Why BoClean?

Discussion in 'other anti-trojan software' started by Blackcat, Mar 4, 2003.

Thread Status:
Not open for further replies.
  1. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,007
    Location:
    Christchurch, UK
    As an additional security layer I would now like to supplement my AV program with Anti-Trojan software.

    I have narrowed my search down to BoClean and Trojan Hunter as TDS appears not be very 'newbie friendly'. ( Is this a true statement? e.g. can it be run straight out of the box?; is the interface too daunting?).

    I am leaning towards BoClean as you do not require multiple licences.

    But can anyone answer the following;

    1. Are there any advantages of BoClean over Trojan Hunter apart from being able to run it on several computers without additional licences? ( I do not want a flaming response to TH). Does the greater trojan data base of BoClean offer more real time protection?

    2. Since BoClean is only memory resident is this a disadvantage as there is no resident scanner? Are you better protected with both a running guard and an on- demand scanner?

    3. Is BoClean compatible with KAV4 and/or Dr Web?

    4. I have heard that a new version of BoClean may have a scanner component. Is this true and if so will registered owners be able to update for free with this new version?

    5. Using KAV, is additional anti-trojan detection necessary?

    I have posted this thread on MTM's bulletin board but I did not receive much of a response. Are there many BoClean users out there? o_O
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Blackcat,
    i can only speak for the TDS part in your posting:
    It might look impressive, which it is, but one must try and work with it to get the feel.
    Have a try with the evaluation version (free), look here in the TDS forum for the basic configuration and do your first scan after updating the databases. You'll notice the 22666 references (today) or 7203 primaries.
    It's not just the amount but also the technology behind it, which makes your security, among others.
    Support is an important matter for me too, which is outstanding for TDS (own and other's experience since several years and seeing everywhere on internet), and BOClean (hear-say from good friends and seeing everywhere on internet). Both very hard working serious companies nice doing business with.
    TDS is a program which you use in your way, a scanner or a box of attractive tools all for your security and abilities to add more via the scripting, build your agenda, database, scheduled tasks, etc etc etc
    (examples ship with it and via the private forum people build together occasionally)
    You can use it as an on demand scanner, where in the registered version the exec protection blocks immediately each malicious file which tries to execute between your scans (if it is there at all)
    In not too long time there will be a few additional products to run beside it, like a guard and a scanner, not more known about it then that it's near.
    You can scan all logical drives via the network btw, but not all memory parts in remote systems for security reasons.

    There is a multiple licenses part indeed, but on the other hand upgrading to TDS-4 is free.

    For KAV i would say it's quite a different product, if you have it use it as your resident scanner, one of the better AV with AT, as you will read many positive reactions in this forum here. If you're still looking also have a serious look at NOD32, i've been told the best AV which covers most trojans/worms as well so also a very good addition beside a special AT product like for instance TDS. TDS runs besides most other software, as you can read in the threads in the TDS forum here too.
    You might find some valid arguments and opinions in the Why Anti-Trojan thread in this forum.

    I'm very sure others can help you with the BOClean questions.
    BTW: this does run smooth next to TDS if you would like that.

    Shop around patiently, install some and give yourself time to get a good impression of the software and what it does for you on your specific system.
    You might like to start TDS manually after system reboot so you have a full eye on it the fitst times.
    Read also in the forum here and ask questions.
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Blackcat,

    Apart from a matter of software design, a greater database does provide more protection indeed.

    A matter of opinion. BOClean jumps in as soon as a nastie becomes active in memory; a resident running guard will act pro-active.

    It is.

    It's true. As far as updating the app for free: can't help you out here - I don't know.

    It depends wether or not you are in favor of a layered defense - I for one am, for what it matters ;).

    regards.

    paul
     
  4. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    We bought BOClean for our network here.

    1. The customer support is OUTSTANDING. Better than any software product I've ever used--period. Emails answered SAME DAY in most cases. Like Kevin has nothing else to do!
    It's obvious that these people CARE about the product, and more importantly, their customers. Very refreshing.

    2. According to the EULA, critical updates are provided at not charge for the life of the product! Read the EULA online. It has some great "extras" in there.

