dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1475
roberteyewhy
join:2001-09-20
Honolulu, HI

roberteyewhy

Member

Tiny Trojan Trap configuration???

Anyone figured out most of the settings for TTT yet? Damn this is rough! But, I beleve that if you configure it correctly, this app will give you a really secure environment... working in conjuction with your other security policies (Firewalls, Anti-virus, Windows, IE, etc). I'm confused though. What adverse effects are created by not giving, lets say IE or Outlook, access to Registry, Files, System, etc. Does your Apps need to update, change, write, etc to the registry or system everytime you use it? Yahoo (Tiny) and GRC forums aren't posting anything. I'll acquiesce to the security gurus over here.

Thanks,
Robert

cjsmith
Premium Member
join:2000-11-03
Villa Rica, GA

cjsmith

Premium Member

Hello robertwyewhy when this program was first introduced on this board by gwion the result was a very good thread and it hints at some of the TTT configuration settings as presented by gwion himself the thread can be found here: »Interesting concept...

I am sure the gwion will find this thread and post on further reviews.

Regards

-cj.-
_______
roberteyewhy
join:2001-09-20
Honolulu, HI

roberteyewhy

Member

Thanks, CJ. I followed the thread when it first appeared. Yeah I hope gwion and others will post their findings as we have until Jan 2nd to purchase at the introductory price and I hope by then, we will know the full extent of what TTT can achieve, not to mention the added benefit for others in secureing their systems and thus making everyones computing experience a little bit safer.

Robert

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell to roberteyewhy

to roberteyewhy
Well, I'm downloading it now... haven't had the time to try it out before. This does look like a great product, and one I may be including into my security defense.

cjsmith
Premium Member
join:2000-11-03
Villa Rica, GA

cjsmith

Premium Member

Hmmm...Prolific Bunny could the creation of another security app review be in the makings?

I am very interested in this product, perhaps I should install it quickly before they boost the cost?

I am keeping my eye out for the Tiny Trojan Trap reviews presented on this board.

Edit add: This just dawned on my this will eliminate some previously installed software(s) for sure.


[text was edited by author 2001-12-09 12:49:04]

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

It sure has a lot of options, that's certain. I've set it to advanced mode. So, after installation it scanned my hard drive and put all the apps into the unrestricted group. Ok, fine... I'm still learning what that means by seeing exactly in the administration tool what "unrestricted group" is set to.

Now, I'm running BigFix right.. it says my IPE is outdated. I click it to update my IPE, it downloads, I enter the setup file into the "unrestricted group" for TTT. But, TTT prevents anything written to the registry by the IPE setup file. Ok, let me just disable TTT for now so I can at least update my anti-virus defns.

Next, I re-enable TTT and try to enter a website.. low and behold TTT has prevented one item over 900 times and climbing... going and going. Almost damn near froze my system, and I couldn't figure out what happened there.

I'll look back into this again later.. for now I shut TTT down.
Zhen-Xjell

Zhen-Xjell

What is interesting is that when I have TTT enabled and Proxomitron is running, the DSLR site shows me that page compression is OFF, even though I have not disabled that option. Once I disable TTT, everything is fine.

For some reason, TTT doesn't like Proxomitron and IE.
roberteyewhy
join:2001-09-20
Honolulu, HI

roberteyewhy

Member

The only problem I've ever had was when I was running ZoneAlarm Pro and my machine would Blue Screen. I have read post elsewhere with this problem. Decided to run Tiny and NPF 2002 and have no conflicts. I cannot recall if it existed in W2K pro as have decided to not dual-boot with WinXP pro. For some reason I cannot install it correctly with my other PC running W2K. Maybe I will try again with settings back to default. Another thing is that it won't reconize Norton Antivirus 2002 or PC-cillin 2000 on install or after. I have to manually configure them. But as far as I can tell, I cannot input "All Extensions" as some of the prelisted Antivirus have. Should also download the PDF document as it is much more instructive on the use of TTT then the Help file in TTT.

Robert

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

What is interesting is that practically all my files are in the "unrestricted group". Ok, here is what that group means in Advanced View:

For all options under "System", Unrestricted has full access. The same applies to all options under "File Security" and "Registry Security".

