Real Time Protection?

Discussion in 'Trojan Defence Suite' started by Soul_Flame, Apr 2, 2002.

Thread Status:
Not open for further replies.
  1. Dan Perez

    Dan Perez Guest

    Soul_Flame, I am not quite convinced that I understand what your concerns are but I will have a try anyway.

    As a previous responder indicated, TDS3 can be set to scan various memory objects on launching. Hence you will have a known clean indication at this point and if Exec. Prot is enabled than you don't need to be concerned with something launching from memory later on as it would need to bypass the Exec Prot to get into memory in the first place.

    Does this answer your concerns?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    TDS is told to be very populair with people to protect them for their own kind to put it this way.
     
  3. Soul_Flame

    Soul_Flame Guest

    Hi Dan, thanks for posting on this thread.  

    Let me put my remaining concern this way.  Is it possible
    for something to, as you put it, "bypass the Exec Prot to get into memory in the first place."?  If this is categorically impossible, then I can rest assured that execution protection is sufficient when combined with memory startup scans.  

    My concern is that something COULD get into memory after that initial scan, and then launch from there, thus bypassing execution protection.    When I read Mem's post, it sounded like some time of ongoing memory scans is happening with his configuration.  

    But anyway, I guess I'm looking for one of two things:

    1.  either it's absolutely impossible for something to get into memory after the initial scan, and with TDS-3 still active, or

    2.  there are real time options that will catch something executing from memory, and not from an executable file.

    Either 1 or 2 will make me a happy camper.  I hope that makes sense.  Let me know if it doesn't, I'm still struggling to learn more about this technology.

    Regards

    Rick
     
  4. Dan Perez

    Dan Perez Guest

    Well, there are no absolutes but...

    I believe your second option is about right. Unfortunately I am not too conversant with programming so Wayne or Gavin can offer a more decisive answer to the question but I believe that if something goes into memory in the form of "data" and that something refers to that "data" to launch it as "code" then it would have to do it via the Exec Prot hook which is written to prevent this sort of thing.

    Dan
     
  5. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Rick,

    As stated by Dan:
    "Well, there are no absolutes but... I believe that if something goes into memory in the form of "data" and that something refers to that "data" to launch it as "code" then it would have to do it via the Exec Prot hook which is written to prevent this sort of thing."

    It is my understanding that the different memory scans on startup gives you a "clean" system and by execution protection your system is monitored and therefore kept "clean".  For something to enter your memory it must be executed thusly going thru the "hook".

    You ask:
    "But anyway, I guess I'm looking for one of two things:

    1.  either it's absolutely impossible for something to get into memory after the initial scan, and with TDS-3 still active, or

    2.  there are real time options that will catch something executing from memory, and not from an executable file.

    Either 1 or 2 will make me a happy camper.  I hope that makes sense.  Let me know if it doesn't, I'm still struggling to learn more about this technology."

    As nothing is impossible, I beleive # 1 is accurate, and TDS affords you more protection than any other AT on the market  TDS makes things as nearly "absolutely impossible" as they come.

    If I am wrong in any of my statements, I am sure I will be corrected, and I welcome it.

    ALL things considered, you will not find a better AT than TDS-3.2.1 and when V$ is released it will be even better!!!

    Regards,
    Kent
     
  6. Soul_Flame

    Soul_Flame Guest

    Wayne responded to an email I'd sent him, and addressed this question directly.  Based on his response I"m satisfied that TDS will provide sufficient real time protection.  Moreover, I'm quite eager to see what features will be included in the new upgrade.

    I will be purchasing a license for this fine product within a day or two.  Thank you to all who took the time to contribute information on this and other threads.  It's much appreciated.

    Rick
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    We all are looking forward to v4 which must be astonishing and is still kept secret even for us! If it is now already the best, what will be the v4 even better?
    Great that Wayne answered your technical questions satisfying.
     
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Rick,

    Glad to hear of your decision.  Wayne answering your e-mail personally is just one example of the great service that DiamondCS provides to their TDS users.  And as Jooske said TDS-3.2.1 is already the best, just wait for all the improvements and add-ons in v4 (which is a free upgrade to all registered users).  Plus as a registered user, you will have access to the private forum, a great service where many experts (and newbies) can answer any and all of your questions.

    Again, I say welcome!!!

    Regards,
    Kent
     
  9. Soul_Flame

    Soul_Flame Guest

    puff...thanks for the welcome.  And reading your signature, I can't help but noticing I don't think you have enough security software loaded on your machine.  Wow, I don't even know what half of that stuff is.  I'm gonna get an education just researching the stuff you run, lol.

    Anyway, i look forward to using this fine product and interacting with you folks on the private forum.  

    Rick
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Soul flame you got money=) if so buy it i know your doing shoping but to be honest no other trojan detector offers so much how ever if you just one a quick fix.

    click your done just get the  trojan remover called the cleaner lol.

    or go look at another trojan detector read the list of features and compare it to tds list of features after that only coment i have is

    are there any more quistions i rest my case.
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Looking forward to welcome all the new faces there too!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.