    3. I like the idea of BOClean being a "destroy on detection" type of product. I wanted the AT to be able to kill the bug when it activated, with minimal intervention from me. This is what BOClean was designed to do.

    4. It's tiny, but deadly. Truly the antithesis of bloatware.

    5. Interface is minimal. Set it and forget it. (Except when updating!)

    Truthfully, I was a little apprehensive about the lack of an on-demand scanner, but the approach the product takes to bug killing seems very sound to me--sound enough for me to buy it.

    :D
     
  5. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    Hi,

    Just wanted to put in my 2 cents worth. I'm not trying to bash the competition or anything here, so if you feel that my statements could be biased due to me being the creator of TrojanHunter, feel free to disregard them! :)

    With TrojanHunter you get both an on-demand scanner and a resident guard, TrojanHunter Guard. The guard uses powerful memory-scanning technology to stay on top of any trojan should it load into memory. The scanner can be used to scan all your hard drives and even network drives, and it's the only scanner in the business that not only scans files, but also your registry, open ports, memory and scripts. You also get five great supporting tools with TrojanHunter: Autostart Explorer, Netstat Viewer, MemString, Process Viewer and Window List. Also, TrojanHunter 3.5 with some advanced new scanning features is just around the corner - the beta testers are currently using the final beta version of the product.

    As far as database size goes, TrojanHunter currently covers 2082 unique trojans, compared to 1862, I believe, for BOClean.

    If you need more information about TrojanHunter, you are very welcome to visit the TrojanHunter forum at http://www.misec.net/forum Hope to see you there!



    (Edit: Fixed spelling)
     
  6. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    BOClean is a memory-resident running guard also, correct? Acting essentially the same, as for example, TH's memory-resident guard, but with a user-variable scan interval?

    :D
     
  7. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    I also want to mention that we also trialed--and REALLY liked TH.

    I can't speak for TDS--I'm sure it's great!--but in my opinion, you aren't going to go wrong with any of these AT's.

    Trojan Hunter performed flawlessly for us here as a trial, and it is a great product also.

    Wish I could have 'em all! :D
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Magnus,

    No prob - you are entitled to make statements concerning your own software - biased as it is (no offense implied!) ;)

    regards.

    paul
     
  9. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Many people like an AT to be able to scan all files of the hard drive and it is true that BoClean will not do this. If I understand this correctly (and that's a big "if") all Trojans must enter the RAM in order to do their dirty work, all of them. This is where BoClean excells; if a Trojan has somehow gotten by your firewall, then been missed by your AV, BoClean will nail it when the Trojan finally tries to do what it was created for and in order to do that the Trojan MUST enter your RAM where BoClean will be waiting. BoClean is like a "last chance" to get the little bugger and it has an excellent reputation of being able to do that. Whatever your decision, good luck.

    Acadia
     
  10. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    I suspect any of the three products would do just fine. From what I understand, running TDS can be simple or complex depending upon what the user wants it to do. If you want to keep it simple, then you can. If you want to use the more advanced tools they are available also. If resources are an issue for an older PC or OS, running an evaluation version would be essential IMO.

    All 3 products are noted for customer service so that should not be a problem for anyone. TDS and TH have free evaluation versions which you can try before you decide. It would be best to do so to see how the product runs on your PC and to see what you find easy or difficult. BOClean does not have a trial version but it does have a money back guarantee.

    Just a note on this comment: "As far as database size goes, TrojanHunter currently covers 2082 unique trojans, compared to 1862, I believe, for BOClean." I always hesitate when I see stats quoted by anyone because sometimes different vendors do not count badboys the same way. One has to know whether or not one is indeed comparing apples to apples when stats are concerned.

    In the past (long before TH, btw) I believe BOClean did not count every single variant as a separate baddie, whereas some other products did. Consequently it would look like Product A had a larger database than BOClean when in actuality it did not. (Again this was before TH so I do not mean my comments to reflect on TH.)

