- Table of contents
- Move ICS to main article
- Improve introduction
- Add The Cleaner
By Seán Boran
January 26, 2001 - This article is part of a series of tests on Personal Firewalls/Intrusion Detection Systems. Refer to 1 for an introduction to personal firewalls, risks, tips on "hardening" your Windows even without a firewall, a feature comparison and a summary of analyses.
This report focuses on products complementary to personal firewalls.
Trojan Scanners/protection: Tauscan, WormGuard, Lockdown 2000, The Cleaner, TFAK
Integrity Checkers: tests of Tripwire and other tools will be reported on soon.
Other Tools: Netlab
Ideally antivirus tools would be able to recognize and protect against Trojans as they do viruses.
|
January 26th 2001 update:
|
However, the proliferation of Trojan-specific tools shows that AV products don't yet recognize as many Trojans as they should, so in a very hostile environment (e.g., certain IRC channels), you may wish to consider some of the following products in addition to a personal firewall.
Few tests have been carried out on these products. They are listed for reference purposes, to complement the personal firewall analyses.
Tauscan 3 removes Trojans from the registry without deleting files that the system needs to operate, that may have been altered by the Trojan. Its sister program, Jammer, is a registry monitor and has an excellent Netstat and DNS feature. It also has a very official-looking mail that can be sent to an abuser's provider explaining the type of attack with relative information. If someone does get ZoneAlarm, then Jammer will pick up their scanning activity and notify the user as to the attack. They work with any antivirus or security software, and are simple to set up and use. Tauscan and Jammer cost $39 and are available from Agnitum.
WormGuard 3 (also called Trojan Defence Suite) from Diamond Computer Systems in Australia, is a bit different:
Lockdown 2000 3, $99, scans, detects and removes
Trojans.
There are reviews available from other sources:
http://www.webattack.com/reviews/lockdown_rv.shtml
MooSoft's "The Cleaner [3]," recommended by several readers, is another tool which scans the local drives for Trojans.
Features include: Huge database (over 1800 entries), Constantly updated. Fast scanning engine (~222,000 trojans/sec). Inspects ZIP, RAR, ARJ, ACE and CAB archives. Finds stealth trojans using FileSpect technology. TCActive! stops trojans before they can activate Interactive trojan database browser Install and uninstall. No conflicts with any programs.
Operating systems supported: Windows95,98,ME, NT4 Workstation/Server Windows2000 Pro/Server
Cost: $29.95 after the 30-day trial period.
A quick test showed no stability problems. Scanning of 75GB did take a few hours, though.
TFAK 3 is a free program to detect up to 366 types of
Trojans. It worries me that it was developed by a hacker, and that the source code is not
available. It was not very stable either, blocking CPU usage at 100%. I recommend you
avoid this tool completely.
Netlab 4 is a free program that offers a comfortable interface for finger, whois, daytime, ping, traceroute, clock synchronization, DNS lookup and network scanner. (Tested on NT4, useful.)
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
07.Nov.00 Delete section on Firewalls not tested (move to
main article)
21.Nov.00 TFAK warning.
25.Jan.01 move ICS to main article, add Cleaner
| © Copyright 2000, Seán Boran, All Rights Reserved Last Update: 10 octobre, 2001 |