Home What is a Trojan Horse? How we reviewed anti-trojans About us |
|
|
Since the time I created this site the problem of malware infection has both escalated and changed in character. At the same time anti-virus products have become much better at detecting trojans. As a result of these developments I no longer recommend for most users the routine use of a separate anti-trojan program such as those listed below. I've left these now dated reviews on this site for reference purposes only. Indeed those faced with removing an existing trojan infection will find the trojan removal capabilities of some of these products useful, particularly the free version of Ewido (now known as AVG anti-spyware). For my latest security recommendations check out the editorial column in the most recent issues of my newsletter - Gizmo, May 2007. Trojan Hunter was written by the talented Swedish author Magnus Mischel and is marketed through his company Mischel Internet Security. The product has a strong and devoted following. This following derives partly from of the excellence of Trojan Hunter's design and partly because of the high level of personal service offered by the developer to his users. Trojan Hunter has been around for several years now and is each successive version has made useful enhancements to an already capable product. The latest release, version 4, introduces an improved scanner plus many minor improvements. Design Like most anti-trojans we tested, Trojan Hunter has a file scanner and in-memory monitor. Where Trojan Hunter differs is in its multi-faceted approach to detection and its unique modular design. Rather than use a database of signatures to identify trojan horses, Trojan Hunter uses a rules database where a "rule" addresses a particular characteristic of a trojan that may allow it to be identified. These identifying characteristics can be properties of the Windows Registry, INI files, normal files, ports, processes or scripts or any combinations thereof. A simple example of a rule would be normal file that contained a specific string of characters corresponding to the signature of a particular trojan. This sort of rule corresponds to the standard approach utilized by most anti-trojan products. But Trojan Hunter's rules can of course, be much more complex. It's a clever design idea that allows trojans to be positively identified in many different ways. It's also a very flexible system. In fact, advanced users can add their own custom rules to address particular situations. The product of course, comes with an extensive rules database and this is updated regularly. In addition to checking for trojans using its own updatable rules database, Trojan Hunter also employs heuristic scanning. This technique seeks to identify trojans by their general "trojan-like" behavior rather than unique individual characteristics, This approach offers the possibility of catching new trojans that have yet to be included in the rules database and polymorphic trojans that change their characteristics to avoid detection. It's yet another layer of protection. This technique however, can cause some false alarms. For this reason, Trojan Hunter allows this feature to be turned off. One of the tricks used by modern trojans is to hide themselves within normal processes that form part of the Windows operating system. Trojan Hunter however scans for these interlopers and can kill them off without bring down the process within which they are hiding. The only other anti-trojan products that detect process injecting trojans are TDS-3 and Ewido and neither can reliably remove these trojans without causing a system crash.. Trojan Hunter's scanner offers an impressive set of options. These include the optional scanning of compressed files such as ZIP and RAR archives, UPX packed files and binded executables. Trojan Hunter also scans for trojans hiding within NTFS alternative data streams. Data streams are an obscure, little used feature of hard disk drives formatted using the NTFS system commonly used with Windows 2000 and XP. You can think of them as a kind of hidden cranny of the hard drive. However Trojan Hunter's scanner seeks out any trojans hiding there and will kill them off. The only other anti-trojan product that has this feature is TDS-3. Trojan Hunter's in-memory monitor is equally impressive. It's also a modular design utilizing a series of "plug-ins" to monitor different aspects of trojan behavior. Additional plug-ins can be added to the product to detect sneaky new trojans are they are developed. The monitor (Trojan Guard) is protected from termination by hostile trojans, a useful feature as many modern trojans routinely pull down any defensive products running on the target computer. Most anti-trojan products provide a few analytical tools for the advanced user. Trojan Hunter provides five such tools:
Normally the freebie tools that you get with most anti-trojan programs are rather minimal. Those provided with Trojan Hunter are actually excellent individual products and rank with some of the best available. This attention to detail is typical of Trojans Hunter's design. Usage Installation proved to be very straight-forward and even novice users would have no problems. On installation, the registered product automatically offers to update its signature database. Trojan Hunter's opening screen uses the familiar and well proven Microsoft Outlook layout with icons down the left side bar and pull-down menus across the top. It presents a simple uncluttered set of choices to the user and most users will be able to navigate it without even consulting the help manual Advanced users can reveal more information by selecting the "Detailed view." This reveals more options than the standard view including access to the five diagnostic tools. The scanner control panel is cleanly laid out with an Explorer style interface through which you select which drives or folders you want scanned. You can also select individual files for scanning by utilizing the scan menu at the top of the page. Individual files can also be scanned by using a right click option from Windows Explorer.. In additional to disk scanning, there is a quick scan option which checks the Registry, INI files, open ports and running processes. The whole thing only takes a few seconds and provides a good quick check if you suspect there