BOClean has a serious flaw?

I used to be much impressed with BOClean until I tried it. The day I came to know that I can try it free, I downloaded it and tried it against some malware files.
I have many dissappoints/ concerns about it but the most impotant one i will discuss here. Off and on I install Antivirus for some of my friends, co-workers etc and I am thinking to add it alongwith Avast( ThreatFire is another option but the users are actually dummies so BOClean with silent mode might be a better oiption).

This bug I have seen from the very first free version of BOClean and seems to be still present and seems a very serious flaw in BOClean,s protection. Using XP SP2, whenever I launch some malware files to test them against BOClean, BOClean off and on crashes while attempting to clean the infected file( crash happens only during file removal). Say I run a malware xyz.exe, BOClean detects it, kills its process and I get the message that do u want to remove the file also. When I say yes, it,s the time that BOClean crashes and I get the message about it. I have to restart BOClean each time.

I noticed that this crash is rather frequent. Recently I tried 6 malware files and got this crash about twice. Also I noticed that crash is more freqent with complex malware( that copies exes and dlls here and there, changes registry more and install global hooks etc), rather than with simple malware( like a downloader just executing and trying to connect out).

I don,t want to flare up any comodo/ BOClean fans but it,s a serious bug that renders BOCleans protection almost useless. I will post almost same thread on their forums or I will rather like to send an e-mail to the the developer( can anyone give me his e-mail address).

Ordinary users might not notice this bug as they might not come across malware execpt once or twice. It seems very easy to reproduce. Just run about 5 to 10 malware samples and when BOClean gives prompt to clean the file also, say yes. U will see BOClean crashing( unless my findings are wrong or there is some conflict on my system).

 

The author, Kevin McAleavey, is a member of this forum.
https://www.wilderssecurity.com/member.php?u=8121
It would be very interesting to see their response. Keep up the good work!

 

Let,s wait and see. The bug is not new. I am seeing it since I tried it( after becoming free).

 

Hi, folks: Is this bug common among anti-malware apps? because when I run SuperAntiSpyware free scan, if there are any infections( tracking cookies, in my case) detected and removed, a window similar to BOClean will appear each time.

 

I don,t think that it should be common. It,s a serious bug making security application useless. It might be perhaps on some systems due to some conflicts. Not sure!

 

It points out non-existant error handling for specific operations. (The thing you should check/verify after some operation failed; without proper error checking you ASSUME that everything went well and continue with invalid data that's why you see such crash screens.)

 

Hi, Thanks for your advice, but can you be more specific and perhaps to use layman's terms ? I am a cadet in Computer Science, some illustrations/examples will be very much helpful. Thanks.

 

You can do NOTHING against this. It's up to the developer to fix that.

 

Hi, Thanks.

 

I've seen this across several versions and nothing got fixed...

 

After seeing the good Inspector's post and due to the fact I encounter such little malware that trips up my security, this is likely a flaw that should be fixed. However I have had lots of experience with last several versions of OutPost tripping up with such crashes only to find I have a clean system. I use only a little security software to avoid conflicts so in my mind there is no excuse for malware free machines to get such screens. The more I see "sorry for this" the madder I get.

I would say BOClean is not the only one security app. to suffer from this.

However, the point here is well made. This should not be happening, protection software is not much use if this happens.

 

Ok since someone asked what i mean i give here a short example what i mean with error handling. (That most likely doesn't apply to the particular case of this crash but you'll get the idea what i mean)

We want to create a file and write something into it.

First we write:

FILE * pFile;

That tells our program that we want to use a Filepointer (for holding the handle)

Then we open the file in write mode:

pFile = fopen ("wilders.txt","w");

After that comes now the error check:
if (pFile != NULL)

what basically means if the file could not be accessed/created then pFile will be NULL. So with checking using "!=" we check if it is NOT (!) null, that means the file could be created/accessed.

ONLY THEN we are allowed to write something in the File!
fputs ("wilders rocks!",pFile);

If we don't do that check and ASSUMING that all went ok then we will get such a similar crash because we're trying to write to a non-existant filehandle (it contains NULL because there was an error!) in case the system could not create this file. (For example on a write protected media)

Understood?

 

Update.... And for everyone who understood that we go one level higher:

int *(*(*x)())[15];

Guess what that means? (the answer is somewhere "hidden" in that post)

means that the integer x is a pointer to a function returning a pointer to an array of 15 pointers to another integer

 

the integer x is a pointer to a function returning a pointer to an array of 15 pointers to another integer

 

I'm wondering what program out there would be able to deal with allowing all 10 samples to run and then try dealing with it after it executes¿ I try to go looking for malware in the wild by going all over the net just for some real life testing. Ill even download some unknown program(s) and try installing them 1 at a time of course. I believe I may have encountered a false positive similar scenario with the earlier version of this program when it flagged my virtual drive that I use to play games with, and it would prompt upon me launching the application, then ask if I wanted to remove the files, I would say yes but instead of crashing the icon on bottom right would disappear and BOC would shut down and service would no longer be in the task manager. Then I would have to launch BOC again to start it up then I would have no problems. Thats about it for my experiences, so far no problems with latest version, but I have not tried to run live samples of malware 5-10 all at once yet.

 

U can get same even with one to two samples. It,s frequent.

 

Hi aigle,

Did you post at the Comodo BOClean forum and/or did you send an email to Kevin?

If so, where at that forum, and/or what was the reply from Kevin (full quoting of a private email is not allowed, but some way of informing here might be useful).

 

Yes, this happened to me too

@FanJ, this has been posted @Comodo some time ago and afaics no response from KMcA
https://forums.comodo.com/comodo_bo...wn_everytime_it_blocks_a_trojan-t10720.0.html
There are other threads @Comodo with similar

Interesting that no-one from Comodo replied to that thread.
Have to wonder how much "maintenance time" is being directed to CBOC now?
I know it may not be representative of most users ( cf Acronis forum here) but scattered through the Comodo CBOC forums is a constant stream of 'I have issues...' posts that dont seem to get a lot of attention.
I bet there is the usual inimitable KMcA explanation: why not give it?, every time he posts I learn something.

Regards

 

Just curious. The thread from the Comodo forum just mentions v. 4.24.
Does this same problem exist with the current v. 4.25?
Thanks

 

Hi, i might not post at their forums as my impression/ experience is that the posts at their forums often don,t get official responses, so it might be almost useless to post there. ( however my experience is based upon Firewall forums, may be it,s different in case of BOClean section of forums).


I did not send e-mail to Kevin as I thought he might post in this thread, but I was wrong. I have no e-mail address for him. Can anyone provide me his e-mail address, and I will mail him and let u pwople know about the response.

 

The screenshot I posted is with 4.25. Same thing I experienced with the very first free version as well.

 

I run SuperAntiSpyware and have never experienced that problem.

 

Thanks for the response, aigle.
And thanks for bringing this to everyones attention.
I was totally unaware of this problem as I'm sure others were also.
Hopefully they will have the courtesy to answer soon.

 

Hi, Thanks for the feedback. I am not too concerned about it, since I use it as an on-demand scanner. But I will reinstall it at later date to see the difference. Take care.

 

I've noticed this a few times, but I don't see it as a very big issue, simply because when boclean crashes, it has already terminated the malware. In my experience, it has only crashed after telling boclean to remove the file, not once whilst trying to kill it. Also, it's not like boclean simply stops running with no warning, you get the error message, that you have to interact with in order to make it disappear.
I agree that this issue needs to be fixed, but it's more of an inconvenience that a security issue, IMHO.