Boclean or Treatfire

Discussion in 'other anti-trojan software' started by Badcompany, Sep 20, 2008.

Thread Status:
Not open for further replies.
  1. KoRnGtL15

    KoRnGtL15 Registered Member

    Joined:
    Jan 9, 2008
    Posts:
    45
    Take a look at post #7. http://forums.comodo.com/comodo_boclean_antimalware/why_use_boclean-t22796.0.html

    Kevin has taken over BOClean and is well respected in his field of work. I will take his word over average Joe's that post in a security forum.

     
  2. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    It´s rather Comodo that has taken over BOClean, since Kevin McAleavey is the original developer.

    /C.
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    And he's still the BOClean developer w/ Comodo. ;)
     
  4. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,175
    I would suggest having a better Av and avoiding both TF or Boclean, As for HIPS his Firewall is just enough
     
  5. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    TF\BOclean Are different from your AV's.. You could run TF and Boclean and an AV at the same time. TF behavioral HIPS, BOClean is an antimalware(memory scanner) As they each have different jobs they can run together..
     
  6. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    This is exactly what memory scanners like BOClean does. However, the second part of your statement is incorrect; this is not what many "ordinary" AVs do.

    A file on the disk and what gets loaded into memory are very different things if the file is encrypted with a runtime packer (most malware are). The packer executes and decompresses the original file in memory, so the contents of the memory space for that process and the program file on the disk can be different. What most AVs do is to get a listing of the files loaded in memory, and then scan the corresponding static binaries on the disk, not the contents of the memory space itself. But some AV products DO scan memory, PC Tools' AV has a module called Memory Guard that I believe performs "real" memory scanning.

    The problem with memory scanning is that it's next to impossible to determine when to scan, i.e. you never know which instruction called by the process will cause the packer to decompress the original file in memory. Scanning after every instruction is unrealistic as well, considering how even simple programs can sometimes call tens of thousands of instructions (multiply that by every binary loaded in memory). PC Tools AntiVirus only scans memory on demand, I believe. BOClean deals with this problem by automatically scanning every 5 seconds by default.

    Memory scanners are very effective at dealing with files protected by complex packers, because they don't bother with trying to strip the packer and just wait for the file to unpack itself in memory. But that's all they're good for, other than that they're no different from an AV. There's also another problem; a file can only be detected by a memory scanner when it is already loaded in memory and ACTIVE, i.e. your machine is already infected, and the best you can do is hope your memory scanner can clean it up.

    A behavior blocker like TF, on the other hand, (tries to) stop malicious processes BEFORE damage is done. It is also not dependant on signature scanning, which memory scanning is. So it's not a hard choice, TF wins.
     
  7. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    As I've said in previous posts.. you can't compare them. they do different things.
     
  8. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    And why not? Both products claim to stop malware. Since they aim to do the same thing, there must be pros and cons to the different methods that they employ.

    Your argument is weak, unconvincing, and lacks substance.
     
  9. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    So why don't you just test the stuff yourself to see they work in a totally different way? The OP is running Outpost, installing Threatfire alongside makes no sense, he can use BOClean or something similar that doesn't duplicate the functionality and cause conflicts, or just leave it as it is and move on. This whole debate leads nowhere and feels like everytime someone suggests BOClean then a bunch of people jump in with their "Comodo sucks and never does anything useful" sentiments.
     
  10. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    What makes you think I haven't used them both before?

    I was providing arguments and explanations based on facts. On the other hand, it seems like it's you who's in a hurry to sweep away these explanations based NOT on facts or logical arguments of your own, but by accusing other people of so-called anti-Comodo sentiments.
     
  11. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Good that you've snipped from your "quote" (or better said "misquote") the reason why the answer to the original OPs question (and the actual topic here) is pretty much clear... :thumbd:
     
  12. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Because that reason was irrelevant. If having a pseudo-HIPS in the form of Outpost is a reason not to use an intelligent behavior blocker, then having an antivirus is an equally good reason to not use a memory scanner.
     
  13. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Great, how about providing some reasons on why Outpost is "pseudo-HIPS" while Threatfire is a "intelligent behavior blocker"?
     
