A_Squared/BoClean

Discussion in 'other anti-trojan software' started by <DreamCatcher>, Apr 25, 2006.

Thread Status:
Not open for further replies.
  1. <DreamCatcher>

    <DreamCatcher> Registered Member

    Joined:
    Jan 6, 2006
    Posts:
    154
    Hi all ,

    I have been reading through this thread on Ewido and BoClean>

    https://www.wilderssecurity.com/showthread.php?t=123274

    They both seem very good programs to help protect your system in a kinda layered defence, but as a A-Squared user I have always wondered how A-squares realtime IDS technology compares to BoCleans realtime protection?

    I mean if you only had to choose either A_Squared or Boclean based Solely on their realtime how would you chose? I Know A_Squared has a huge amount of Signatures in their database (367591 +), but does this mean it is better than BoClean?

    It would be really good to hear from anyone who has experience of using these programs in real-time.
     
  2. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    Re: A_Sqaured/BoClean

    No. They differ in the way that they express the numbers of malware covered.
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: A_Sqaured/BoClean

    I've tried A2 for months and while it is definately a nice product and certainly not bad or whatever I would go for Boclean immediately. imho the most important aspect of A² is their IDS .. but if you don't know a thing about some processes specific behaviour, you could get into trouble .. or if you don't like popups or suffer a popup fatigue, I'd go for Boclean.

    I'm using Boclean for a year now, their support is second to none, multiple updates a day, free for all pc's at home, no annual subscription fee ...

    Boclean it is ;)

    the amount of signatures is of no importance what so ever.

    It would be nice, fantastic and incredibly interesting if Andreas Clementi would test all the AT's memory scanners, that way we could see the complete story about all those niche products ..
     
  5. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    Re: A_Sqaured/BoClean

    The following is a small and fairly old illustration of the differences. BOClean only needs 1 definition per variant of malware. You can see how many another AT needs for the same protection.

    Backdoor.BlueFire.036:5c1f640f6ba2a4894d83ed47dd65fe4e
    Backdoor.BlueFire.036:9fb3a76adcaad832e6908aeeda5090fa
    Backdoor.BlueFire.036:c25bc3e9cdd5b3d83c58fb7056035776
    Backdoor.BlueFire.041:6836c7ac757af67232c7383bfc4db580
    Backdoor.BlueFire.041:703e062bd743458c1a172b39d05cf0c3
    Backdoor.BlueFire.041:b2bcd313bcad64d5cfe8f6a28b746c03
    Backdoor.BlueFire.043:9e2858ca84c5c21b62a28d8b9a22825d
    Backdoor.BlueFire.050:00b7b272301e85800ad1ccad2317166c
    Backdoor.BlueFire.050:0a1232ae26eacde043cc8ee5bfb39c07
    Backdoor.BlueFire.050:0d6eba2f39bf0a930d6650a6db63f174
    Backdoor.BlueFire.050:5f0adad8e71df9cac9ea765898d767b2
    Backdoor.BlueFire:aef54fe67ef6baa7b2c2d2c67a890bbd
    Backdoor.BlueIce:5e9f82ea9653d6581fe0e4fc4a9707e4
    Backdoor.BlueIce:e9bcd5d46bfda3d3c177439db9e21dc1
    Backdoor.Bluntman.420:606ad03cab45ebdc727d823749352440
    Backdoor.BNLite:0644964eec460907725e545449f62cd8
    Backdoor.BNLite:0a5c5bc832b790ffec0d6278670a0820
    Backdoor.BNLite:391fa7185e710f52092ae9c56523c7a3
    Backdoor.BNLite:3f4f68de312cdce943690a3097d34e61
    Backdoor.BNLite:444f5fa3643fd9ca2680b0bf4e12810f
    Backdoor.BNLite:4fc9ad823d506ef28426432048f3ed11
    Backdoor.BNLite:5158d4d3f86010c596ba5ea0c40f48f3
    Backdoor.BNLite:5983435e140544bc90272c3c62d8b033
    Backdoor.BNLite:66db8855fc9fab42aeadc6bcafe70b3a
    Backdoor.BNLite:7edddeeaada3f64b417e150bfbbbcf78
    Backdoor.BNLite:b144d808e8d22fefa1f189b77684f92a
    Backdoor.BNLite:b2ec881d1f66f50c61c58b6df0e44ccc
    Backdoor.BNLite:dbfcda1bb541c6be89718f7976fd1502
    Backdoor.BNLite:dc4141c6f43f5f7280821360caebc52f
    Backdoor.BNLite:e416ffe94c08a13a600de3e271af6548
    Backdoor.BO.a:235a4a64392e5849c4ab1b220a286ec8
    Backdoor.BO.a:4ed1e4b6bfd0355626334814c2562c56
    Backdoor.BO.a:61a7a01ce4df440f9833030e3b910a8b
    Backdoor.BO.a:69ea495633d003b20d1d20705cbcf78d
    Backdoor.BO.a:7aadb4c60fec5cdda775bf1b0ff20cfa
    Backdoor.BO.a:a5bcc60dbe23d2fa05230c4221bdfe10
    Backdoor.BO.a:fd34057b52e0a86d839a624c4444857d
    Backdoor.BO.a2:0be90eee083b9547574ab78ed9ad3ee0
    Backdoor.BO.a2:3f2136860e54698a4df169551a9a0ac2
    Backdoor.BO.a2:43d9b056b57ed89edc0533973df496fa
    Backdoor.BO.a2:5168b946098cd3457d713ed6540c4dc5
    Backdoor.BO.a2:5fef0be3bd49fe1b0c9ac0889ad6fad0
    Backdoor.BO.a2:61e2196bc848cb2c80e6fc4c1c63e5f3
    Backdoor.BO.a2:671ddc60770128f54027af531875295d
    Backdoor.BO.a2:689e956126fc50dbc6d656968956c825
    Backdoor.BO.a2:7a6dd6c9179393b003116469fcb6d760
    Backdoor.BO.a2:84d735a60fa0585e734379979320f383
    Backdoor.BO.a2:8ce13d0487b207f8655cd2cd09481e36
    Backdoor.BO.a2:8d78650ced6a6fd4f66ddc8c47ac3d3b
    Backdoor.BO.a2:9bb23be51226964d2fafbc12595c97a0
    Backdoor.BO.a2:9d734e261791cc6f03de26cb6962e08c
    Backdoor.BO.a2:ab334c75e15fde79482cd09cddccb7f1
    Backdoor.BO.a2:b8a2bfa7cd67c2913e9366e2331a238e
    Backdoor.BO.a2:c704607bded6d1986594f3eb7cf0cc64
    Backdoor.BO.a2:cf2980793bec786161f478fd6875e88a
    Backdoor.BO.a2:e0366c093c05fd26e1f5d40499bbbe6c
    Backdoor.BO.b:1110e758a13335e5eb047af963ce79e8
    Backdoor.BO.b:e6cb6bc29302ab5c3f154df53f0580cb
    Backdoor.BO.BeeOne.13:60bca7951fe25b6fd8e4b301aac0efc1
    Backdoor.BO.BeeOne.14:2ea59af7abffa797421b4b2a30ba9e7c
    Backdoor.BO.BoFreeze:a24695e92e948825f7d9e44c308e227a
    Backdoor.BO.ButtTrumpet:08110b88f00f1ecf55aa21f60c42a9ee
    Backdoor.BO.ButtTrumpet:092a6ff52fadd545c82c4e3ad584bc85
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: A_Sqaured/BoClean

