Disappointed with BOClean--Again

Discussion in 'other anti-trojan software' started by xxxxx, Nov 29, 2005.

Thread Status:
Not open for further replies.
  1. BlueZannetti
    Offline

    BlueZannetti Administrator

    Just a couple of comments from an observer....
    • Although I am a very strong supporter of BOClean, I view Kevin's use of the terminology as off-base. He has a point, but it is all too easily muddied by his use of the term rootkit. These security products aren't rootkits in the generally accepted use of the term.
    • Kevin's underlying point, at least my read on it.., an undisciplined cascade of kernel mode hooks by a collection of security applications is a support and system stability nightmare in the making. A major part of the issue is the over compensating security posture of many users. More kernel level hooking + user unease + undisciplined loading up on security applications = eventual sadness at the keyboard. The solution is straightforward - have a sense of the functional purpose of a given application before installing in, refrain from installation if you don't understand the product, and coherently design your security plan. As a casual corrollary, if you have more than 4 security applications active at boot up - reassess the need for all of them, you may have overlap; if more than 6 are active at startup, my recommendation would be to determine which to disable/uninstall (yes - you have too many)
    • Security cannot be achieved by the blind purchase and installation of products labelled as security applications. There is a base level of understanding needed to independently function in this area. At the base level of performance is a hardware router and a single, high quality AV/AT package. I have my own sense of what high quality means (= Advanced+ rating on the On-Demand and/or Retrospective tests at www.av-comparatives.org). If you don't want to learn the details, this is your end point - just verify that the program is updated on a regular schedule.
    • If you want to go beyond a router and a single AV/AT package, plan to devote some time to learn the basics. It's not about being a programmer, it's about appreciating the function of security applications, which is within the reach of virtually everyone.
    Blue
  2. deviladovcate
    Online

    deviladovcate Guest

    OMG Blue, you are my hero!! Excellent post.

    The last point though is interesting. Can someone like me really understand the 'function' of security software?

    I know you advocate running 4-5 security apps. Essentially, a firewall, a antivirus, a antitrojan (for process memory scanner) and some proactive defensive type program.

    But do I need a specific antikeylogger, antirookit, antispyware? etc.
  3. BlueZannetti
    Offline

    BlueZannetti Administrator

    I will go out on a limb and say that I believe any user can do this with very rudimentary guidance. I more or less articulated my own informal decision tree/layering scheme here. An inexperienced user can look at that scheme and decide what level they need and simply perform a feature set comparison of products. They will need some guidance on definitions and help with respect to how a developer implements some function, but the broad strokes are readily understood. For example:
    • First line of defense is a router complemented with a solid signature based general antimalware (AT/AT/AS) program. Security is provided on a file-by-file basis, based on a coded fingerprint determined by the antimalware vendor.
    • Some malware coders attempt to obscure the fingerprint of their wares while in file form by various means, but these obscuring steps are removed when the file is executed. Implement a second level backup to account for this. Since the obscured file itself has a fingerprint which can be articulated at the first level, the need for this certainly depends on ones risk profile as the general AT/AV/AS should eventually cover the obscured file directly, it's really only a matter of timing.
    • There are some basic actions malware performs to gain a useful hold on any machine. Assuming malware has somehow circumvented the first two levels, it must get hold of some machine operations to function. If a user is worried by potential failure at the first two levels, they have an additional opportunity to trap the malware here based on these actions. There are a number of products available which will trap a program, any program, trying to perform these actions (installation of a program/driver, creation of an autostart entry, changing a value/key in the system registry, editing system level files, etc.). The operational problem with casual users implementing at this level is that quite valid software (e.g. installers) perform the same operations - so a user has to be cognizant of how to recognize when the action is desired and when it is not. In most cases that is clear by context. One can also accomplish much of the needed functionality of this level by simply running as a limited user.
    • Assuming the top three levels of security have suffered complete failure, a user can mitigate the impact of the failure by preventing the malware from communicating outside the PC. To do this, some for of outbound communication control can be installed.
    Let's put this into perspective - nominally four products are running (three if you choose to run as a limited user for level three) and there are basically three global levels of backup/failsafe provided, that's a rather comprehensive contingency plan.
    I advocate 4-5 security apps as the pragmatic absolute maximum if and only if a user is looking for the highest level of security obtainable with minimal secondary impact and if the user has a very high risk profile. I really have no sense of what fraction of the population are high risk users (= actively surf sites infested with malware), but the remaining users can certainly get by with much less.

