Boclean Advantage

Discussion in 'other anti-trojan software' started by chaos16, Jun 5, 2005.

Thread Status:
Not open for further replies.
  1. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    wat is the advantage of Boclean compared to all other antitrojans is it true that Boclean is the antitrojan that has the best detection and removal rate compared to the other antitrojanso_O?
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi chaos16,

    In answer to your question, I have never seen factual evidence to this effect. What you have in BOClean, is a very well respected AT, that has a very satisfied user base, and withstood the test of time. I can say exactly the same thing about the other very respected ATs including TDS-3, Ewido, and TrojanHunter.

    Assuming you already have an excellent AV, I think at the end you have to do one of two things:

    1) Pull a name out of a hat (assuming all run sucessfully on your system)
    2) Buy all four (which is what I did ;) ).

    Rich
     
  3. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    i got ewido 3.0 free and a2 free is that good enough for antitrojan protectiono_O
     
  4. -.-.-.-

    -.-.-.- Guest

    The free versions are crippled...that's why they do not protect as well as they could.
     
  5. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    wat about if i keep the free version of ewido and i buy the payed version of a-squared 1.6o_O

    is a-squared ppayed version very goodo_O

    is the guard a very good preventiono_O?
     
  6. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    As always, it depends upon what you are running as your AV, what are your driving habits, and what you are looking for. If you would like additional real-time protection, to back-up your AV in real-time (which is a better place to be, since it is easier to detect at this stage and you are able to detect the AT before it can do to much damage), then you might want to purchase a real-time AT monitor. Many people do ... and many do not. If you can afford one, I would recommend it.

    Rich
     
  7. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    The advantage of running BOClean in the background is that you will never see anyone post or find on google.."My BOClean missed this one and now I am infected. "

    I stop comparing products long time ago..I do not use BOClean..but would if I had the need.
     
  8. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Creature Chaos16,
    This is very good advice. Count me as an "many do". This has been my approach for several years now and it has proven effective for me. I use BoClean for my Trojan Defense, with several different AV's one at a time of course. I have A squared as a scanner also on the family machine along with BoClean just as a double check and for fun. I have some personal reasons I would rather not speak about for not trying ewido, but many here like it as well. Reguardless imho you should have real-time Trojan protection beyond your AV if you can afford it. ;)
     
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    chaos16,

    Both of these free programs are very able scanners, but the free versions have no realtime component. To answer your question, how much confidence do you have in the realtime AT capabilities of your AV program and do you know its unique vulnerabilities? That's really what it comes down to.

    The manner in which you phrase this question, it is as though there are no interdependencies with the remaining parts of what you use to control security on your PC. However, there are potentially strong interdependencies.

    Some folks who use KAV say why bother with an AT? See here for example. Others (see here and here) come to a different conclusion.

    BOClean's strength is that it is a memory scanner. Rather than put my words around it, here is brief description from the PSC website:
    Layered protection is not simply loading up with a large number of applications, but picking and choosing them so that the gaps inherent at one level are plugged at the next. That suggests a complementary mode of operation might be a desireable characteristic. That's why I use BOClean.

    Without knowing a whole lot more about you, your usage profile, and your sensitivity to the impact of a potential infection, any answer provided is a guess at best and poor advice at worst.

    Blue
     
  10. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    i use kav so is ewido free and a2 free good enough with adaware se 1.06 spybotsearch & destroy 1.4 and microsoft antispyware that as well removes trojans
     
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    While I would watch developments along the lines of the threads I mentioned above, noting whether these vulnerabilities become of widespread practical concern, I'd say you're likely in quite fine shape as is now. Again, subject to qualification based on usage profile, etc..

    Blue
     
  12. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    IMHO KAV is no substitute for a dedicated real-time trojan killer. HOWEVER, if one could not afford both then KAV would likely be a very good choice for your AV. ;)

    Spyware and Adware killer apps. good too, but still no substitute at this time for Trojan Killers.
     