    I haven't been keeping up on the stats for these products or what they do or do not represent. And I intend no disrespect to Magnus or his comments. I simply mention that as a general rule, whether with AT's or AV's, when people see such stats on a vendor's website, I'd encourage people to see if they can determine what the numbers actually represent. Does the AT count each variant as a separate unique trojan or not? That can make a significant difference in knowing what the vendors are stating and comparing. If one knows that about each product then one perhaps can more reasonably assess if a numerical comparison is statistically valid or not.
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D Hello fellow newby will i could give you this and that and spat alot of stuff these security experts do but im a newby just like you.

    Only difrence is i experimented alot threw trial and error i had so much so that tech suport from gate way and aol knew me by first name basses lol :D

    So rather feed you alot of stuff im just going to tell you what to get

    to go with that av

    get Boclean yes its a must its like haveing a online internet body guard

    its newby frindly install then some light configuration

    aka set it up so it lets you know you did get a nasty and thats it its a leave it on forget about it body guard that protects your but lol

    Im sorry to say even though Boclean guards your online internet surfing and alot of nastys your still going to need TDS

    Like you said its not newby frindly lol but if you go into the TDS forum here at wilders towards the top you will see some great click here click there do this postings for newbys

    boclean with tds is a powerful combo that kicks but for the newby.

    as a newby tds is your just in case $.h.i.t happens insurance policy for your pc.

    picture this Boclean is your body guard while you surf

    TDS is you Battle tank when you dowenload stuff that your not sure is safe

    that and if you have excution protection on it kills the nasty befor it can install

    so just get boclean then get tds then go to the top forum read the geting started config tds topic and your done

    just that simple with a little light reading on your part :D
     
  12. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    "Im sorry to say even though Boclean guards your online internet surfing and alot of nastys your still going to need TDS."

    Mr. Blaze, please provide some specifics on why you say that is so. Frankly I do not see why having both is recommended much less "needed." If you say TDS is also needed, if you have TDS then what is there left for BOClean to do? Doesn't TDS have a resident scanner in addition to an on demand scanner? I believe it does. Then what are the reasons for recommending both products for one PC?

    IMO, if one wants a product with an on demand scanner and a resident guard, then get one. If one is satisfied with a resident guard only that is light on resources then there's BOClean. To recommend to another to double up on products seems to me a recommendation for an unnecessary use of resources and funds. Unless, that is, specifc facts are provided on why the recommended course is necessary and/or preferred over other options.

    Sometimes there is a tendency among "newbies" (which I really suspect you are not by now with your experiences) to overload on security apps. They spend so much time worrying if they've got the best this or that that it seems most of their computing time is spent updating programs, running the latest demo exploit or security test and looking for more security apps to try or buy. Hardly any time is left over to use the computer for its original purposes. ;)

    In making recommendations, in my view, one should take into account the user's activities. If filesharing, P2P and questionable websites and downloads are routine for the user and these habits won't change, then I'd advise using some heavy duty security products. (And perhaps duct tape as well, LOL) But if one is using reasonable precautiions and safe computing practices, I suspect that running two AT's is not required. At least I would not tell people that they should purchase two such apps without providing specific reasons for doing so. :)
     
  13. I have used them all.. I am going to tell the truth and try not to flame anyone...

    1. TDS- Very good! However, I don't think it's 100 compatible with Win XP. Tends to create Zero length files that interrupt with using "Help And Support". I found that unacceptable, and I understand TDS 4 won't do that. So, I liked it, very complete program, but I don't use it.

    2. BO Clean - No On Demand Scanner. I don't like the idea of having a Trojan on my computer until it tries to execute. I understand they will be coming out with an on demand scanner soon, but at this point, I consider it an incomplete product. The tech support is very fast and good. Getting your money back on a trial means having to contact Digital River, which can be tedious. I wish they just a trial period instead.

    3. Trojan Hunter- I use it now. Very fast, excellent forum support, however, it seems to confict with the Amon scanner from Nod32, requiring you to shut down Amon before you scan the computer with TH. Anything you want to tell Magnus is better of posted on the forum. I sent 2 suspected Trojan files to him, he never responded. This is over a month ago! THIS IS NOT A FLAME! THIS IS THE TRUTH! If you post on the forum, you'll get a quick response. The other thing about TH is that you need to shut down The Norton Personal Firewall if that is what you are using. I belive Magnus is working on that. I use TH. It found a couple of Trojans with the on demand scanner very fast. BOCLean didn't find them because they did not execute. I can't remember the trojans, but I think they were called "NetDevil 150". The license is very easy to install, and the updates are regular, and weekly..

