Outpost Pro vs. Tauscan & Jammer

[scott2]

Hi,

1. Which will give me the greatest protection from, well, everything Outpost Pro or Tauscan & Jammer together (or some other combination)? I think I read on the Agnitum website that Jammer was incompatible with Outpost, but I can't seem to find that link now.

2. As a corollary to the above, can I at least install both Jammer and OPP together on the one machine, and just activate one at a time, for software testing and evaluation? Or will the two products conflict with each other?

3. Is Tauscan usually hideously slow? It's been running about 4 hours and is still on my C: drive, with D: and E: to go. At this rate it may take a couple days to complete! Ad-a-ware is MUCH faster but, then again, didn't find any trojans. Tauscan has already found one so far.

I'd prefer to find one GOOD company, pay them a reasonable amount, and have peace of mind of a secure system, rather than cobble together bits and pieces of freeware. From what I can gather from my web research, Agnitum could be that company.

Apologies if the Tauscan questions are inappropriate for this forum.

Regards,
Scott

[Paranoid2000]

Welcome to the forums Scott2,

Quote:

Originally posted by scott2
1. Which will give me the greatest protection from, well, everything Outpost Pro or Tauscan & Jammer together (or some other combination)? I think I read on the Agnitum website that Jammer was incompatible with Outpost, but I can't seem to find that link now.

2. As a corollary to the above, can I at least install both Jammer and OPP together on the one machine, and just activate one at a time, for software testing and evaluation? Or will the two products conflict with each other?

To tackle the second question first, Outpost will not work with any other (software) firewall - since Jammer includes a firewall this does mean that the 2 cannot be used together.

As for which would provide greater protection - I have not used Jammer so cannot really comment on it but Outpost is the product that has been updated the most (the most recent public update of 2.1, build 297/309 was released on March 15th) and offers a far higher degree of control over your system (see for details of how it can lock down potential loopholes). I do not think Jammer has received an update for over a year (don't quote me on that though... ).

However, a firewall is only one aspect of a complete security solution. For "standard" Internet usage (web-browsing and email), a regularly updated (at least weekly) anti-virus scanner should be used with along with a firewall. In addition, due to the number of exploits affecting web browsers (Internet Explorer especially) which would go through a firewall, using a filter to screen out "active content" (ActiveX, Javascript, Java, etc) should also be considered (if you use Outpost, its Active Content plugin will do the job in most respects). However running AdAware or Spybot Search and Destroy on a regular basis will clear out most of the unwelcome visitors that some websites may try to foist on you.

If you download files from Internet Relay Chat, file-sharing networks or "warez" websites, then your chances of picking up malware/trojans are greater and at this point I would suggest using an anti-trojan scanner (such as Tauscan, TrojanHunter or TDS-3) along with the anti-virus. You may also wish to deploy an application firewall like System Safety Monitor (free) to keep tight rein on what software is executed. Since many trojans now try to shut down security software, using DiamondCS' ProcessGuard will protect and alert you to such activity - should you ever happen to run one.

Quote:

3. Is Tauscan usually hideously slow? It's been running about 4 hours and is still on my C: drive, with D: and E: to go. At this rate it may take a couple days to complete! Ad-a-ware is MUCH faster but, then again, didn't find any trojans. Tauscan has already found one so far.

It sounds as if you have the "Advanced Trojan Analyser" option checked (Options/Analyser) - uncheck this and Tauscan should be blazingly fast.

Quote:

I'd prefer to find one GOOD company, pay them a reasonable amount, and have peace of mind of a secure system, rather than cobble together bits and pieces of freeware. From what I can gather from my web research, Agnitum could be that company.

Sorry to disappoint but there is no single company that covers the whole spectrum of security software (Symantec comes the closest but I would hesitate to describe either them or their software as "good"). Agnitum in my view do the best firewall, however TDS-3 and TrojanHunter are considered the best trojan scanners by many. Process Guard and System Safety Monitor appear to be in a class of their own and cover specific issues. So you will have some "cobbling together" but can then end up with a multi-layered defense that can provide good protection even if one element is bypassed.

[scott2]

Hi,

Thanks for the info. OK, here is my summary of your post, plus some addtional information.

