« Reply #7 on: Aug 15th, 2005, 1:48pm »		 Quote Quote  Modify Modify
Hi Guys, Okay! I find Wai Wai's statement that AT's, get less than 50% detection rate vs AV's detection rate >70%, somewhat hard to believe. Specially TrojanHunter's 23% detection.  
 
I think your saying that AV's catch/detect trojan's upon scans, & not in memory, like TH Guard would? Is this correct. If AV's detect trojans in memory, would'nt that be a potential conflict, with THGuard being resident. Does THGuard detect all the trojans,that TH scan can remove or detect?  
 
I've got to run now, day off with the wife, movie shopping etc. I'll be back!
 
Thanks
rico
IP Logged
illukka
Full Member
***



spyware fighter

316614602 316614602     mrllukka


Gender: male
 Posts: 124
Re: Pc-cillin & TrojanHunter
« Reply #8 on: Aug 15th, 2005, 1:50pm »		 Quote Quote  Modify Modify
on Aug 15th, 2005, 10:39am, rico123 wrote:
As the best AT (tested) had a detection rate of ~50% for itw trojans. Pretty low detection rate for  specialized software.

 
i suppose youre referring to the virusP tests that wai wai is eagerly buffing
 
the trojan part of the test is not correct
search through my posts there and you'll find a thread where i do a test to prove some things about the virus p tests  
, also youll notice that the author of said tests confirms my discoveries in the same thread!
 
edit: here it is
http://www.wilderssecurity.com/showthread.php?p=250483#post250483
 
 
i am willing to make a test.. well wait a minute, the test was alrady done at wilders
it was a challenge type of test: someone boasted that his av(fsecure, a kav clone) would detect trojans better than a dedicated AT ( in this case tds).
he chose sub seven, which was modified ( repacked ) by nautilus to make it undetected by fsecures kav engine
and undetected it was, the test resulted in an infection. tds was able to detect sub7 with its memory scan despite being modificated.
the fact that sub seven was chosen made the test and the resulting infection serious, because sub seven has a master password> anyone who knows it could have owned the machine!!
 
any script kiddy can use these tools to make their trojan undetected by file scanners. it is very easy, just a couple of clicks with the mouse and kav no longer detects it. btw that is highest honors in the trojan world: my rat is undetected by KAV!
in any case an anti trojan with a good memory scanner (TH, ewido, boclean etc) will still catch the modified trojan
there are several tools available to do this btw, freeware public tools....
 
 
 
« Last Edit: Aug 15th, 2005, 4:01pm by illukka » IP Logged
I Am A Proud Member Of ASAP Since 2004

To Ride, Shoot Straight And Speak TheTruth
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: Pc-cillin & TrojanHunter
« Reply #9 on: Aug 15th, 2005, 6:07pm »		 Quote Quote  Modify Modify
on Aug 15th, 2005, 1:48pm, rico123 wrote:
I think your saying that AV's catch/detect trojan's upon scans, & not in memory, like TH Guard would? Is this correct.

Yes, AVs do not usually scan memory, they monitor file access {when a file is opened, copied, moved, etc.}.
 
on Aug 15th, 2005, 1:48pm, rico123 wrote:
If AV's detect trojans in memory, would'nt that be a potential conflict, with THGuard being resident.

There is no conflict because AVs detect malware in the filesystem, as files are moved, copied, opened, etc.  AntiTrojan like the TH Guard detects malware in memory, as it continually polls the running processes there.
 
on Aug 15th, 2005, 1:48pm, rico123 wrote:
Does THGuard detect all the trojans,that TH scan can remove or detect?

YES, almost always, if there is a file rule used by the File-Scanner to detect a trojan in the filesystem, there will also be a process rule used by the Guard to detect same in memory.
 
on Aug 15th, 2005, 1:48pm, rico123 wrote:
I've got to run now, day off with the wife, movie shopping etc. I'll be back! Thanks rico

Okey Doke, talk later alligator. Wink
IP Logged
rico123
Newbie
*





   


Gender: male
 Posts: 20
Re: Pc-cillin & TrojanHunter
« Reply #10 on: Aug 15th, 2005, 7:30pm »		 Quote Quote  Modify Modify
Hi Guys, Wedding Crashers well LOL LOL! Lunch was great also. Okay! Uncle, I give! I've learned alot!
 
Couple of other questions: At wilders some very knowledgeable security types often list 3 or 4 AT's on there boxes. Why would any one want to run multiple AT's. Is this just paranoia?  
 
What AV's do you like? What do you think of the testing/fairness of: http://www.av-comparatives.org/
 
Thanks
I'll bet Randy likes/recommends Panda AV?
rico
« Last Edit: Aug 15th, 2005, 11:13pm by rico123 » IP Logged
illukka
Full Member
***



spyware fighter

316614602 316614602     mrllukka


Gender: male
 Posts: 124
Re: Pc-cillin & TrojanHunter
« Reply #11 on: Aug 15th, 2005, 11:51pm »		 Quote Quote  Modify Modify
on Aug 15th, 2005, 7:30pm, rico123 wrote:

Couple of other questions: At wilders some very knowledgeable security types often list 3 or 4 AT's on there boxes. Why would any one want to run multiple AT's. Is this just paranoia?

 
i do run multiple trojans. to test if they detect the stuff i find etc. also no single scanner detects everything
 
on Aug 15th, 2005, 7:30pm, rico123 wrote:
What AV's do you like? What do you think of the testing/fairness of: http://www.av-comparatives.org/

 
it is the best anti virus test currently available. IMO not perfect but stilla good one
 
my favorite avs ( the ones i have installed:
DrWeb, Nod32, SAV corporate edition, Kaspersky, VirusBlokAda)
 
on Aug 15th, 2005, 7:30pm, rico123 wrote:

Thanks
I'll bet Randy likes/recommends Panda AV?
rico

 
you lost that one Smiley
 
IP Logged
I Am A Proud Member Of ASAP Since 2004

To Ride, Shoot Straight And Speak TheTruth
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register