Posted:
02may2003

Introduction to Trojan Scanners

Perhaps, like me, you also thought your anti-virus program protected you against the ravages of trojans and worms. But, if you read up on these pesky critters, you'll learn that anti-virus programs provide only limited protection.

What is a trojan you ask? I had the same question. A good definition is posted here. Unlike viruses & worms, trojans do not replicate. Rather they are used to gain remote control of your computer. This is done in two parts:

1. Some type of server is surreptitiously loaded onto your machine.
2. A hacker uses a control console to control your machine remotely.

Much has already been written on the subject, so I won't duplicate here. But you can check your system for the presence of trojans with programs specifically designed for this purpose. Everyone seems to agree that the very best anti-trojan program is the Australian Trojan Defense Suite [now at version 3.2.1, my copy says 3.2.0].

I noticed that Ice Czar listed this program under "Software I Use" [scroll down near the bottom of the page]. It's obvious he spent time researching the topic of Internet Security. You can find independent reviews & recommendations of the top anti-trojan programs listed here and also here. TDS review posted here. A snipet:

v3.2.1 tested .. the result of many years of development .. awesome reputation among knowledgeable users as king of trojan scanners .. utilizes impressive multifaceted strategy .. 17 different approaches to hunt trojans .. more functionality added via downloadable plug-ins.

No other program came close to matching TDS-3's superb array of detection and analysis tools .. a program without peer.

A complex tool whose full power can only be realized if the user understands both the product and the problems involved detecting trojans .. would overwhelm computer novices. US$50. TDS Forums

Unfortunately, the demo for TDS does not offer full functionality. It won't let you install execution protection. Another program however, the Swedish Trojan Hunter [v3.5], *will* allow you to "load/enable" excution protection. It is not rated as highly as TDS, but seems to be more user-friendly. TH review posted here. A snipet:

v2.54 tested .. written by talented Sweed Magnus Mischel .. strong & devoted following .. has not been around long .. quickly evolved into one of the best .. brilliantly manages to provide advanced functionality in an easy-to-use package .. like TDS-3 without the angst.

.. rules database small .. lowest of any product tested .. raises question of product effectiveness .. missed 4 trojans .. by contrast, TDS-3 picked up all trojans on the first test.

Since tests, v3.01 released .. database more than doubled .. forum one of the best .. email support outstanding. US$35.

I downloaded & installed both these programs. TH found no trojans on my system. TDS found *one* [DDos.RAT.Smev] .. in an executable I never use, on one of my Win2K system drives. It has to do with an IRC program I use. If you know about IRC, you're probably not surprised.

Now that this file has been elimiated, I have peace of mind. TDS took much longer to complete it's scan of all my [6] hard drives. I'm assuming this is because it does a more thorough job.

Like virus definitions, you also need to update to the latest trojan database after installing the programs. For TDS, you find that file [radius.td3] posted here. For TH, they are called "Rule files" and are posted here. If you buy the registered version, these programs use a Live_Update utility to do this for you automatically.

But for the demo, they make you do it manually. This is not difficult, tho. For TH, you simply extract [unZip] and overwrite the files contained in the program's install directory and you're up to date. For TDS, you simply overwite the file named radius.td3. [TDS was not aware that I had updated the trojan database until after rebooting.]

You also must/should "load/install" the program, so that it protects you continually. This does not happen automatically. Rather you must do it manually, to protect yourself from new trojans. TH allows you to do this with the demo version, but TDS does not allow you to install "execution protection". It says: "Licensed feature only"

To scan all your hard drives with TDS, select: System Testing > Full system scan. For TH: simply click the "Full Scan" button.

Worms are another pesky critter that can cripple your computer. You can read about them here [thx to Ice Czar for finding the link]. The same folks who make TDS also make a program called WormGuard [now at version 4.0, even tho the download link says v3.1].

Unlike the anti-trojan programs however, WormGuard requires no such database-updating. Rather it seems to reside in the background and watch for suspicious activities that worms typically exhibit.

But like the anti-trojan software, you must also "load/install" WormGuard, after installing the program. It even gives you a button to click to verify the protection is active. Everyday, I've been trying to learn a little more about Internet Security. A good starting point seems to be Ice Czar's links and the Home Firewall guide.

Before closing, I'd like to take a minute to mention <shameless plug> a few other Radified guides that you might find helpful. For example:

The [Norton Ghost User's Guide] is the site's single most popular feature.
The [ASPI Drivers Guide] is ranked #2, and is translated into more languages than any other guide.


My personal favorite is the [Guide to Booting from a SCSI hard drive], which espouses a hybrid approach to disk storage.
The [Guide to Ripping CD Audio & MP3 Encoding] receives more kudos than any other.


[The Best Software Programs & Applications] is growing the fastest.
[Doc's FDISK Guide to Partitioning a hard drive] is referenced by several Universities.


It comes with a companion guide called [Hard drive Partitioning Strategies].
A [PC Benchmarks] page contains a sample of benchmarks for making comparisons, including links to popular Benchmarking programs.


The newest addition is a [Windows XP Installation guide].
And a [few others] </shameless plug>

The end.