Here is what I have already installed so far:

* Netgear FM114P Router/Hub/Firewall (hardware firewall, ADSL connection)
* Outpost Pro 2.1 software firewall (30 day evaluation)
* Norton Anti-Virus 2003
* Lavasoft Ad-a-Ware
* Spybot Search and Destroy
* Spyware Guard
* Spyware Blaster
* Tauscan (30 day evaluation)

From your post, software worth adding/evaluating:

* System Safety Monitor
* Process Guard
* TDS-3
* Trojan Hunter

I'm pretty sure this is overkill, and I should evaluate and choose the best product in each class:

* Network Firewall: Outpost Pro 2.1
* Spyware/Trojans: Ad-a-Ware, Spybot, Spyware Guard, Spyware Blaster, Tauscan, TDS-3, TrojanHunter
* Application Firewall: System Safety Monitor
* Security Software Monitor: Process Guard

Pick one from each category.

Let me know if this analysis is wrong. The biggest area for further evaluation is the Spyware/Trojan category.

OT comment: today NAV keeps reporting that I have Bloodhound.Exploit.6 (renamed to MHTMLRedir.Exploit after today's LiveUpdate). I only get the alerts when Outlook is open; if Outlook is closed I don't get the alert. I'm hoping the combination of all the above will get rid of the problem. Yes, I did a Google on this problem and read additional forums, but still can't get rid of the problem. As stated, this is OT; no reply needed.

Thanks again for the reply!!!

Cheers,
Scott

[Paranoid2000]

Quote:

Originally posted by scott2
Here is what I have already installed so far:

* Netgear FM114P Router/Hub/Firewall (hardware firewall, ADSL connection)
* Outpost Pro 2.1 software firewall (30 day evaluation)
* Norton Anti-Virus 2003
* Lavasoft Ad-a-Ware
* Spybot Search and Destroy
* Spyware Guard
* Spyware Blaster
* Tauscan (30 day evaluation)

The Netgear's firewall will provide a good first line of defense - Outpost's role will then be more focused on limiting what traffic comes out and which applications can access the Internet. You do list 4 anti-spyware packages - I would stick with one for simplicity. Having restrictive settings in Outpost's Active Content will block many possible exploits (though some sites do need cookies, javascript, etc - I find it best to experiment when problems arise and create an exclusions entry for those sites). Also consider using Eric Howes' AGNIS list in your ad-filter - it contains known spyware and malware sites as well as advertisers.

Quote:

From your post, software worth adding/evaluating:

* System Safety Monitor
* Process Guard
* TDS-3
* Trojan Hunter

Tauscan, TDS-3 and TrojanHunter all do the same thing - again, just choose one.

Quote:

I'm pretty sure this is overkill, and I should evaluate and choose the best product in each class:

* Network Firewall: Outpost Pro 2.1
* Spyware/Trojans: Ad-a-Ware, Spybot, Spyware Guard, Spyware Blaster, Tauscan, TDS-3, TrojanHunter
* Application Firewall: System Safety Monitor
* Security Software Monitor: Process Guard

As I said, a firewall and anti-virus will do for straightforward Internet access. Add the others only if you feel the risk justifies it. SSM for instance will kick in for every application launched, any termination attempt and DLL injection - so Process Guard should only be needed if you want to cover against running a trojan and then OKing it with SSM.

Quote:

OT comment: today NAV keeps reporting that I have Bloodhound.Exploit.6 (renamed to MHTMLRedir.Exploit after today's LiveUpdate). I only get the alerts when Outlook is open; if Outlook is closed I don't get the alert.

I've had this also - spam emails trying to use an Internet Explorer exploit. Delete the emails and the problem should disappear.

Another suggestion is to avoid using Microsoft products like Outlook and Internet Explorer altogether - not only have they had numerous exploits but they are also the most heavily targetted due to their widespread usage. Consider Thunderbird for email and either Firefox or Opera for web browsing. These tend to be faster and offer usability improvements over IE.

[Paranoid2000]

Just to clarify Jammer's status - Agnitum have no plans to develop Jammer further (latest version is 2.0.0523) since they consider it a "complete" product with no outstanding bugs and they wish to focus their attention on Outpost.

Jammer's emphasis is on simplicity and so it offers basic attack protection, control over which applications can access the network and it monitors key portions of the Windows Registry.

This does appeal more to some people that a more complex product like Outpost so Agnitum still sells and supports it.