BOClean has a serious flaw?

Discussion in 'other anti-trojan software' started by aigle, Oct 9, 2007.

Thread Status:
Not open for further replies.
  1. showtime33

    showtime33 Registered Member

    Joined:
    Jun 23, 2006
    Posts:
    29
    WTF This is not the only flaw.... go here and download tooleaky
    http://www.firewallleaktester.com/leaktest2.htm

    I downloaded it with boclean installed and ran it and boclean did nothing...

    also ran other tests
    boclean does not detect these....dont know why?

    Anyone else have suggestions for a program that will alert when exe's try to connect to the internet? Please and thank you
     
  2. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Leaktests are not malware by themself. They only emulate malware's behavior

    MaB
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    BOClean is not made to detect leaktests.
    To detect leaktests is the duty of an outbound firewall.
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes I tested it for about three days then uninstalled, I did not see any sense for this tool in case you are experienced user, this may be a good thing for novices, it looks like a extremely static malware guard that only reacts if you push on infected exe.
     
  5. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    They as in the author of the program state that it is a second line defense behind your a/v only.
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    What is the point of adding a second line of defense that uses the very same technology (blacklisting) as your first line of defense? It's just like two of the same thing, only that you're hoping one will work if the other fails.

    Why not select an alternate form of protection that steps in when blacklisting fails? Behavior blockers, virtualizing and HIPS are all much better complements to a traditional scanner than *gasp* ANOTHER traditional scanner.
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Loool, true, true...... and it slows down slows down your system for nothing... if we talk about system pro´s, novice should take what he can.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
  9. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    aigle since your sincere and motivated in your testing, isn't it about time you get your own testing pc ;)
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    There are not tests, only a play and sometimes findings may be just wrong.
    My personal notebook is under test since I got it( 2 years back).:)
    I will prefer a VM with Vista for testing but that needs to put more ram in my notebook. Also MS did not allow to run cheeper versions of Vista on VM and the price for Vista ultimate, bussiness etc is insanely high for me, so I can,t put it on a VM.

    Infact I want to quit this testing due to time factor. I need much more time for other things.

    I have just recently installed Ubuntu and am now dual booting Linux and XP. Since I switched from dial up to DSL, I can use internet on Linux easily.

    If Ubuntu becomes my primary OS, probably I will be doing less and less testing and posting more and more on linux forums asking for commands.

    Let,s wait n see!
     
  11. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    I don't want to *off* the topic, but an integer is not a pointer. So
    x is a pointer to a function returning a pointer to an array of 15 pointers to integers.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Last edited: Nov 19, 2007
  13. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    aigle

    Your findings are the exact same as mine and (quite?) a few others as well have seen.

    They are right of course in the Comodo forum that this should not be tested in VMware etc, but it happens on completely normal setups as well.......................like it did on mine a long long time ago, i reported it at the time (as i know several have over the years) and He seemed to think it was Microsoft's fault, never happened with any other program i tried the same samples on though, they nuked them with ease. :)
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    So I am not alone in this regard.
     
  15. Eh_Greg

    Eh_Greg Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    64
    Location:
    US.

    Very well could be M$. I posted a little test result with version 4.2.3.1. I don't test in vmware. :) It seems that in Don's case, it was a problem with embedded-null characters in registry key... So I guess the regdelnull tool is necessary. I seen this post awhile back but never actually used the tool. Have only used a decent registry cleaner and NTregopt. https://www.wilderssecurity.com/showthread.php?t=128699&page=2
    I haven't followed up with anymore testing though. I don't thoroughly understand alot that has to do with the registry.
     
    Last edited: Nov 20, 2007
  16. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Another flaw IMO besides the one mentioned, is that BoClean apparantly wasn´t tested in a LUA before release, since it can´t update without admin rights...

    /C.
     
  17. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    It wasn't resolved, it returned and has been there in every build i have tried since then (Comodo version 4.24/4.25 was the last i tried), to my regret i never really bothered to contact them again (it was there even if i reformatted/reinstalled MS).....simply because blaming MS for your program shutting down when detecting a piece of malware over many builds seems..... i just got the feeling that..............the always very fast and friendly support over the years aside......that either they simply could not or didn't have the resources to make a serious upgrade to the product, it may require a full rewrite...who knows, it's not exactly the message you would want to send to your customers. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.