But, TTT seems to be creating some havoc on my system. It doesn't allow IE to access sites if I use the shortcuts in Proxomitron, like ".security" for "www.dslreports.com/forum/security,1". IE just plain hangs, and I have to quit that process. If I use standard full URL names, then DSLR is showing that I have page compression off, which I mentioned earlier. Disabling TTT takes that message away.

And... TTT didn't allow a successful IPE anti-virus update to be made on my system.

What gives? Unrestricted applications should mean just that, full access. Well, it doesn't appear to be the case here.

cjsmith
Premium Member
join:2000-11-03
Villa Rica, GA

cjsmith to Zhen-Xjell

Premium Member

to Zhen-Xjell
Well being how gwion isn't here to reply to this here are his findings:
said by qwion:
However, I've so far noticed that by rightclicking the tray icon and turning TTT off, you regain full control over the syatem, as far as I've been able to tell... of course, you could always extrapolate on Tiny's suggested technique for replacing TTT files, manually stop the service, do the update, then reboot or restart it... hmmm... indeed... yes, it is a very aggressive app... probably why they don't "sandbox" many apps, on first install... I can see where you could pretty much disable a system entirely with the right (wrong) few clicks...

PS - I've been bypassing it for DSLR, by the way... it blocks almost all of the "cool features" well beyond what a proxy would do... no page compression, I suspect it screws with the IM's, etc.; however, there's a real sense of riding through downtown Kabul in an Abrams tank, when you visit a questionable site with it engaged... not false security, because NOTHING's perfect, but a sense that "stupid browser tricks" are essentially just plain gelded by it...

as found here.

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

AFA browser security goes, I'd stick with current free programs like Proxomitron. And that by all means is far more configurable than TTT which is a paid resource.

But I shall say TTT does seem to handicap the system in a big way. This is not a install and forget tool, it is very battle focused and needs lots of attention to setup and configure.

So I guess the question is, do I need to pay for this program to help me defend my systems? Could go either way -- at this point -- b/c I don't want to handicap my system to the point where I need to spend a lot of time learning TTT.

Why? Well, personal security comfort. There may be too much time involved which translates for me at least stepping out of my security comfort zone.

But the, that is just my initial assessment. I'll put some more time into it.
roberteyewhy
join:2001-09-20
Honolulu, HI

roberteyewhy to Zhen-Xjell

Member

to Zhen-Xjell
That's what I mean. This app has a lot of options. By default installation IE, Outlook, and Outlook Express are set to High. Nothing gets in through IE or can you spawn another app or access a file or make changes to the registry. Try selecting a site through your Favorites menu and TTT will prevent it in High mode. Right clicking the Icon and select Properties and select "Show on prevented message". A million entries will appear. You have to make changes to it through either the Easy mode or Advance mode. In the Advance mode you can configure EVERYTHING in your computer granually to specifically access or deny other resources in your system. This thing won't let anything In or Out if you have it setup to do that.

Robert

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

I concur...

I don't like the "easy" view, instead I enjoy the "advanced". I have to get the PDF file later today and read it.

If I can setup a config on one machine and port it to others (which it appears I can do), that would be extremely nice to do.

Heck, then a "default" set can be put together and released to "newbies".

1st things 1st... learn the app.. Grr!

Quick add.. under Easy View for IE, this is the text:

Recommended level. No access to normal objects (read only for local drives if email client). However, access to some critical resources needed to run the application is granted. Free access to "Unprotected" and "Temp" directories. Restrictive process spawning and IP ports access policy. This level can lead to a less comfortable usage of the application. You can see the configuration details in the "Advanced mode".

Highlight is me.
Zhen-Xjell

Zhen-Xjell

Another observation.. never did TTT prompt me like it had once for Murray in this post: »Interesting concept... . And I have IPE on the system I installed TTT to.



