BoClean review by TechSupport

I still dont understand why Boclean is tested as a HIPS? Everyone knows that Boclean is not a HIPS. (Or am I missing something here?) That was what I thought was funny with the article. I thought that was so obvious that no more comments where nessesary

 

Hi, folks: I am not an expert in this field, and I can not comment on tech issues. But I do know few things1) any respectful review writers(no matter in any field) will NEVER use extreme tones to attack any subject. A recommendation such as NERVER buy, Never this or, never that should never have to surface in his review. (2) Do you have any technical background in addtion to your English writing skill? (3) Can you look right into our vast viewers' eyes and declare that you NEVER have received any payments from Kevin? If proved to be false, will you get out of your current career from now on? I say to you, until you can accept my question#3's challenge, all you have said so far is full of NO SUBSTANCE. They are high tea time material. I am awaiting your reply. Until then, everything you brag is nothing more than your way makinge a decent living. Poor guy. I have never looked down people in this fashion before. I think I have lost my mind here. But never mind I can handle it.

 

Why are you testing a signature-based app using tests aimed to HIPS/sandboxes?
Testing signature-based software is very difficult and we already have highly regarded organizations (AV-Test, AV-Comparatives). You should test non signature-based software with a proper methodology and knowing the inner workings of the tested app.

 

Quill I have a very clear understanding of what BoClean does and indeed what it doesn't do. I understand though why you ask this question so let me give you a full and respectful answer.

These days when I test security products I run a pretty standard set of tests. These tests only include limited signature testing as there are many others who test that aspect. Instead I focus on security product weaknesses currently being exploited by the latest generation of malware; the stuff in circulation right now.

These tests cover many different product attributes and taken together these allow me to evaluate a product's performance generally rather than in one dimension only.

For example I look at the protection of certain important registry entries. Now not all security products claim registry protection but I look at it anyway. I want to know.

Oddly enough some product's that I've tested that don't claim to protect the registry do so while others that do claim protection don't do it effectively. That's one of the reasons I run all the tests. By looking at lots of different attributes I get to understand the product more fully.

I include in my tests some HIPs-like features. Now I understand fully that BoClean is not a HIPS product but I ran the HIPS tests anyway. I ran all the tests.

However please note that I did not anywhere criticize BoClean for failing the HIPS tests. I just run these tests for my own understanding of the product.

My criticisms of BoClean were directed specifically at the test results that are applicable to a memory monitor. On most of these tests BoClean flopped. Any memory monitor that can't protect itself, can't protect memory and can't even detect process injection of running processes gets a fail grade from me.

And as for my test procedure not being documented I suggest you look at my lab notes on BoClean.

Not only is my methodology documented but so are all tests results and even the tools I use. Furthermore I offer all security workers access to my test files. That's the way it aught to be. Sadly many security test results on the web are barely documented at all.

I accept that my testing is not perfect, but no tests are. However what I do is in the open for all to see and to independently verify. That all I can do.

 

I read Gizmo's review. Most of his tests of CBOC were appropriate for a behavior-blocker-type HIPS, whereas CBOC is a blacklist-based memory scanner.

And, no, I'm not a CBOC user or advocate. I have mostly moved away from any & all blacklist-based scanners. I only make these comments because I feel that CBOC's true effectiveness can be determined only if it is tested by a qualified test organization, such as AV-Comp, AND only if it is tested against threats that fit the type of protection which CBOC is DESIGNED to provide.

In summary: running behavior blocker-type tests against a blacklist-based scanner is rather like testing a lawn mower to see how well it washes the laundry.

 

Being that he wants to clutter the boards here with his spin instead of discussing his "understanding" at the appropriate site (though he has an account there)...

http://forums.comodo.com/index.php/topic,9105.msg66618.html#msg66618

 

I'd suggest to wait for BOClean 4.24, the current version (4.23) seems to have some bugs/problems.
I've criticized your (apparently) lack of knowledge and/or improper methodology in the first tests of sandboxes. GeSWall performed so poorly in your tests, although in the real world, it gives the same great protection offered by Defensewall and Sandboxie, two awarded apps. You seemed to not understand how GeSWall works.
Best regards.

 

What happens when you feed one of these monsters after mid-night?

 

Kevin has just put up a couple of posts over at Comodo that make interesting reading, including an examination of some of the tests used and talk of a cheque, in his solicitors hands at the moment, that he hopes to post a copy of soon.
http://forums.comodo.com/index.php/topic,9105.15.html

I don't know, but we've seen what happens when you don't feed them.

 

The first two reviews are nearly identical. The 2nd review on v4.10 lacks the Editor's Choice recommendation, some favorable wording is removed, and there is the criticism of slow tech support. However Gizmo did go on to say "Overall we were impressed by BoClean's monitor. In our opinion, it's the best anti-trojan monitor in the business." The third article on v4.11 also shared a lot of info from the first two reviews, but it implied that there are better alternatives.

Is the 3rd review really the result of Kevin not paying Gizmo for a favorable review, or is it because BOClean failed to keep up with newer products on the market?

 

Just been reading Kevin's posts over at Comodo,wish he would answer in this thread.

Something in the garden smells, an it aint roses!!!!!

 

I now see why humanity is in the shape it is in… we have the “Ready-Fire-Aim” mentality… how very very sad.

Please stop all the useless comments and finger pointing.

What each of us has to say, will have absolutely NO affect on the final outcome.

It is up to the principles actually involved to settle this.

Mike

P.S. Based on what I see in this thread, I will not be surprised when I get attacked for this post.

