Disappointed with BOClean--Again

[The Hammer]

Quote:

Originally Posted by Kevin McAleavey

About 6 or 7 hours from now, 4.20.002 should be available ... give it a shot! "

I am currently using 4.20.001 could someone post when the latest program update is available?

[Nancy_McAleavey]

Quote:

Originally Posted by xxxxx

Will this be emailed to eligible customers, or will I have to request it again?

PLEASE email upgrade@nsclean.com again if you want the new build. It's difficult to go back and see who got what version. There's just too many requests to riffle through, and some may not want or need the new build right away. Plus we have new requests coming in as well on top of this.

It would really make things saner for us and get you a file faster. TIA!

[The Hammer]

Quote:

Originally Posted by The Hammer

I am currently using 4.20.001 could someone post when the latest program update is available?

Ok, good to go.

Quote:

Originally Posted by Nancy_McAleavey

PLEASE email upgrade@nsclean.com again if you want the new build.

Any chance you could implement a PHP script or something on your own web site, that would allow legit customers to enter their info (name/email/order #), and download BOClean that way?

Wow, I think I'll be buying BOClean. Which of these rootkits should I keep and which should I uninstall?

1. NOD32
2. EScan free
3. Icesword
4. Prevx 1 beta
5. Ghost security suite
6. Regrun
7. Unhackme
8. ProcessGuard
9. Winpatrol
10 BlackICe IDS
11. Outpost firewall.
12. Counterspy beta
13. Ewido

Not all are used as resident but as on demand

I thank you for your help in this matter.

I have uninstalled Processguard and NOD32 so far.

Quote:

Originally Posted by 42g0

Which of these rootkits should I keep and which should I uninstall?

1. NOD32
2. EScan free
3. Icesword
4. Prevx 1 beta
5. Ghost security suite
6. Regrun
7. Unhackme
8. ProcessGuard
9. Winpatrol
10 BlackICe IDS
11. Outpost firewall.
12. Counterspy beta
13. Ewido

2-10, 12, 13

[Gavin - DiamondCS]

ProcessGuard = rootkit ? what planet are we from ?

A rootkit intends to hide files from the user. ProcessGuard does NOT.
Referring to PG as a rootkit is ridiculous

Please "keep it real". Rootkit is a serious buzz word these days, saying ProcessGuard is a rootkit could almost be considered slander. We built it to BLOCK rootkits

[Jason_R0]

Kevin, just so that you are aware (incase it wasn't obvious last time I pointed it out), the way BOClean works isn't efficient. You shouldn't be calling ReadProcessMemory 1000's of times when you check for signatures in process memory.

Lots of security applications hook ReadProcessMemory and add a little processing time to these functions as you pointed out. The reason it is very obvious with BOClean is because you call these hooked functions too many times unnecessarily. Your method of checking for signatures is inefficient, regardless of the security programs installed. If you are interested in a better approach which is more efficient, you can email/pm me and I will give you a better alternative.

Using the word "ROOTKIT" to describe other commercial products is a bit harsh, as most people associate ROOTKITs with malicious behaviour. It would be like me calling BOClean a trojan or spyware because it does something similar to malware.

Quote:

Originally Posted by meargh

2-10, 12, 13

ok, I have system restored back to what I have. I am thoroughly confused. Everyone is an expert and are not agreeing with each other. Meargh, sorry I'm not familiar with you so I'm not sure whether your advice is sound. I'll wait until this thread hashes out and makes more sense to me.

what I gather is I have too many hooks (hooks - which is what a rootkit does) So one hook is enough. I'm thinking that appdefend may be the one app or hook that I should have. Processguard is a good one hook to protect many apps but appdefend does the same, I think, as well as protect the registry.

sorry about the multiple posts. To be honest, BlackIce was the first to alert me of that FBI email with that worm/trojan or whatever it was and shut down OE connection so it would not download to my computer. I restarted OE and bypassed BlackICe then NOD32 alerted me.

[Paranoid2000]

With regard to the term "rootkit" I would agree with Jason/Gavin about it being used inappropriately here. This term originated in the UNIX world to refer to utilities that could be run to gain "root" (= administrator) access on a UNIX system. These utilities would then try to hide all signs of their presence in order to avoid being detected and removed.

With Windows, remote access has been less of an issue (due mainly to the ease of compromising boxes via applications like IE) so all rootkits have had to do is concealment. Expanding this term to refer to any application hooking Windows' kernel for any reason (which now includes a number of security applications) is just confusing the issue and diluting the perceived harm that a malware rootkit can have.

Well what if someone said instead that said security application uses techiques that are used by rootkits , would that be better?

Okay if it uses such techniques to conceal itself it becomes a rootkit, like Sony XCP stuff. Do security apps conceal themselves yet? ;P

Quote:

what I gather is I have too many hooks (hooks - which is what a rootkit does) So one hook is enough. I'm thinking that appdefend may be the one app or hook that I should have. Processguard is a good one hook to protect many apps but appdefend does the same, I think, as well as protect the registry.

Not sure about hooking to kernel , but I just tried the latest SSM 2.0+, now that's a LOT of hooks , I can't remember how many, it was ridiculus like 150 or 250 or something. Either that or the tools i'm used f$%^ed up. The more the merrier huh? But as long as you have only one of them.....

Quote:

Originally Posted by Gavin - DiamondCS

ProcessGuard = rootkit ? what planet are we from ?

A rootkit intends to hide files from the user. ProcessGuard does NOT. Referring to PG as a rootkit is ridiculous

That was my response as well--referring to NOD32 and PG as "rootkits" confused me.