[text was edited by author 2001-12-09 13:51:17]
roberteyewhy
join:2001-09-20
Honolulu, HI

roberteyewhy to Zhen-Xjell

Member

to Zhen-Xjell
I have changed IE restrictions by unchecking in the "Execution Settings" and then in "Microsoft Internet Explorer" the Registry, File, and Spawning Guards. I also change the Low Restricted Applications to this and put all the Apps that I have installed that have access to the Internet into this Group. Then make subtle changes to the System, File, and Registry settings so as to have a "Level of comfortablility and security". Also have it to delete cookies, cache, and typed URL's on exit or log off. One thing though. When I use the RunAs in Power User some of the settings do not apply or are implemented. In Admin all avaiable. Still don't know if it is configured correctly. I have it to "Show on prevented message" to see what is going on, then make, hopefully, apporiate changes. Like you said, "So much to do"!
roberteyewhy

roberteyewhy to Zhen-Xjell

Member

to Zhen-Xjell
TTT has to reconize your Antivius before it shows this screen. Like I posted, it didn't acknowledge Norton 2002 or PC-cillin although it has in it's pre-configured listings (Virus Scanning Section), Norton Antivirus 5.0 and 2000. Strange that the developers would not be more up-to-date as TTT just came out. Oh well.

Robert

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

Ah-hah! I found the second button at the button in advanced view. Clicked it and find more options. I clicked the virus scanning, and there was the option for my IPE. Still, not sure why the installer didn't prompt for it earlier on.

Anywho...

I've been reading the manual, very interesting.

Kind of makes me wonder.. if TTT is configured correctly, does one need to have all the other apps like ZAP, TDS3, etc?
roberteyewhy
join:2001-09-20
Honolulu, HI

roberteyewhy

Member

That's what I am wondering. I have 3 Firewalls, 2 Antivirus, Script Sentry, BoClean, AdAware, IE Restrict Zones, Hosts files, NoHTML, and whatever else on all my computers and behind Linksys. Although both the Manual and the Website say that this an enhancement to your Firewall and Antivirus. But like you said if you configure TTT well man nothing get's in or out. No App, system service, or whatever you want can touch anything else within your system. Zhen-Xjell if you switch to Easy Mode and then go to the Virus scanning, it will rescan for any installed Antivirus software. Maybe it might then reconize yours. Not to mention that it is only $20 introductory price and can only get better as new releases are available!
[text was edited by author 2001-12-09 21:38:59]

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

Heh.. if this thing can replace all those apps.. it is mighty tempting. Although that takes away from the many rings of security feature I like to employ. If TTT every crapped out, then there goes my security.

Anyway, I did add IPE under the advanced section for virus scanning. Question is, when is it used now?

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g to roberteyewhy

Premium Member

to roberteyewhy
I would advise anyone to back up their system before installing TTT. It crashed my W2K system. The first system crash since I installed W2K Pro in May.
I have now uninstalled TTT.
[text was edited by author 2001-12-10 06:36:22]
dhardimanjr$
join:2001-11-22
Atlanta, GA

dhardimanjr$ to roberteyewhy

Member

to roberteyewhy
I installed TTT on my XP machine and could not get anything to work no matter what security levels I had set. Everytime I clicked the icon to open IE, my machine would freeze up and would have to be turned off and back on....no task manager option, shut-off, etc. After a couple hours of this I uninstalled TTT. Too many headaches!

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

I noticed what the big difference was in making IE work with TTT. In the Admin Tool, under Edit | Execution Settings are some additional options that I disabled for the IE Group. They were all under HTTP. I don't need TTT monitoring IE since I have Proxomitron doing that, and it does a much better job at it than TTT.

Once I disabled the options under HTTP, IE doesn't slow down anymore or freeze up. As a matter of fact, Gwion had mentioned in an earlier thread that Page compression was OFF.. well when these options are disabled, page compression is back ON.
roberteyewhy
join:2001-09-20
Honolulu, HI

roberteyewhy

Member

Yeah this happened to me also. It seems to install without any problems then when you try to make changes it either can freeze your machine or Blue Screen it. If this happens to anyone the only recourse I have found is to uninstall it as it will ALWAYS OCCUR! You have to get the latest version...may help. I did a clean install and installed it as the first app. I made the changes to the "Execution Settings" to not be so restrictive especially the "Low and Medium restrictive applications" and then proceeded to install the rest of my apps. If you install it last 95% of everything installed on your system will be in the "Unrestricted Applications" catagory (Default) and you must move whatever you desire into an appropriate level. As the first app installed TTT would ask everytime anything was installed and I would put most of the apps in the "Low restrictive applications" and any app that uses the Internet into the "Medium restrictive applications". TTT will even ask about any installer program and the drive being used from for an appropiate catagory. I have put some of the apps in the "Learnin Mode" to see what it does. As a note: You can make changes to everything at any time though. It is just that I needed to reinstall so I did it this way. JMO
System