    In my estimation the answer is a decided no. To use an analogy that most of us can relate to - how many types of brooms/vacuums are needed to keep your house clean? Do you have dedicated vacuums for dust, sand, dirt from the yard, shards of glass, and so on? Probably not - you could and there might even be some benefits in some circumstances (example - a wet-dry vacuum), but it's clearly overkill to do this as a matter of routine cleaning.

    Blue
  4. mercurie
    Offline

    mercurie A Friendly Creature

    I am a Big Believer in Blue and his opinions too. ;)

    I am a user who believes in balancing costs with best of breed, And keep it simple. Large numbers of real time security programs snooping around the circuit board and hard drive is going to cause problems at some point. I have had no problems and my system operates fine. I am not advertisng or pushing these as best of breed necessarily please do not misunderstand you can swap out different names and brands. If fact I enjoy switching AV's every year. :)

    One Trojan Killer: Boclean. One AV: CA Etrust EZ. One Software Firewall: OutPost Pro. Optional but ideal: Hardware Firewall. My setup.

    The key is do not overload your system with security apps. unless you are really smart on these things or love to fix hanging systems. Enjoy your machine you run it. It should not run you. ;)
  5. YYYYY
    Online

    YYYYY Guest

    With all due respect mercurie, that post wasn't intended to educate anyone nor can it educate anyone because it's nothing but a vague rant blaming known functions of Windows and blaming every security application known to man for a personal mistake.

    It is also meant to impress new users by using big words which are by the way totally unrelated to the problems at hand. A lot of members read that and it goes way above their heads and then they think Gee, Kevin must be very smart. I gotta' get me one of his apps.

    I'm not the one who's flaming. Kevin did that all by himself when he claimed all security applications are Rootkits and the reason his application is buggy is because he doesn't want to act like other Rootkits (Read: He can't make his app fully functional.)

    And if you want me to get more educated, please do us dumb users a favor and translate for us what Kevin was trying to say. I do want to get educated and I bet a lot of other users here are scratching their head wondering WTH was he saying. Except a lot of them think it's their fault if they don't understand it but the truth is what he said was incoherent nonsense.
  6. deviladvocate
    Online

    deviladvocate Guest

    YYYY good point.

    To be fair it's not just Kevin and the Boclean guys who does it either. You get similar stuff from others (DiamondCS, Ghost etc). The aim as you say is to impress. And people fall for it, _particularly_ if they don't understand what is said.
  7. 42g0
    Online

    42g0 Guest

    reading Kevin's post turned me into a troll, apparently - in the eyes of the blue Z moron. My post was not intended to troll but that punk mod won't see it any other way. Nice of this mod turning me into a troll - apparently, that's what he wants. This post reflects that. Now had he asked me what my intention was, and that it appeared to be trolling - instead of accusing me, I would have apologized and made corrections.
  8. mercurie
    Offline

    mercurie A Friendly Creature

    YYYY,
    Thanks for at least not attacking me personally. :)

    I have found from years of use that BoClean has kept my system free of Malware. It has interfered with nothing. One time my system had to little hardware resources to run Norton AV, ZoneAlarm and BoClean. I contacted Norton- no help. I contacted ZoneAlarm their help was truely useless and blamed everything else under the sun for the problem. It was Kevin who responded and offered suggestions. General suggestions not just related to BoClean. And altered his program "tweaked mine" to fit my system set up. I do not remember what he did exactly but I followed his email instructions and it worked. Later when I upgrade with more memory and went to XP problems were total resolved but Kevin got it working without the upgrades. I have had a lot more problems with ZoneAlarm then BoClean. It took them months to get version 5 right and weeks to admit to a problem. IMHO "BoneAlarm" fits. :D

    I am a member of many boards not just here. Despite my numbers here I really am silent alot of the time just picking up bits and parts of information and learning along the way.

