BOClean, ewido, and Trojan Hunter

Discussion in 'other anti-trojan software' started by JRCATES, May 30, 2005.

Thread Status:
Not open for further replies.
  1. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    I'm curious what experiences users have regarding these three products,

    BOClean
    ewido security suite
    TrojanHunter


    and how they would rate and compare their effectiveness as well as the features and benefits of each.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    of the three i have only used Ewido. My stepson had been downloading music off of the net and got so infested with malware that his comp almost wouldn't run. I tried several AT's but the only one that would run on this infested comp was Ewido. It scanned for almost an hour and picked up and deleted 142 trojans,worms and other garbage. I will definatly recomend Ewido, It is the only one that didn't let us down on that particular comp.There are other good AT's out there I'm sure but I know Ewido works.

    bigc
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    BOClean is real-time protection only, it has a Guard but no demand scanner (though that may change in the future).

    Trojan Hunter has a much smaller sig base and is more of a specialist anti-trojan.

    Ewido, like A2, has a very large sig base and can catch a lot in the general spyware area as well.

    I use Ewido and A2 so I can't really comment too much on the others.
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    I have all three. None have ever detected any piece of malware since I began using Kasperky AV. Ewido has an on-demand scanner which I run now and then and it may find some tracking cookies. So it is tough to say which is better, since Kaspersky usually finds everything first. Ewido uses less CPU cycles while BOClean spikes when running ProcessGuard. For this reason, I am running Ewido instead of BOClean in real-time.

    Rich
     
  5. AShaR

    AShaR Registered Member

    Joined:
    Jul 31, 2002
    Posts:
    91
    I have ewido but it has never caught anything major on either mine or my kid's pc because either McAfee or avast! respectively, generally nail them first. Other than that I am sure all three programmes mentioned are great at what they do. I like to have a dedicated anti-trojan alongside an AV as a second line of defence, although it could be argued that one of those alongside processguard is more than enough.
     
  6. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    Hi There

    BOClean - BOClean has no "trial version" available, and as I have an issue with the concept of purchasing software without the facility to try it first, I (sadly) crossed it off my list.

    Trojanhunter - (trial version) When I tried this one out I was very impressed with its ability to deal with Trojans (just as it says on the tin), but I found it that it slowed my system down too much. In fairness though, I have not seen this to be a widely reported problem with the app.

    Ewido - tried the evaluation copy which is fully functional for 14 days, after which the real time protection is disabled but on demand capability remains. Excellent piece of kit. Regular, fast updates, powerfull and effective tool, shame the interface is a bit clunky. I bought the license for this one and have not regretted that decision. In addition, Ewido was the first tool which we found to actually help in fixing the Aurora/nail infections that were appearing on floods of HJT logs, although others such as KAV and AVAST are reported to have caught up. A point about Ashars' comment on KAV. I think that KAV is one of the finest AVs around alomg with NOD32, however I have found KAV to be very resource hungry and though undoubtedly thorough, too slow for everyday use. In addition, I practice and reccomend the "layered defence" strategy as being in most cases the optimum strategy at least to start with. I do not expect an AV to detect TRojans, nor an AT to deal with Virii, if they do, then regard that as a bonus, but dont rely on it - you may get caught out.

    You might also consider TDS3, very powerfull but quite an intimidating tool to use initially. For me, it was a toss up between TDS and Ewido and in the end it was purely a matter of personal choice that I went with Ewido - you may find it doesnt suit you.

    In summary -
    1-try before you buy,
    2-seek opinions and advice but make up your own mind from your experience
    3-use what you feel most comforatble with
    4- and most importantly - whatever you have, keep it updated.

    HDRiderUK
     
  7. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I've used full versions of BOClean and Ewido. Both are decent options. While potential users tend to focus on the lack of a trial version for BOClean, be aware that BOClean's licensing is quite favorable. As noted in the EULA:
    Both BOClean and Ewido are effective. The absence of a file scanner in BOClean is not terribly relevant given an AV scanner is generally available, and as has been described elsewhere, single file scanning is available from within BOClean, see here

    On my own systems, BOClean is my realtime AT. Whether it fits your needs depends on your objectives.

    Blue
     
  8. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  9. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    Primrose...that rocked my world :eek:

    Thanks for that invaluable info.
     
  10. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Thanks everyone, I appreciate all of your replies.

    It sounds as if ewido is the most popular and most widely used, but I'm guessing that could also be due to the free trial period and relative ease of use. I'm not sure if TrojanHunter has a free trial period or not, and from researching it a little it sounds as if things like updates aren't exactly the easiest to execute, etc. I'm a little more curious about it's overall effectiveness, though, since it appears to have a smaller signature base....and also, how effective and useful all 3 apps are at dealing with nasties like rootkits and keyloggers (if they do) as well as trojans.