Quote:

Originally Posted by 42g0

ok, I have system restored back to what I have. I am thoroughly confused. Everyone is an expert and are not agreeing with each other. Meargh, sorry I'm not familiar with you so I'm not sure whether your advice is sound. I'll wait until this thread hashes out and makes more sense to me.

You should really start a new thread for this. It's one of those "Ask 10 different people, get 10 different answers" types of things. I responded with my own preferences and prejudices, that's all.

I do, however think you have way too much software installed (or "did have installed"). But ... new thread.

God Kevin, for someone who claims to be so busy, you sure know how to post long, slanderous and meaningless posts that really have nothing to do with the main question. Instead of using the ridiculous term or "RootKit" for every product except Boclean, perhaps you might just want to accept the fact that how Boclean works is inefficient and if you knew how to code, you'd probably take the same approach as any other application you call a Rootkit.

[Kegel]

Im trying to come up with athe most efficient suite of security apps I can find. Ive eliminated many and am now running BoClean, McAfee AV, and Webroot SpySweeper. I have licenses to RegDefend AppDefend and PG as well. AD and PG give me issues with PunkBuster games so Ive eliminated them. Would RegDefend provide and additional security to what I am already running? Would it be a good choice to re-add?

[Defenestration]

Quote:

Originally Posted by Kegel

= Would RegDefend provide and additional security to what I am already running? Would it be a good choice to re-add?

Most Definitely! I'd also recommend re-adding either AD or PG if the problem with PB is sorted.

Quote:

Originally Posted by meargh

You should really start a new thread for this. It's one of those "Ask 10 different people, get 10 different answers" types of things.

I started a new thread like you suggested but the genius BlueZannetti closed my thread an decided on his own that I was trolling. So once again:

........so I have too many hooks and I need to say good bye to some of them. Will you guys help me to make decisions here? Thank you for your help and time.

1. NOD32 - resident
2. EScan free - on demand
3. Icesword - on demand
4. Prevx 1 beta - resident
5. Ghost security suite - resident
6. Regrun - resident
7. Unhackme - resident
8. ProcessGuard - resident
9. Winpatrol - resident
10 BlackICe IDS - resident
11. Outpost firewall - well you know
12. Counterspy beta - on demand
13. Ewido - on demand
14. Samurai - I have no idea how this runs

Hey blue, how about asking before you assume?

Quote:

42g0,

You already posted this here and it has been answered. Personally, your request appears to be a pure troll to me, especially with respect to your follow-up posts in the original thread.

This thread is closed and will be removed shortly.

[BlueZannetti]

42g0,

1. How about registering so this can be handled by PM? Post as a guest and you close the lines of communication.
2. A valid answer was given.
3. Lots of things hook, rootkits is one of them. Hook does not invariably mean rootkit. Read.

Personally, I still think this is a troll, but let's assume it's not and proceed from there. Characterizing valid programs like NOD32 as rootkits is off-base, regardless who makes the statement. Here's your list and what I'd recommend....

1. NOD32 - resident - leave as is
2. EScan free - on demand - my opinion is duplication at the install level is fine, disk space is cheap
3. Icesword - on demand - see (2), hope you knwo how to use it.
4. Prevx 1 beta - resident - beta is for testing/remove it
5. Ghost security suite - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
6. Regrun - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
7. Unhackme - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
8. ProcessGuard - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
9. Winpatrol - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
10 BlackICe IDS - resident - 10/11 optional if you have a hardware router
11. Outpost firewall - well you know - 10/11 optional if you have a hardware router
12. Counterspy beta - on demand - see (4) - remove
13. Ewido - on demand - see (2)
14. Samurai - I have no idea how this runs - never use anything this foreign to you

Questions?

Cheers,

Blue

as far as your answers go, thank you.

[mercurie]

Quote:

Originally Posted by YYYYY

God Kevin, for someone who claims to be so busy, you sure know how to post long, slanderous and meaningless posts that really have nothing to do with the main question. Instead of using the ridiculous term or "RootKit" for every product except Boclean, perhaps you might just want to accept the fact that how Boclean works is inefficient and if you knew how to code, you'd probably take the same approach as any other application you call a Rootkit.

Personal Foul!!

Read the long post and get educated. I want to learn. Keep them coming Kevin. The XXXXX offers constructive postings. The YYYYYY just personal attack!

I just sent my email to the upgrade link earlier this evening before coming here. Will likely get the build .002 I hope.

[toadbee]

By the original definition of rootkit,- of which can still be found even on the internet - I agree with kevin. look it up. If you want your OS undermined, go with a rootkit. That is what they do, that is how they work.

Of course today with acronyms du jour and disorders being named for what used to be "a crappy day" these days I understand where the confusion comes in. "buzzword" itself is another one, it is itself a buzzword, AKA iritating nonsense.

Will you have a holiday tree or a christmas tree this year?

[Paranoid2000]

Quote:

Originally Posted by toadbee

By the original definition of rootkit,- of which can still be found even on the internet - I agree with kevin. look it up. If you want your OS undermined, go with a rootkit. That is what they do, that is how they work.

Pray tell us, which definitions were you looking at? This, this and this (to take 3 examples picked via Google) do not correspond with Kevin's expanded definition at all - though the second example is goofy in that it confuses rootkits with keyloggers. The more detailed Wikipedia definition also differs.

If Kevin wishes to expound on the virtues and capabilities of BOClean's usermode hooking then more power to him. However labelling other products using kernel mode hooking with the term "rookit" is doing a disservice both to him and the security industry generally.