    Hope this helps...
     
  14. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I have Trojan Hunter and TDS-3.
    I have no complaints on either AT program.

    Both run well "right out of the box".
    You don't need to be a computer expert to run either program.

    TDS-3 is a suite,has more versatility.The "learning curve" isn't that steep IMO.Especially with the help file and the forum here.

    The best way to find an AT that suits your needs is to trial them.

    I never tried BoClean,so I won't comment other than to say that I have heard a lot of positive feedback from BoClean users.
     
  15. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Hey Blackcat , I run KAV and although for me it is all I need, I also have chosen TDS3 as second opinion for trojons. I rarely have it running except for a thorough full scan once or twice a week , as I am very confident with KAv s abilities. You can load it up and run it out of the box though with the exec protection running , and then learn more about it later .Fran has written an excellent post on setting it up simply in the TDS forum .
     
  16. FanJ

    FanJ Guest

    With all due respect: not true! It is NOT the only scanner in the business that can do that.
    Have a look at TDS-3:
    Registry & File Trace scan.
    Live Process Memory Space Scan.
    Process File Scan.
    Object Memory Scan.
    Mutex Memory Scan.
    Build in Netstat.
    Etc.
    ("16 ways to smell a rat")

    That doesn't say very much these numbers.
    It all depends on the way an AT detects a Trojan.
     
  17. FanJ

    FanJ Guest

    Now about the argument "why have two AT's?".
    For the same reason that some people have two AV's.
    Just for a second opinion.
     
  18. FanJ

    FanJ Guest

    Now about newbee friendly:

    It depends on how "new" your newbee is.

    I have friends and family here in my country, who don't know how to defrag.
    I have teached them to use an AV.
    I also wanted them to have an AT.
    I have bought BOClean for them (sometimes as a present for a birthday, sometimes they paid me back; they hardly know how to buy online).
    Why BOClean? Because in my humble opinion it is by far the most newbee friendly AT (see above remarks about "new" newbees).
     
  19. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :cool: lol I'm a newby i like fast easy quick and something that don't hurt my head

    :cool:blaze shrug shoulders sig if you want me to blab a bunch of high tech gargle with sophisticated blah blah blah taking apart applications having long hours of discussions on blah blah why one applications better then the other lol

    you asked the wrong person to debate with

    :Dif you want something that works fast quickly solution to newby needs and that works like i said tds & boclean done

    :Dlol I'm every security experts nightmare.

    when asked fending off a nasty i don't stop to talk about why i chose a program over all others it should be obvious why lol
     
  20. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    "Now about the argument "why have two AT's?".
    For the same reason that some people have two AV's.
    Just for a second opinion. "

    Yes, FanJ, if people want to run two AV's and/or AT's that's fine. But when some one says you "need" to run AT "X" in addition to AT "Z," specific reasons should be provided to support the "need."

    If I were inclined to double up, I might say to to someone looking for an AT that I recommend having both X and Z for a layered defense. I would not, however, say that if you run "Z" you also "need" to get "X" unless I provided specific information that AT "Z" had deficiencies that were compensated for by "X." Which is what Mr Blaze seemed to suggest but provided no info to substantiate that BOClean alone is insufficient.
     
  21. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Mr Blaze, I am not debating. I just asked a question. I haven't much use for technobabble. But I thought perhaps you had some reasoned basis or some experience that resulted in your statement that if one had BOClean one also needed TDS.

    "when asked fending off a nasty i don't stop to talk about why i chose a program over all others it should be obvious why lol"

    Okay.......my mistake. ;) :D
     
  22. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :)
     

    Attached Files:

  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again,
    i ran through the thread so far, interesting it is, and i comment on some parts from postings.


    > Database

    TDS had yesterday 22666 references - 7203 primaries/5788 traces/9675 variants/other. Check the daily updates here in the forum. (not monthly or weekly, i talk about daily and sometimes even more in case or emergency)


    >If resources are an issue for an older PC or OS, running an evaluation version would be essential IMO.