    Also, has anyone tried the free F-Secure Blacklight for rootkits, or heard how they plan to intend to market or distribute the product once it's out of beta?
     
  11. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK

    Not so! It can scan single files.
     
  12. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    Now this has got me thinking...if BOclean does indeed have an effective file scanner built in ALREADY, then why don't the makers just put in an option to use it as a standard filescanner from the shell? I mean, even if it is indeed fooled by some camouflage trickery like the developers claim, its memory scanner would catch the malware if executed. What's the harm in sticking in a feature?
     
  13. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Look at this post that Kevin posted in another thread, he makes perfectly clear what he thinks of filescanners.......in his usual very entertaining style. :D
     
  14. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    Because we don't feel that the scanner is up to the standard we have established with our real-time protector. So it's not something we would want to tout as anything beyond an "undocumented feature".

    Also...a note to the thread in general. We do offer a no-questions, no-hassles 30 day money back guarantee for BOClean and NSClean-new version out soon, very soon(get a free one if you buy now)- and IEClean for that matter. It can be like a trial without the hassle of needing a registration code to install (and later lose?), bacuse you paid up front so we don't have to do the codes. :cool: We really honor it too...ask around if you have doubts.
     
  15. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    1st: trojan hunter has a 30 day trial available from http://www.misec.net

    2nd the not so easy updates are for the trial only. once you're licensed it is very easy to update using its built in liveupdate wizard

    3rd i've found all 3 very effective in handling all kinds of malware
    i have all 3 installed and have tested them, both on my own comp and doing log fixes.. my feeling is that boclean really excels on removing infections :D
    ie it can remove what it detects....

    is ther some reasons why you dont consider TDS ?
    these 3 + tds are really IMHO the only anti trojans worth my dough..
     
  16. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    From everything I have read, TDS is more complicated and more for "technically advanced" users and not as user friendly for novices, which I am. This doesn't mean that I wouldn't consider it, but I would need to be reassured from the masses that all of the reviews which indicate this are incorrect.

    I did download the trial version of ewido, to give it a shot. It seems sound so far, with no problems with the installation, and the guard started right up and is working fine. Also, the updates are frequent and fast. A couple of things that I noticed....after scanning, there is no "recap", indicating things like time of scan, number of files scanned, etc. Also, the last scan I ran did something rather odd: it took about 50 minutes to scan right at half the files (50%), I got up, went to the bathroom, was gone about 30 seconds, came back, and it was finished! Is that somewhat standard and customary, because it seemed a little odd, in all honesty.
     
  17. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You must have missed the "View reports button" which will make statistics available.
    It's just a GUI-bug (fixed in the next version), it does scan all files. :)
     
  18. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    The "View reports button" must be either in a newer version (I downloaded version 3.0, demo) or is a feature included with the full, pay version. I just double checked and there is no such button on my current trial version.

    Thanks for the heads up regarding the GUI-bug, though, I greatly appreciate that.
     
  19. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    It's there right after the scan has ended at the bottom in the grey-bar, it might be called "Reports" only in 3.0. The trial of 3.0 which is a full version for the first 14 days has this option too.
     
  20. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    It says 'Show Statistics' on mine!
     
  21. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  22. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Hmmm.....guess I must have gotten a version different from others, then. I downloaded version 3.0, demo, directly from ewido's web-site. Oh well....

    Don Pelotas.....I didn't check after my last scan, but I will be sure to do so after my next scan. When I launch the main program, I get a screen with these options:

    Status
    Update
    Scanner
    Analysis
    Quarantine

    Status is the main interface, with the security status, status of database, additional and license information. No option for "statistics" or "reports".

    Update just provides access to online update for the latest signatures.

    Scanner just provides the opportunity to manually run a scan (with selected options for scanning)

    Analysis provides a few links underneath:
    startup (detailed list of startup processes)
    connections (protocol/address)
    processes (processes/PID)
    quarantine (list of quarantined items)

    That's it. So I guess the "reports" summary is something that needs to be viewed immediately following a scan. I'll be sure to look for that next time I run a manual scan and will let you know what I discover. Thanks.
     
  23. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Just do a right click scan of any file and you will see what we mean.
     
  24. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
  25. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    Ah yes, Kevin and his choochoo. Never saw him move so fast that early in the morning than the day they told him to start that train up. :D
     
Thread Status:
Not open for further replies.