is something odd going on with your PC. Also available from the scanner control panel is a listing of trojans currently covered by Trojan Hunter's rule database. You can also check out the rules themselves, a nice touch. Updating the rules file with the latest database from the Mischel website is easy. All you need do is press clearly marked button. In addition, there is also a separate update program provided - a useful feature for end-user implementations in larger organizations. A third way of updating is clicking on the monitor icon in the notification area of the task bar. The monitor (Trojan Guard) itself can be set to auto-start with Windows or can be started up any time by running the separate Trojan Hunter Guard program. Right clicking the Guard icon brings up a number of options including automatic removal of trojans and shutdown protection. There are some areas for improvement. First there is no easy way to have Trojan Hunter auto-update the rules file. Yes, there is a procedure outlined on the web site that experienced users could follow however this is beyond the scope of average users. Second there is no easy way to set up regular automated scans. Again this is not a problem for experienced users who can set up Windows task scheduler but is an issue for average users. These minor reservations aside, Trojan Hunter manages brilliantly to achieve the difficult task of providing advanced functionality and great flexibility into a very easy-to-use package. In many ways it's like TD-3, but without the angst. Need cheap inkjet cartridges? Check out http://www.techsupportalert.com/cheap_inket_cartridges.htm Performance Trojan Hunter took about two minutes to scan around 6000 files, a result that is on the fast side of average for the products reviewed. Note that Trojan Hunter does not tell you the exact number of files scanned, so our timing test has a small margin of error. A couple of years back Trojan Hunter had the fastest scanner around. We speculated that maybe this was because Trojan Hunter had (at that time) a small rules database. Well this looks to have been the case, as Trojan Hunter's rules file has grown so has its scanning speed fallen. The monitor takes about 5.6MB of memory, a little below average of the products we tested. It ran inconspicuously in the background and seemed to consume few resources. As you can see from the following resource usage graph Trojan Hunter checks memory around every nine seconds. In between it consumes virtually no CPU resources. The same hold true when a new program is loaded - there is no discernible increase in monitor activity. As you would expect from this pattern, the Trojan Hunter monitor has almost no impact on computer performance.
On our trojan detection tests Trojan Hunter detected nine trojans which placed it in equal first place with TDS-3. Choosing between TDS-3 and Trojan Hunter is not easy. TDS-3 comes with a better set of tools but is very difficult to use and it is slow and clunky. However Trojan Hunter is much easier to use, is much faster to scan and imposes less overhead on your computers processor. Either product will give you great protection against trojans, in fact , the best currently available. Each product has great support and regularly updated signature databases. Most normal users will probably be better off with Trojan Hunter. The technically advanced will be tempted by TDS-3 and live with its complexities. Usage aside, both are great products and carry our hearty recommendation. Other Reviews It is difficult to get a feel for the performance of Trojan Hunter from past reviews. One test (1) put it right at the bottom but the version tested was the now obsolete Trojan Hunter version 1.0 Yet another (2) put it right at the top but the developer was given the opportunity to update the product during the course of the review and you simply cannot interpret the results. A third from Wilders, rated the product well, but was qualitative rather than quantitative. The only other review (3), which was for version 2.0, relegated Trojan Hunter to the bottom of the pack. However this report was commissioned by the vendors of Pest Patrol and it's objectivity could easily be questioned. Support The product comes with a clearly written help file. It's not the most comprehensive we've seen but is more than sufficient for the average user. The help file mainly covers usage and unfortunately, does not include much useful information to guide the user if a trojan is detected. There are links though, to both the web site and the Mischel web forum where further support is provided. The support section of the web site has a list of common support questions but it only contains four entries. The official Mischel support forum however offers an extensive FAQ. The forum is very active and often frequented the developer Magnus Mischel who goes out of his to politely answer all questions whether naive or highly technical. Trojan Hunter has a keen band of supporters who haunt the forum and they too are an excellent source of advice. The net result is that the Mischel forum is one of the best in the business and an excellent source of support and information. An email tech support service is provided as well. We used this to lodge our three test questions and obtained answers to each within 24 hours. This is an outstanding result particularly given time zone differences. Summary Trojan Hunter has the classic attributes of a product from a talented designer. It is brilliantly conceived and brilliantly executed. It's easy to use, resource efficient and has outstanding trojan detection and removal capabilities. Support of the product support is first rate. Furthermore, the product continues to improve and today's buyers will reap the benefits of these future developments. Version tested: 4.0 Price: $49.00 Download: Click here to download trial version Purchase Details: Click here Trojans in database 5920 trojans as at the 28th of August 2004 Website: http://www.misec.net Signature File Update frequency: 1 to 3 times weekly
Advertisements: The Best Backup Software: 18 backup programs reviewed and rated but only one get "Editor's Choice" Inkjet Printer cartridges: The best places to buy cheap inkjet cartridges. We looked at 47 seven sites but could only recommend eleven.
|
Review
of Trojan Hunter Anti-trojan
Even on o
