Thread: Will I Benefit From Using BOClean?
View Single Post
  #2  
Old November 25th, 2005, 11:36 AM
BlueZannetti BlueZannetti is offline
Administrator
  
Join Date: Oct 2003
Posts: 6,589
Default Re: Will I Benefit From Using BOClean?
Quote:
Originally Posted by CogitoErgoSum
I am seriously considering the purchase of BOClean. Will the addition of BOC be both complementary and beneficial to my present resident, "active" security setup listed below?

Look'n'Stop
NOD32
Online Armor
RegRun Pro
Task Catcher
UnHackMe

Any comments, opinions or thoughts on this matter would be greatly appreciated.
CogitoErgoSum,

My personal approach to configuring my own system is to assess vulnerabilities and either add or change a component to address the most significant deficiencies. For example, in my own case, my priority list is:
  • Prevent unsolicited entry and load balance protection through the use of a hardware router. This is the first piece in and an absolute requirement in my opinion since no user action is required to infect a bare PC on the Internet. A software firewall (the native Windows ICF for example) does the same job, but my preference is to the router to shift initial blocking duties off the PC (i.e. load balance). Use even if only 1 PC is connected to modem. For hardwired configurations, almost anything works. For wireless, get one with decent throughput characteristics and encryption/MAC filtering/configuration options.
  • Broad coverage against malware.
    • For causal users:
      • A decent security suite (AV/AT/spyware/software firewall) should be suitable and may be the only package. Examples include the suites provided by Norton, McAfee, Kaspersky, and others. Do a straight default installation, set it for automated update and periodic system scanning, and then leave it alone aside from an infrequent check that it's working.
      • Signature based file scanners have one possible gap - weak and/or variable coverage of new file compressors. This can be remedied by scanning the executable after it is decompressed. If a suitable decompressor is not implemented in your AV, you have to rely on the native malware decompressor doing the job - in other words, look at it once it loads into RAM. A process memory scanner for will do this: examples include BOClean (my preference) or Ewido.
    • For more advanced users:
      • One of the AV's (along or as a suite component) rated Advanced+ on the www.av-comparatives.org Retrospective and/or On-demand tests. Currently, that list is comprised of, in alphabetical order: BitDefender, Dr. Web, Kaspersky AV, McAfee, NOD32, Symantec.
      • A process memory scanner for backup to the AV as described above - BOClean or Ewido
  • Proactive defenses which monitor/control application activities and the manipulation of the system registry. Something along the lines of one of the following types of options:
    • SafenSec
    • RegDefend/AppDefend
    • RegDefend/ProcessGuard
    • Online-Armor
    The specific choice depends on a lot of factors including specific behaviors to be covered, licensing needs, and expertise and there are a large number of options available. My list is very incomplete. There's also a lot of activity in this area with a number of applications having very finely focused niche targets. Some of the newer suite-type products are implimenting some of the features found in this class. This layer clearly serves as a backup to your primary AV with the AV flagging files identified as malware and this layer allowing you to block the underlying activities that could be derived from malware.
  • Software firewall for application based outbound communication control. I don't use this to trap malware, but to simply allow a finer degree of control of what applications running on my PC may or may not do with respect to external communications.
    • As part of a suite with the AV
    • As part of the Proactive Defense measures above
    • Standalone software firewall
      • Outpost Pro
      • LooknStop
Depending on personal preferences and usage profile, a router and single security suite may be a very suitable choice. I do tend to recommend augmenting any single product with some level of backup, and products like BOClean do this while also adding some additional useful characteristics. Note that even for a user looking for best-in-class within each category, only 3-5 distinct products are active to cover all the bases with a reasonably high level of backup.

If you look at your own set-up, at least within the construct that I try to follow, you have the following:
  • Unsolicited entry - LooknStop or router if installed
  • Broad coverage against malware - NOD32
  • Process memory scanner - none
  • Proactive defense - Online Armor/RegRun/UnHackMe/Task Catcher. There's some duplication here, but duplication is fine as long as there are no negative consequences and it also depends on whether all these processes are active or if some of the features are installed but not used realtime.
  • Software firewall - LooknStop
Sorry for the long answer to a short question, but I find background context a little more instructive than a simple - yea - use it!. There are other paths to the same result. Personally, I'd give BOClean a shot. It is an application I've learned to appreciate over time.

Blue