  13. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359

    This is why BOclean sounds better to me than let’s say Trojan Hunter. From that quote it sounds like BOclean can stop a Trojan before it is executed or loaded into memory, similar to lets say NOD’s IMON. An AT like TH just scans the memory every 10 seconds, which leaves a big gap for something to slip in (much like registry monitors that poll the registry), so TH would probably catch the Trojan once it is too late and already on your system. I would much rather have the Trojan stopped before it is even executed. If BOclean can truly do that then it is very appealing to me. Except for the fact that many users have mentioned CPU spiking issues when run alongside with PG, if they can fix this issue in a future release then BOclean will probably be the AT I finally end up buying, and then continuing to use A2 and Ewido free for on-demand scans, since BOclean lacks an on-demand scanner.
     
  14. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    I think Blue's answer is the best answer to the question. Choice of a AT or whether a AT is even needed depends on many factors including surfing habits.

    Many people hate NAV but my father has had NAV suite on his computer for 3 years and has never been infected. The only other things that I have put on there is HPguru host files, Spybot and Spywareblaster.

    My father has never been infected because it is a matter of where he surfs and where he surfs NAV only is quite adequate.

    Probably for most people KAV only is quite adequate but for those that put their system to the real test by surfing very murky areas of the internet KAV might not be enough.

    Last year, I started to realize some of my security setup was overkill for I spent a majority of my time cruising security boards like this one. For people cruising security sites only......well, they could probably get away with using a free firewall only. (Their computer would run much faster).

    On the other hand, there are those that like surfing the murky areas of the internet (like porn sites, hacker, cracker sites, constantly on IRC or IM, using p2p software, constantly running unknown programs) for them....a high security profile needs to be maintained in order to remain uninfected.

    I believe most of the regulars on Wilders believe in overkill......which is why It is rare that I ever heard of a regular on Wilders ever getting infected. Probably most people on Wilders have computers that run slower than normal (because of all the security programs loaded in memory) but that is another story :)


    Starrob

     
    Last edited: Jun 5, 2005
  15. ,.-

    ,.- Guest

    BOClean's strength is that it is a memory scanner...and BOClean's weakness is that it use weak signatures.

    [​IMG]

    screenshot shows a modified running trojan server.
     
  16. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    :D But you failed to mention, as you always do, the approach to these "signatures" taken by PCS and the reason why BOClean needs "less" and not "more" like the approach of other products ( who need to prove they have more signatures than the other guy :D ) to do an excellent job of protection... and you and I both know how you "modified" that thingie as you continue to try your hand at manipulation.

    It is not even the real world for anyone surfing the net or downloading.

    That my friend you can do with "any" AT and AV out there..so when are you going to give it a rest with this "weakness" rethoric.

    Go show people how you can do the same thing with the others..and save your graphic.
     
    Last edited: Jun 5, 2005
  17. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Another thing about BoClean, perhaps minor when compared to the protection factor, is this: you only have to purchase the thing once, PERIOD, even for other computers in your household. I am so pleased with that policy, that when it came time to load BoClean onto my wife's new computer, her first, I purchased another license anyway!

    Acadia
     
  18. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    In your screenshot, I see you have the BOclean window open. Is it not true that while open, BOclean does not function, hence the redness of the icon in the tray?
     
  19. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Trojan Hunter includes a memory scanner (THGuard) as well as a file scanner so saying that BOClean sounds better because it scans memory is a little misguided.
    This would be an incorrect assumption - the malware has to be allowed to load into memory and execute. BOClean, like every other memory scanner, needs to recognise and terminate the malware before it is able to do any damage.
    Coincidentally enough, this is almost surely how BOClean operates (judging from the regular mention of 10-second CPU spikes from BOClean users).
    Then you're looking at running a file scanner. Of course, file scanners have to deal with compressed/crypted data which can reduce their effectiveness. The idea of a memory scanner is that anything crypted or compressed has to be decrypted/decompressed at some point which is when the scanner has the best chance of recognising it. However this then depends on the memory scanner acting before the malware is able to do anything further so it presents rather more of a gamble - especially when malware writers start coding to counter memory scans.

    This is not intended to comment on BOClean's effectiveness (if anything, being a product focused solely on memory scanning with a small footprint should give it an edge in this area), but memory scans should be the second-to-last line of defense (with process protection and firewalls being the last).
     
  20. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    That's likely my fault at the start of the thread. I tried to emphasize that the free versions had no realtime component without tackling the full versions since, while I own the full Ewido, I don't use the realtime guard.

    As any BOClean user knows, this is correct. I assume ,.- will confirm that the menu was brought up for validation that BOClean was, in fact, installed.