    The user you describe is NOT ME. "Kevin must be really smart. I gotta get one of his apps." o_O o_O I do my home work I listen to others challenge what they are saying against what others are saying. I almost got PestPatrol instead of BoClean. That was years ago. Today I still think I made the right choice.

    Finally, I do not claim to understand the Rootkit issues. I am here to learn about this. For sure. I would be very interested in what you have to bring to the table in the way of education on the issue. Can you? I know the very basics. The first time I ever heard of a "hook" was from Kevin years ago. So who would you listen too? Someone who has help kept your system clean and takes the time to talk to you about his app. custom tweak it to fit your system. Service that can not be beat. Admit when they made a mistake and say it is being addressed and will be made right.

    Who would you want to buy from? I think I will use BoClean from PSC. Why?All of the above and more...and with over 3 years of updates and new and improved versions all for about $40 with service that is second to none!

    The only area your point may be valid is he has a tendancy to blame everyone else for problems...but you know what that does not make him wrong. Did it ever occur to you he might be right!;)
  9. mercurie
    Offline

    mercurie A Friendly Creature

    The yellow flags should really be thrown in this thread! Blue will not likely take offense. Useless personal assult. I will now fly off before I get into trouble. I will return when cooler heads prevail. :oops:
  10. dog
    Online

    dog Guest

    Lynchknot rather than rehashing yesterdays events, why don't we start off on a better foot today ;), and apologize for the personal remark towards Blue :doubt: - Is there any point in starting back running in a downhill decline?

    Steve
  11. toadbee
    Offline

    toadbee Registered Member

    I am simply referring to "a tool kit used to gain root access to a computer". Beyond that you'll see words like "typically used for" - or "generally used by", all of which mutate over the years to suit needs. I am not saying the apps Kevin mentioned are malicious (of course not). There are "malicious" rootkits that can be used for legit/non-malicious purposes as well. bottom line is they all have gained "root" access in order to do their job.
    Last edited: Dec 3, 2005
  12. deviladvocate
    Online

    deviladvocate Guest

    I agree, we do get bits and pieces of education occasionally from these people. But i mean it's in their interest to do , otherwise how else are they supposed to impress us with how technically superior their products are?

    You can't talk about how good your product is because it doesnt do polling, if you don't explain the minimial bit on what it is. Product X wants to boast that it runs in ring zero , so he needs to tell us why it's better and implies that those that don't is inferior. He is so sucessful that this meme becomes entrenched in the forums. Security vendor of product Y that doesn't do this, so now needs to counter this idea, so he does so.

    In most places, doing this kinds of thing would be a bad idea of course, since most people would be turned off by techno babble. But here, the audience is right for this, we want to learn (at least a bit). We read a little and think we understand a lot, then we go and recommend all these highly adavanced security programs to the 'clueless'. And feel smug, superior and safe because we know all sorts of forbidden knowledge not available to the clueless.
  13. NICK ADSL UK
    Offline

    NICK ADSL UK Administrator

    Please note with reference to this thread being closed
    I have had to remove some bizarre Post's from this thread. If there should be a recurrence then this thread will be closed again
    Thank you
  14. 23rqweasd
    Online

    23rqweasd Guest

    apologize to me re: troll. No? Whatever............................POS
  15. to dog
    Online

    to dog Guest

    ok don't mind me - sorry. I'm going completely wacko over this Trismus some dentist accidentally caused. I won't post anymore until I get a handle on myself.
  16. mercurie
    Offline

    mercurie A Friendly Creature

    I think I understand what you are saying. :doubt: I pretty much agree and have no problem with the above.

    Except my recommendation is almost always based on my personal experience with a security product. The audience is right for this... yep, I agree there too. The clueless can get unclueless if they want to or do their own research as well.

    Smug... Nope, I never look down my nose at anyone. Many here have something they can share and right many have helped me and some are not even regular posters. ;)
Thread Status:
Not open for further replies.