Home What is a Trojan Horse? How we reviewed anti-trojans About us |
|
|
Since the time I created this site the problem of malware infection has both escalated and changed in character. At the same time anti-virus products have become much better at detecting trojans. As a result of these developments I no longer recommend for most users the routine use of a separate anti-trojan program such as those listed below. I've left these now dated reviews on this site for reference purposes only. Indeed those faced with removing an existing trojan infection will find the trojan removal capabilities of some of these products useful, particularly the free version of Ewido (now known as AVG anti-spyware). For my latest security recommendations check out the editorial column in the most recent issues of my newsletter - Gizmo, May 2007. Tauscan is a product of the highly reputable security software company Agnitum Ltd, makers of the well know and well regarded Outpost firewall. According to the website, the company's headquarters is in Cyprus but this may just be an administrative arrangement. Tauscan was first released in March 2000 and is now at version 1.7. Design Tauscan, like most of the anti-trojan programs tested, has two components: a file scanner and an in-memory monitor that looks for trojans when they are executed. According to Agnitum, the Tauscan scanner not only looks for trojan signatures but also uses an Advanced Trojan Analyzer " that allows the program to detect Trojan viruses even if they have been incorporated as an attachment". We take this to mean that the Advanced Trojan Analyzer can also use heuristic analysis to detect trojans rather signatures alone. However this method is noted for throwing up false positives. We suspect why this option is tuned off by default in the distributed product. The heuristic analysis is also agonizingly slow. Turning the Advanced Trojan Analyzer on increased the scan time for a test directory from 14 seconds to five minutes 28 seconds! It also didn't improve detection results. This is a pity as the standard Tauscan file scanner cannot detect polymorphic trojans. Agnitum claims that Tauscan will scan within archives. Indeed there is an option to do so from within the scanner control panel. However the archives file types that are handled is nowhere stated . Tauscan's memory monitor is fairly standard. It periodically scans running processes and is quite resource efficient. It is however unprotected and can be easily pulled down by aggressive trojans. Tauscan's overall design is in fact looking dated. The version we tested appeared to be little changed from the version we first tested in 2002. Usage Installation is straightforward. On completion it asks if you want to update the signature file, a process that proved to be as uncomplicated as the rest of the installation. The scanner control panel is exceptionally well designed. It's clean, it's functions are obvious yet it has all the functionality you need. Most novices could easily work their way through the clearly laid out options and for the truly hopeless, there is an simple wizard that will set up a sensibly configured scan just about automatically. You can easily select to scan whole drives, or individual folders, through an Explorer style interface. You can't scan individual files but this function is available as a mouse right click option from within Windows Explorer. Scanning options include archives and memory objects and you can nominate specific file types as well. The scanner control panel features a prominent update button which, when pressed leads to a straightforward process where Tauscan connects to Agnitum website and downloads the latest signature file. Options are also available for setting periodic update reminders to the user. The monitor presence is indicated by an icon which sits inconspicuously in the notification area of the task bar. Double clicking the icon brings up a small control panel for monitor functions. This includes a display of running processes. Clicking on a process brings up the option of killing the process. Right clicking the monitor icon brings up more options including the initiation of an update or starting up the main program. Need cheap inkjet cartridges? Check out http://www.techsupportalert.com/cheap_inket_cartridges.htm Performance The time taken by Tauscan to scan a test data set was better than average for the products we tested. It's quite fast provided you don't turn on the "Advanced Trojan Analyzer" option. The Tauscan monitor takes up around 4.9MB of memory which is also around average for the products we tested It doesn't scan continuously but rather has a burst of activity at 5-20 second intervals. You can see this quite clearly in the graph below. The blue trace is overall system activity and the green trace is the Tauscan monitor. The flat section of the blue trace is where the system was idling. The hump is where we loaded a program. You can see there is no increase in Tauscan activity at this time. This indicates that the monitor is only scanning running processes.
We were able to terminate the monitor process easily. Even the Windows Task Manager was capable of doing it. In our detection tests Tauscan's results were disappointing. It only found two trojans, the equal worst performance of the products reviewed. We repeated the test with the Advanced Trojan Analyzer option enabled and the results were no better. Looking at the trojans missed, most used encrypted compression schemes. Other Reviews Tauscan has received some excellent reviews. Two put it right at the top of the pack. (1, 2) Yet in another review that looked at the detection of compressed or encrypted trojans (3), Tauscan performed towards the bottom of the anti-trojans tested, as it did in the dark-e.com review. The discrepancy between reviews may be explicable in part, by the fact that the current version of Tauscan cannot detect polymorphic trojans. Support The web sites has a FAQ but it only contains seven questions as does another section entitles "known issues." Also offered from the web site is a quite useful downloadable interactive tutorial and all users should run through this before installing and using the product. There is an official Agnitum support forum one section of which is dedicated to Tauscan and this appears to be reasonably active. There is also an unofficial on-line chat service for Agnitum users but this appears to be mainly geared to users of the Outpost firewall Agnitum doesn't seem to officially offer email support but instead uses a web form system. We got answers to our three test questions though the response time was not all that speedy. Summary Tauscan is a well established anti-trojan with an excellent user interface. However it's inability to deal with modern binded and polymorphic trojans limits its effectiveness. Agnitum really need to release a new version updated to handle modern threats. Version tested: 1.7 Price: $29.95 Download: Click here for trial version Buy: Click here for purchase details Trojans in database: 5172 trojans, as at the 26th August 2004 Website: http://www.agnitum.com Signature File Update frequency: "Usually weekly"
Advertisements: The Best Backup Software: 18 backup programs reviewed and rated but only one get "Editor's Choice" Inkjet Printer cartridges: The best places to buy cheap inkjet cartridges. We looked at 47 seven sites but could only recommend eleven.
|