  14. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    If you don't know what the products are, I suggest you visit the vendors' websites and learn. Don't expect me to spoonfeed you everything, especially things as basic as these.
     
  15. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Sorry, I didn't find any information about Outpost being "pseudo-HIPS" on their website, instead, they claim:

    As such, your advise is entirely useless. Just clearly shows you don't care about reasoning your (or anyone else's FWIW) claims at all, the focus goes on your personal agendas and unfounded bashing of vendors you dislike. Way to go... :thumbd:
     
  16. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Great. More one-liners, the customary troll accusation, and more sympathy-fishing by accusing me of being anti-Comodo. How about some reasons why my advice was useless?
     
  17. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Maybe just read your previous posts for reasons?

    Thanks for the wonderful advise, I did, and reported what I've found. Now will you tell us the reasons behind your claims that Outpost is "pseudo-HIPS" while Threatfire is "intelligent behavior blocker", or did you just feel like bashing Outpost this time?

    :thumbd:
     
  18. saberfox

    saberfox Former Poster

    Joined:
    Jul 23, 2008
    Posts:
    84
    Apparently calling a spade a spade is called "bashing" in your book. No wonder that word just spouts incessantly from your mouth. Telling the truth is called "bashing". Pointing out your mistakes is called "having agendas" and "trolling".

    You're obviously not an Outpost user, hence your basing your arguments on ignorance yet feeling you're perfectly correct. So here's a screenshot of Outpost attached for your convenience. Outpost has no ability to distinguish between normal and harmful activities, save for a whitelist. It blocks individual instructions called by processes without checking prior or following instructions to see if there's a correlation that indicates malicious activity. And if this is similar enough to ThreatFire that you shouldn't it, then that's an equally good reason to not use BOClean when you already have an antivirus.

    Fishing for sympathy by accusing me of being anti-Comodo, anti-Outpost or whatever might work better when 1) you aren't so ignorant about what you're blabbering your mouth off about, and 2) I really am exaggerating the deficiencies of those products instead of basing what I say on verifiable facts. It is also a poor way - along with accusations of "troll" and "agendas" (look who's talking!) - to conceal your own mistakes. This is your last warning - you can either start debating with logical facts and arguments, or you can continue your string of false accusations as desperate attempts to salvage your ego and I will begin to report your posts for inappropriate content.
     

    Attached Files:

    • 1.PNG
      1.PNG
      File size:
      78.6 KB
      Views:
      1,208
  19. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    504
    If u can take a break from your war and explain why threat fire is needed on a system with Outpost?
    It is a great addon for signature anti-virus but how can it help on a system with a clasical HIPS?
     
  20. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    Yeah please stop the arguments, Your wasting my bandwidth with your comments. :p

    I would also be interested in virtumodes question, quite often running applications that have the same job will cause conflicts (for example, threat fire and outpost HIPS) So it would probably not be a good idea unless proven to run those at the same time.

    Many products aim to do the same thing, Many products work on a different level. Working on different layers gives better security. I would assume you would have more layers than just your Threat Fire? probably - FireWall,Av,threatfire. There is 3 levels right there; They all have the same goal, to stop malacious activity - having them run on different levels makes more layers of security. Over lapping layers usually reduces security
     
  21. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    Kyle1420,
    Yes, I agree. I use to load up with layer after layer in the old days. No more! ;)
     
  22. freakish

    freakish Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    46
    I prefer BOClean. It doesn't consume that much processor resources (Try running your system with and without BOClean to test this). In my computer, I don't notice a speed difference.

    Threatfire makes my system noticeably slower and causes problems with some programs. Also, it has never caught an actual malware in my computer.

    IMO, if you are at least slightly experienced in dealing with malware then you won't have a need for Threatfire (it might even just annoy you).

    Make sure you also use an antivirus with high detection rates (I personally use Avira Antivir), and do a regular scan with SuperAntiSpyware. I would also recommend Trojan Remover for efficient trojan detection and removal, and very fast scans.
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Could you explain how it usually reduces security?
     
  24. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    RegProt or Safe 'n' Sec
     
  25. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    I 2nd this, had very good experiences with this one - def on par with sas n mbam
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.