    I run TDS on an older PII with only 128 RAM overloaded with programs and it still runs perfect (win98se). I even test it on an even older P166 with winME and even disabled that to 40 RAM and it still runs very ok.
    In such cases the trick is to start it manually after system reboot or delay it's starting a few moments in the start manager, or don't use all the possible startup scans --especially the process memory scan can be rather consuming-- and do those afterwards.
    On older and slower systems the startup (with every option checked) can take several minutes, on the faster and modern systems a few minutes at most.
    TDS has the habit to speed up the scanning process using all available space.
    Of course i checked every option and sensitivity on highest.
    During Full System Scan, it's heaviest task, i close unnecessary other programs and continue working on without any problems.
    As nasties would be stopped by the exec protection anyway which would popup a warning in case of malware, a full system scan is not needed each day.
    At the end looking at all alerts and deciding what to do with them (i have some test files).
    I like to be able to decide for myself and if i don't know just submit to the TDS lab, can rename or zip the thing or whatever to keep it from running.
    Within no time you have an answer about the file and what to do with it.

    Imagine: besides the support and priority support via email and website two support forums: the private DCS and the official public DCS forum here, and users help users where possible, so many options for fast support!

    I must admit i have Port Explorer running too all time because i love the program very much and the many uses as well showing in one blink of an eye which processes are running and connecting to the outside world; the hidden processes could be legal or trojans and i can give them a closer look immediately, sniff their packets and act accordantly.
    TDS has a packet sniffer too, btw, with the Network > TCP Port Listen.
    With this i blocked those annoying UDP 137 portscans from the bugbear which are still around, till some other licensed operator posted in the DCS private forum a little script for all to use to do the same for us on that one port. So nice and quiet in my firewall logfiles now (and on my system!)
    No more Ddos, overflows nor stumbling and stuttering.


    >Guard and scanner

    There are a guard and scanner in the build to run beside TDS Pro, soon to be there. And a nice free tool soon to be released beside all those which is certainly recommendable to grab it.
    The current exec protection is already guarding but more to be done with the two new programs.


    >Two products together

    I also explained why the one or the other and have a good AV like KAV or NOD32 beside it on the background or as second opinion. As that takes care of the viruses and some trojans/worms, while the specific AT product concentrates on the trojans/worms.
    TDS runs perfect with both and all others as far as i know.
    REad also Wayne's comments (the TDS developer) in the various threads, among others Why Anti-Trojan.


    >Zero length files:

    This is a window related problem, not TDS. Also windows without TDS has them.
    For the Help in XP are internet wide fixes as this is a known problem with installing any software in XP, you can be lucky or not. Workarounds are given for this. Even though it's a windows problem and not anyhow related to TDS, TDS-4 will have solutions for that.


    > Fran has written a setup in the TDS forum

    FanJ :)
    It's excellent and clear for anyone's first impressions. I posted somewhere even an MSagent aided very quick configuration script which runs from TDS. I really love the speech and msagents possibilities and all you can do with that scripting them in TDS. And have voice alerts in case of intrusions.
    This makes the product far beyond normal boundaries and is only limited by our own imagination.
    So i do love the possibilities for administrators to have alerts even sent remotely to their mailbox or with scanning a network if on computer X from user YY is found something --you see it in the log as well-- to have an email sent to wherever you want it for intrusion alerts (hackers included if they would be able to enter your system anyway or inside network alerts of course!)

    Can go on a while. My own "funpack" has of course more additions to deal with spyware/adware/popups/cookies/spam you name them all.
     
  24. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
  25. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,007
    Location:
    Christchurch, UK
    Many Thanks for all your valuable comments.

    Another consideration may be my daughter who is away at University.She visits lots of 'unsafe' sites and uses Kazaar etc. So the fact that I do not need multiple licences may lean me towards BoClean.

    In addition as she has Norton as her AV protection( newbie friendly and updates in the background- she needs a nobrainer AV!!!) she probably needs an anti-trojan on her machine. I know she could do better e.g. KAV/Dr Web or NOD but she is not interested like most people with security on the web.

    However with all the information you have provided I will probably trial TDS and TH first, then have a look at BoClean.
     
Thread Status:
Not open for further replies.