    Finally, as Primrose notes, with the appropriate adjustments, examples similar to this will be found for virtually any product.

    Blue
     
  21. -ntl-

    -ntl- Guest

    @Primrose

    I feel that you may have mistaken me for someone else. If not: please disregard the following paragraph.

    "But you failed to mention, as you always do"

    The poster with the name ,.- is not identical to me (although I have used the same nick ,.- ( = abbreviation for gunner ) in this forum several months ago. In order to stop the confusion I have registered the name ,.-. (Btw. ... I have already clarified in another topic that the nick ,.- is used by two different persons.)

    "and you and I both know how you "modified" that thingie as you continue to try your hand at manipulation."

    Since I am not identical to the above ,.- I would like to know more about these modifications. How do think this trojan has been modified? I think it's interesting because Erazer is relatively new (i.e., there may be no old signatures for this trojan in the unencrypted old 4.11 database).

    "and the reason why BOClean needs "less" and not "more" like the approach of other products ( who need to prove they have more signatures than the other guy ) to do an excellent job of protection..."

    I believe this is a valid argument (at least as long as no other scanner proves that real strong sigs are indeed possible -- looking forward to Ewido 3.5). Maybe it would be a good compromise if BOC used an IDS (like a2) in addition to the relatively weak sigs. (A signature-based scanner is still required for good removal and a clear-cut detection of replicating malware.)

    Cheers,
    ntl
     
  22. controler

    controler Guest

    I am sure all of you have taken the time to compare At's with real nasties?

    Don't be affraid, I know you can do it. Just make sure you are a quick reformater LOL & you have nothing to fear. (NO FEAR) ahahhahahah

    If not I hope you do soon.

    Ans when you do, please be kind and submitt your samples to every company that did not detect them.

    Thank you

    controler
     
  23. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Well, actually yes. I do run into real nasties. Sometimes I compare, but generally not since I use my routine set-up.

    Why do I do this? If a questionable link appears in a post here, I'll generally check it out if it hasn't already been characterized by another mod/admin on the board. No, I haven't run into issues to date. I do have an image, but generally rely on a second boot partition on a separate physical drive for quick recovery if needed - and it hasn't been needed for this type of challenge. It has been required for two unfortunate beta version episodes (which is why they're beta....). I feel fine, really!

    Yes, both NOD32 and BOClean have, at various times, flagged items. With respect to submissions, they were, for the products I use that didn't respond.

    Can't speak for anyone else.

    Blue
     
  24. controler

    controler Guest

    Hey blue Like my new avatar ?

    I used to have Foghorn leghorn but when they redid Wilders i lost it.

    I can tell you for a fact !!! Not all Av-At's get it right in a timley manner.

    I am guessing by the time things are posted on the net ( Nasties) They have allready been here for a while.

    When I test software, I try to see how it would work for a common computer user, Not us Wilders peoples.

    I do think the suite best fits the common user. ( less conflicts)

    What we all worry about is the abnormal nasties. The bought & paid for versions, which are becomming mor & more prevelant.

    SPAM is a big buisness as we all aggree.
    It is all about conning the common user.
    I don't think you really know the stats as to the people getting Phishised today.
    I know of a few suites offering this protection.
    I don't know about you but I get hit with Phishing scams everyday.
    Might not seem to big a deal for Wilders regulars but it IS for the common household user.
    You might on rare occasion see a post where I am infected, But rest assured it was intentional & am just looking for posts LOL

    I used to post on software issues but found not many listen so now try go to the source.

    As far as BoClean goes, YES I aggree there should be a trial, but that sure doesn't stop my respect for Kevin.
    He is a rare breed just like the rest of us here.
    We are unique & not the same at all but DO have a few things in common.

    We are compassionate, Passionate & look out for our fellow man.

    Take a peek & the new writings on the Kensington Runestone.
    Located 15 miles from me.

    I love the area & can fell why the ancients loved it too.

    Fishing is good :D
     
  25. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    All,
    Refering to the graphic. A Guest has made my point on ewido, but I refuse to bad mouth a potentially very good program I have never tried based on personal feelings about those who would submit such a doctored thing. No need for me to restate them they are all above for anyone to read. :p Enough said.

    "...do wrong to none." I really do try to live by it. Sometimes it is hard. :(
     
Thread Status:
Not open for further replies.