 

What useless comments and finger pointing? Could you be specific? I didn't understand a word of your post as it was garbled and vague so I don't know if I agree or disagree with it.

<Snip> ~ Inappropriate comments removed - Menorcaman ~

 

What a joke!One side tested the app wrong and the other side states they paid for a good review and can,will prove it.Who to belive or better yet,who cares about either side now?

 

Yes,pugmug, but what should matter here is not the chat but the substance, and i can tell you its many years i've been reading critical remarks at BoClean: for years,as a matter of fact,lots of people not used to document themselves, shunned BC on the basis that it had no SCAN they could perform.
It's been hard to show these people that Bc had NO NEED of a scan, but that ,if single files/folders had to be scanned they could easily have been scanned with a trick.

People earning a living or reputation by testing scanners i guess would naturally hate Boclean,
a software impossible to judge with 'normal' methods applied to Avs or HIPS.

I'll repeat that during my four or five years association with BC i never suffered any malware damage and that the five or six persons to whom i suggested they install BC -all notorious and pervicacious virus&trojans lovers- are still devoid of such pests after years in spite of being totally ignorant about IT and unrepentant in their behaviour.

BoClean was 99% perfect in its long career and i take away just the 1% for last week False Positive originated from Comodo people misunderstandings ,which forced me to a few hours on the phone with some of the previously mentioned reformed trojan lovers who were unfortunately deprived of connectivity.

I surmise the new build will be even better and match the best rootkit detectors.

As facts speak for themselves (for me) i cannot follow delirious ways.

 

poirot,as I have used BoClean for way over 4 years and know all about the software program my post stands as is.

 

@ flinchlock, I think Melih has shown why this isn't a private matter between the two parties in his answer to your same post you copy and pasted over at the Comodo forum.
http://forums.comodo.com/index.php/topic,9105.30.html

 

It seems to me that this was a HIPS test done on a anti trojan/anti spyware app.So I have one request for Gismo if he could do a firewall leak test on a few AV's.(Same dam thing)

 

Hi Guys

I just checked in to see if my questions posed to Kevin had been answered. That had not. It's what I expected.

Instead I see over at the Comodo forums a continued outpouring of vitriol against me. Again it's what I expected.

I also see Kevin has posted some old email. Glad he did. It makes perfectly clear that his various financial dealings were with Chris Carven the original owner of the anti trojan web site not with me.

As for BoClean's test results and the various comments on methodology I note that not one person has commented on or disputed my specific criticisms of the product. Instead we have generalizations about the methodology being wrong.

Folks, the fact that a security program can be simply terminated by a hostile agent is not about methodology; it' a statement of fact.

The same applies to the other things I have stated about BoClean

Is anyone disputing these facts? Not that I can see.

Installing a security product that can be easily terminated is like installing a burglar alarm with an on-off switch at your front door. You wouldn't accept such a product as any burglar could turn it off. So it should be with security products.

BoClean is not the only security product with this defect and I have been strongly critical of these products as well. And despite the efforts of vendors like Kevin I will continue to be critical.

Vendors don't like criticism and will do anything to stop it. Look what they have tried to do to me over at Comodo. Note how successful the strategy is: not one word about the specific claims I have made about BoClean, just slurs and allegations about me.

This is nothing new. Just remember what LockDown Corp did to Keith Little. (
http://www.pc-help.org/suit/suit.htm)

Folks on that note I'm going to check out of this forum. I have work to do.











I always like to compare computer security to physical security as it strips away the mystique.

Imagine you have a new burglar alarm installed with latest motion detector.

 

Gismo wrote:

Undoubtably running some firewall leaktests on a few AV's like I asked.

 

Hello Gizmo,

Not that i consider myself the center of the world, but i did write a post where i was polite, didn't touch the personal accusations as i don't have anything to do with them, and answered to your points.

I do not think i ignored your points, as i think the easy termination is a good one. I think you were the one ignoring me.

I read your explanation on why you did those tests, and i can understand it. But you shouldn't show them, as you yourself don't think it's relevant. You didn't find anything surprisingly positive or negative there, so product's description is true - just state that it's only a memory scanner.

My post was an attempt to make this discussion move in the right direction. Maybe we still can.

Cheers Gizmo

 

So, how does one test the effectiveness of Boclean?

I really don't give a damm about the bun-fight between Kevin and Gizmo.

I have anti-vir on my PC and I can go to Comparitives and see the trend for the effectiveness of Anti-vir.

As I said in my initial post I bought Boclean based on the nice words on this forum.

Now, I would like to see some objective testing.

I am disappointed that Kevin/Comodo have not hit back with a reference to an independent test and relied on throwing aspersions at Gizmo when the former would have ended the battle as soon as it started.

If you are selling a product you state its spec and then proceed to prove to the customer how it meets the spec.

Will somebody please prove Boclean is as good as we think? Please, no more anecdotal I have had Boclean for X years....

Ian

 

Gizmo did point out an interesting thing: malware could terminate BOClean easy.

As for detection, i can think of 2 websites that perform good tests, but i don't see them interested in this. For the size of samples they must employ to make it a valid/interesting test, it must look impossible given that BOClean is memory only.
Maybe only running the missed samples of all AV's with BOClean active, to see what additional protection/ detection it provides. That way they handle less samples, and stay true to the program's description.

One should note that developers are not /should not be thinking of how to make an application testable. Maybe after. They try to make it effective.

Lets stay away from that. Let's watch it in the background.

 

Interesting how Gizmo "or is it gadget?" is buggered about how none of his questions are being answered and yet the most damning question about him gets kinda ignored. Its those cancelled checks that Nancy has in her possession...