BOClean has a serious flaw?

WTF This is not the only flaw.... go here and download tooleaky
http://www.firewallleaktester.com/leaktest2.htm

I downloaded it with boclean installed and ran it and boclean did nothing...

also ran other tests
boclean does not detect these....dont know why?

Anyone else have suggestions for a program that will alert when exe's try to connect to the internet? Please and thank you

 

Hi,

Leaktests are not malware by themself. They only emulate malware's behavior

MaB

 

BOClean is not made to detect leaktests.
To detect leaktests is the duty of an outbound firewall.

 

Yes I tested it for about three days then uninstalled, I did not see any sense for this tool in case you are experienced user, this may be a good thing for novices, it looks like a extremely static malware guard that only reacts if you push on infected exe.

 

They as in the author of the program state that it is a second line defense behind your a/v only.

 

What is the point of adding a second line of defense that uses the very same technology (blacklisting) as your first line of defense? It's just like two of the same thing, only that you're hoping one will work if the other fails.

Why not select an alternate form of protection that steps in when blacklisting fails? Behavior blockers, virtualizing and HIPS are all much better complements to a traditional scanner than *gasp* ANOTHER traditional scanner.

 

Loool, true, true...... and it slows down slows down your system for nothing... if we talk about system pro´s, novice should take what he can.

 

Posted it here. I wish for anyone who has noticed same behavior to join the thread. Thanks

http://forums.comodo.com/comodo_boclean_antimalware-b83.0/

 

aigle since your sincere and motivated in your testing, isn't it about time you get your own testing pc

 

There are not tests, only a play and sometimes findings may be just wrong.
My personal notebook is under test since I got it( 2 years back).
I will prefer a VM with Vista for testing but that needs to put more ram in my notebook. Also MS did not allow to run cheeper versions of Vista on VM and the price for Vista ultimate, bussiness etc is insanely high for me, so I can,t put it on a VM.

Infact I want to quit this testing due to time factor. I need much more time for other things.

I have just recently installed Ubuntu and am now dual booting Linux and XP. Since I switched from dial up to DSL, I can use internet on Linux easily.

If Ubuntu becomes my primary OS, probably I will be doing less and less testing and posting more and more on linux forums asking for commands.

Let,s wait n see!

 

I don't want to *off* the topic, but an integer is not a pointer. So
x is a pointer to a function returning a pointer to an array of 15 pointers to integers.

 

Just an update, as I mentioned that the thread on Comodo forums is here.

http://forums.comodo.com/comodo_boclean_antimalware/boclean_has_a_serious_flaw-t13890.0.html

As suggested by Mods, I even did testing on real system with same results. Sent all logs and malware samples and deposited a support ticket as well. It has been a few weeks but the end result is ZERO. Just a pretty useless reply of support ticket and nothing more. PMed KMcA as well.

 

aigle

Your findings are the exact same as mine and (quite?) a few others as well have seen.

They are right of course in the Comodo forum that this should not be tested in VMware etc, but it happens on completely normal setups as well.......................like it did on mine a long long time ago, i reported it at the time (as i know several have over the years) and He seemed to think it was Microsoft's fault, never happened with any other program i tried the same samples on though, they nuked them with ease.

 

So I am not alone in this regard.

 

Very well could be M$. I posted a little test result with version 4.2.3.1. I don't test in vmware. It seems that in Don's case, it was a problem with embedded-null characters in registry key... So I guess the regdelnull tool is necessary. I seen this post awhile back but never actually used the tool. Have only used a decent registry cleaner and NTregopt. https://www.wilderssecurity.com/showthread.php?t=128699&page=2
I haven't followed up with anymore testing though. I don't thoroughly understand alot that has to do with the registry.

 

Another flaw IMO besides the one mentioned, is that BoClean apparantly wasn´t tested in a LUA before release, since it can´t update without admin rights...

/C.

 

It wasn't resolved, it returned and has been there in every build i have tried since then (Comodo version 4.24/4.25 was the last i tried), to my regret i never really bothered to contact them again (it was there even if i reformatted/reinstalled MS).....simply because blaming MS for your program shutting down when detecting a piece of malware over many builds seems..... i just got the feeling that..............the always very fast and friendly support over the years aside......that either they simply could not or didn't have the resources to make a serious upgrade to the product, it may require a full rewrite...who knows, it's not exactly the message you would want to send to your customers.