    I think Boclean and Spyware Doctor are one of the fews doing it like this .. for every different checksum, they'll add it ... probably A2 and Ewido will have like 1 000.000 sigs in a few years :D
     
    Last edited: Apr 26, 2006
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Re: A_Sqaured/BoClean

    And employees have to do overtime until midnight to run them and remove the threats. :D

    Edit :
    My readings tell me to use BoClean instead of A2.
    I don't know about BoClean, but A2 cannot be installed without being on-line and that's a disadvantage.
     
    Last edited: Apr 26, 2006
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Re: A_Sqaured/BoClean

    Hi Erik, I don't think all those signatures are created manualy, some of them (advanced ones) still demand manual investigation but I believe they use custom made tools for creating signatures. it's almost automaticaly ;)

    and that's why at the end it is better to go for prevention (call it what you like - hips/ids/ips/..., cause all those behavioural prevention techniques .. the way we knowit now and the way are familiarised with, will probably evolve / change into something else, who knows ...) that idea of you, I could follow and understand very good ... prevention rather then detection through signatures ... ahh well, we'll see I guess.

    Cheers,
     
  9. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    Re: A_Sqaured/BoClean

    Most of them use an automated tool to create MD5's at specific offset/s. This is why they are vulnerable hex editing of malware.
     
  10. Andreas Haak

    Andreas Haak Software Specialist

    Joined:
    Feb 12, 2006
    Posts:
    86
    Re: A_Sqaured/BoClean

    Its not cause they use MD5 signatures, its cause they use signatures in general. Every signature based scanning is vulnerable to hex editing or patching. Find out what triggers the detection and change it. Checksums, code signatures, text based signatures ... they all suffer from the same weakness. The only difference is how difficult it is to find the trigger and to change it :).
     
    Last edited: Apr 26, 2006
  11. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Re: A_Sqaured/BoClean

    BOClean can be installed without being online.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    The PRIMARY strength of A-squared is Intrusion Detection (IDS), not merely signatures. A-squared's free version provides on-demand scans only. The paid version provides real-time monitors + IDS + on-demand scans. As is *usually* (not always) the case, you get what you pay for.
     
Thread Status:
Not open for further replies.