another one on BOClean

Discussion in 'other anti-trojan software' started by HURST, Sep 7, 2007.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi
    installed BOClean 2 days ago. While testing its performance, downloading tons of files on eMule and clicking every link on the web, finally an infected file came through NOD32 and SAS Pro. But BOClean catched it at the very moment I executed that file (it was a key generator for I don't know what program anymore). So I'm very pleased with it.
    Just for double checking, I scanned the file with virustotal.com, and only one of the scanners (I think it was eSafe) found a trojan. Maybe it was a FP.

    Anyways, the point of this post, is that I started to read every post and ebery review on BOClean, and I found this on http://fileforum.betanews.com/review/1177576698/1/view (if it's not allowed to post this URL, i'm sorry, admins please remove it):

    "Yup,it's FREE, but shortly after the install, Cyberhawk alerted that Comodo BOClean was logging keystrokes..."

    Anyone knows something about this? Is it just a lie?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I remember Cyberhawk once had many FPs in regards to keystroke logging. I dont know how it is now.
     
  3. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    Hey guys!

    I'm the actual author of BOClean and rest assured that aside from being rebranded and provided free by COMODO, it's the same old BOClean it's always been since 1998. Just a lot more things to cover in it than way back then. :)

    Cyberhawk is indeed FP'ing on it, there's no reason to put a keylogger in there, or even some of the other "key hooks" that are often seen in games so that you can have keyboard action in addition to your joystick or gamepad. What we DO have in BOClean (which is probably what it's getting snotty about) is a kernel hook which talks to our kernel driver which allows BOClean to be notified BEFORE any program or library is loaded and started so that we can have a sniff at it while the system is starting it up. I'd have to guess that is what they're triggering on.

    Keyloggers always use one of the "kernel key hooking" routines provided in Windows itself, or they'll use their own. Apparently Cyberhawk can't tell the difference between a "key hook" and a "kernel notify hook" (the latter is receive-only, not bidirectional) and the purpose of the kernel notify hook is for the kernel to let us know it's about to fire something up. We DO like to be there to sniff at everything that's started in order to stop it as quickly as possible if it's some miscreant's work.

    But that's all that's in there, I wrote it in its entirety and if anything "sneaky" were in there, I'd have to be the one to do it. Still don't like stab wounds, so I still play fair. (grin)
     
  4. Nubiatech

    Nubiatech Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    50
    Location:
    IL, USA
    Kevin, thanks for clearing that up.
    Is Threatfire still FP'ing on BOC? Any TF user who can confirm?
     
  5. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    No FP:s here :)

    /C.
     
  6. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    Hello Kevin,

    Great awesome program by the way!
    It seems all comodo progies love kernel hooks... Nothing speaks like a picture!
     

    Attached Files:

  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Just to confirm that neither Threarfire nor Primary Response SafeConnet has flagged BoClean's Key Logging and Kenel hooking . I would assume BoClean indeed is an legitimate AT app as it has been for those good years. ;)
     
  8. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    @Kevin

    Please have a look at no. 2 of the new EULA (http://www.comodo.com/boclean/boeula.html): "Comodo has the right to gather information regarding the use of the Program, including, but not limited to [!!], IP Address, MAC Address, and admin email address to guarantee the proper use of the Program as granted by this Agreement."

    Can you please let us know what kind of information is transferred to Comodo? When is it transferred? Only if you use the updater? Or does also the installer "phone home"? If yes: what kind of information does the installer send to Comodo?

    Thank you.
     
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    This has already been discussed in great length in previous threads too numerous to link to...
     
  10. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    And what was the result? What kind of data is transferred?
     
  11. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    None to my knowledge, as nobody could prove otherwise...
     
  12. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    Did they directly ask Comodo? If yes: did they answer?
     
  13. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Melih stated that the wording was done by the lawyers, and rest assured, no personal identifiers are collected...
     
  14. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: As far as I can see, this issue has been debated, exchanged in many different degree of fashions. Users have raised their concerns far enough, meantime, CEO at Comodo has vigorously defended their position to his teeth. Who wins ? no one . Except, of course, if we as users to make our own next action; use it or not. No obligation attached, Comodo will not lose a penny, if you or I do not use it. If you or I trust its EULA is far more than transparent and trustworthy, then use it just like me. I am now under its protection at free of charge, and sleep well at night. Just my loonie sense. Take care.
     
  15. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    The EULA was a non-issue for me. The interest in the firewall will far outweigh it when version 3 comes out of beta. I have not tested it (beta) though, but will be interested how it performs as far as browser-slowdowns. That was my issue with (2.xx) it...
     
  16. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Yea, when I had BOClean and CyberHawk...I laughed so hard....:D BOClean a keylogger, yea right....:D CyberHawk flagged my pay version before Comodo ever got BOClean...You can rest easy it was a big FP.

    LOL I still chuckly when I think about it. :D
     
  17. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    Boclean saved my hiney 3x this week happydayz :D
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Like I said before I will always use and recommend Comodo BOClean! It is a great layer to anyones Security!

    Cheers,

    TH
     
  19. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    what is Boclean? an anti virus? is it an extra security tool? can it be used along with anti-spyware programs, anti-virus programs, firewall programs, and a program like threatfire? does it conflict with any other programs?
     
  20. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    BOClean is a signature based anti-trojan wich detects malware when it starts, and destroys it. Its an aditional layer of protection. Maybe you already have an AV or/and AS, but if something passes through them, BOClean MAY catch it, saving the day. It's not an on-demand scanner, it just sits there and waits until processes are started.

    Visit www.comodo.com for a full description.

    Its very light on resources, I use it with NOD32 and Superantispyware and work fine, no conflicts. Already detected 2 trojans wich passed my lines of protecction.
     
  21. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Nah... what a naughty boy... What kinda sites are you visiting? :)
     
  22. dNor

    dNor Registered Member

    Joined:
    Oct 3, 2007
    Posts:
    212
    Location:
    Irvine, CA, USA
    Using TF and BOClean here with no issues or FPs. Definately recommend BOClean. :thumb:
     
    Last edited: Oct 15, 2007
Thread Status:
Not open for further replies.