to roberteyewhy

Anon

to roberteyewhy
YUK! I installed/tried this piece of software before doing a registry backup and hated it! Not only did it uninstall my SURF PAL module(Pop-up stopper) but it was so cumbersome and user unfriendly that i couldn't wait to remove it from my computer. At least its removes its own registry entries during the uninstall process and most uninstallers don't! They seriously need a new GUI and some decent docs.

gwion
wild colonial boy

join:2000-12-28
Pittsburgh, PA

gwion to roberteyewhy

to roberteyewhy
TTT works at an INCREDIBLY low level. It can literally shut down EVERY SINGLE OLE and INTEGRATION FUNCTION, bar NONE, it seems, in the win API. No hooks. No embedding. No drag and drop. Depends on how hard core you want to get. I had no freezing or bluescreens, here (NT4 SP6a+), but I did lose a LOT of function, with IE, immediately... seems it turns IE into a real browser... eliminates all "features" like system wide integration and all... I'm trying to compile my helpfiles for the firewall, right now. Hope all the new users will toss out comments, because I did promise to review it, soon as time permits and a stable full release was available... I like it, from what I saw. The thing's industrial strength, and works on the application layer, where a lot of the firewall exploits perform their mischief...

Remember, this is a VERY new app. Just came out. So, do... be careful. No developer worth a nickle ever claims perfect code on a 1.x product... so, yes, back up, and always remember, it uninstalls (at least for me) cleanly and easily, and a right click on the tray icon lets you disable it for a while, if you hit a brick wall and need to bypass the trojan trap... more will surely follow... I'm glad to see this interest. This concept strikes me as the wave of the future in firewall support apps...

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

You can disable HTTP filtering for IE, and those problems disappear, but still maintain the sandbox for IE as per my earlier notes.

micl
Visit Lovely Downtown Port Starboard
Premium Member
join:2001-10-25
Silver Spring, MD

micl to John2g

Premium Member

to John2g
I tried to use TTT with W98se and my system would crash within a couple of minutes of booting up. If I get to it right away to turn it off after boot up, it doesn't crash the system. Looks nice, but what a PITA.

gwion
wild colonial boy

join:2000-12-28
Pittsburgh, PA

gwion to roberteyewhy

to roberteyewhy
Well, like Zhen said, you can adjust downwards. I'm talking default IE category settings, in my post. But it should NOT "uninstall" anything, or make any changes to any other software, itself... it just makes the win API features they use completely inaccessible to some apps... including those apps that "hook" IE to "leak" through a firewall... It just makes it impossible for ANYTHING to integrate with an app that's fully sandboxed and protected at a high level... ANYTHING, including even the OS itself. But, don't worry... as far as popups, I suspect that IE would probably have trouble USING pop up capability at all in some setting models... I really DO need to spend some more time with it; it's hard to comment very well since I was doing 500 other things while I was trying it out...

Hehe... I said people would love it or hate it...

Zhen-Xjell
Prolific Bunny

join:2000-10-08
Bordentown, NJ

Zhen-Xjell

Well, my system has been rebooting after I installed it.. so, poof it is now uninstalled. I don't have the time to fiddle with it right now, especially since it keeps restarting the system. And I don't even have it enabled!! It is sitting in disabled mode in my systray.

gwion
wild colonial boy

join:2000-12-28
Pittsburgh, PA

gwion to roberteyewhy

to roberteyewhy
ZHEN! Spontaneous reboots? I did have a problem with that, here. Very sporadic... just curious... an NT OS? An SMP machine? An proprietary power supply? A few of the things that crossed my own mind. I had a Compaq Pro workstation do that, once, but it was defective hardware... in this case, I know it's a clash with TTT and something...