BOClean vs. TDS

Ok. I have sort of read through the forum and get an impression that BOClean and TDS are two of the better AT. Now I would like to list out my needs and see how both AT handles them. What I need is just yes or no.

1. super low resource usage (2MB to 4MB)?
2. frequent update (at least once a day)?
3. if possible, replace firewall all together. All I want is to block a trojan horse or trusted software to hijack another trusted software to send data out, i.e. outbound protection or other injection methods.

Outbound detection that comes with the software firewall is a pain to use. Now, i have to delete the trusted list on every logout just in case I accidentally enable some trusted software which can be hijacked by the untrusted software. I thought that will be safe but may be it isn't.

I am now using NOD32 and ZoneAlarm Pro (I know this one is probably not a good choice, but I did a test and installed many firewalls and this was the only one that passed all my test) with a backup KAV. But, as I have said, it is a pain to use.

 

Downripper - Welcome to the forum.

Can't address the techie stuff, but I can say that TDS offers the best AT protection around. Not long ago I was using TDS with a 333Mhz box without a problem. Regarding updates, I see them almost daily (exclusing weekends). I would not recommend bundling an AT with a firewall. Strange combination in my opinion. Give TDS a try - you'll be impressed!

 

Hi,

No offence intended !!!
But in my humble opinion this question should have been asked in the forum-section "Other Anti-Trojan software".

May I please ask the mods/admins to move this thread to that forum-section.

 

sorry...i thought there is no BOClean forum here and there is one for TDS...so i put it here...

 

Hey Downripper,

No problem !

I leave the decision (whether or not to move the thread) to the Wilders-staff

Regards, Jan.

 

both are great and i recomend useing both side by side

im a newbie and i can say this TDS is hard cor and boclean is so easy id actualy say you need both

a fire wall so easy to use is za pro im lazy i hate reading but after 10 minutes geting the jest of zap im a darn security guru lol

thats how easy it is lol

look like a pro buy a zone alarm pro let them people think you know what your doing lol

thats perty much it that 3 part combo kicks but

if you have e-mail threw microsoft i sugest worm gurd to its for really lazy people like myself lol

 

My answer is almost the same as my buddy Blaze posted:
Use both !
BOClean for on-access and TDS-3 for on-demand.
Many users use them both that way.
And, if you like, you can use both at the same time: no problem at all !!!!!

But that all is my strictly personal opinion !

 

As regards you need ...

"3. if possible, replace firewall all together. All I want is to block a trojan horse or trusted software to hijack another trusted software to send data out, i.e. outbound protection or other injection methods. "

... neither BOC nor TDS will make you completely happy. You should try Process Guard or System Safety Monitor if you want to prevent "injections".

 

Yes attackers are more "clever" these days, its more a real battle between them and US - a battle where traditional defences are too easily bypassed by their very nature

 

ok..I have got the basic idea.

My next question is to DiamondCS, will the next version aka TDS-4 include some of features from Process Guard? Or Process Guard will be sold as it is.

Do you have a list of processes suggested to put under protection for each Windows version? Without it I would need to include every running process and those that are potentially started to the list. That will not be practical. Correct me if I am wrong.

The idea is basically what process need to be protected to prevent sending data out of the PC?

Thank you.

 

Obviously, any internet application (for which an allow rule has been created) needs to be protected. It goes without saying that the use of a personal firewall is not redundant ... layered security.

 

--?-- hmmmmm that name looks familiar. Your style of writing sounds somewhat familiar too. But how do you pronounce it?

 

I wonder if that very low on resources is the first issue?
I must admit TDS-3 uses more then BOClean, but both are worth every penny, there are bunches of people using them both together.
With the TDS-4 around the corner and ActiveGuard as part of that new generation software as resident part and protection and more.......
The Execution Protection enables TDS to stop nasty code to be detected and stopped before it can even run at all, so no live trojan needed to be detected in a scan.
The ActiveGuard will build forward on this concept (resident) and offer lots more on very new technologies.
WormGuard has this kind of resident protection too for malicious scripts and worms, among others, while you can add more to your blocklist yourself.
It saved me several times where even the email scanner said a file was all clear to open, WormGuard thought differently, fortunately.
Process Guard is a standalone separate product which runs on the nt/2000/xp systems, not on the 9X series, the TDS family runs on every.
Registered TDS-3 users can upgrade for free.
To keep an eye on and manipulate both inbound and outbound traffic Port Explorer will be a very nice combination.
But no matter which combination you choose, you'll always need some kind of firewall, software, hardware, build in the router, anything.
So in fact you're looking for a kind of outbound firewall?
Or would the protection Process Guard gives you suit your current needs?

 

yes. low resource usage is the number 1 concern.

ok. Let me put it simple. Goto http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/software.htm

and test out leaktest 1-14. Just let me know which software gets 14/14 then that's what I want. But, I tried the free version of Process Guard, it failed on WB and dnstester.

I am only interested whether the AT out there is aware of the methods these test utilities use. I don't want the AT to just get the signature of them and block them when it sees them. This is not real protection because a trojan can use the same exploit and do harm on my pc.

Cheers!

 

I use both on a 98se system.Boclean is enabled all the time and uses little resources.I like the fact that it just sits there and i dont have to mess with it or think about it ,but that it protects when needs be.TDS3 is much more than just an anti trojan and you can spend hours just messing with the tools included with it (string extractor etc)I use TDS3 more as a second opinion to boclean and as a reliable scrutiny tool.Support for both and updates are excellent.Personally i like to use both.Boclean as resident and TDS3 to play with
ellison

 

I use both as well. To be honest, TDS rarely gets used as I have never really had a trojan problem. My McAfee Virus Scan actually is the first to stop anything anyways...its probably all I need. I run BoClean all the time but it has yet to catch a single thing. The question of which to use however was answered when BoClean decided to charge users for their next upgrade...TDS-4 will be free to current users. I will probably just stop using BoClean and go completely TDS-4 when it comes out...I understand it will have resident protection which is all I really want anyways.

The best protection I ever purchased was my Linksys firewall router. I would imagine that it along with a good AV is all you really need.

Where do you peeps get these trojans from anyways? EMail? Any good AV should catch that. The point is, I think all this is overkill...and some of you still get trojans? I guess I am lucky.

 

Since trojans do not (usually) replicate automatically, the ones you see will usually be planted by a cracker who (being smarter than the average virus) may use run-time compression software or hex editing to get by any AV/AT signature scanners. This could then be emailed to a prospective victim - but a far more likely use is to plant it somewhere where tracing the source is difficult. So Usenet, IRC and P2P are prime sources and people using these are the ones who should consider AT software along with AV.

Just to confuse matters a little more - TrojanHunter is a well-regarded AT with frequent updates and has an easy-to-use interface. I can't comment any further on it though.

Finally please note that no AT can currently replace a software firewall (with the possible exception of Tiny - which is a software firewall). To do so would mean hooking into Windows' network stack and keeping track of all current connections as well as intercepting network packets with illegal or corrupted headers intended to cause a Denial of Service. Not only can a software firewall cover these situations, it can also advise you of "legitimate" applications making network connections you may prefer to block - like for example Windows Media Player or Windows Update (this applies to rules-based firewalls like Kerio and Outpost rather than simple permission-based ones like ZoneAlarm or Look'n Stop though).

 

A firewall is a MUST, and many methods of firewall bypassing will be blocked now by the best firewalls. ProcessGuard is intended to assist the firewall but most importantly, to block forced code-injection at the kernel level, and to block rootkits. If your firewall and AV fail, a rootkit could then hide forever. If it cant root itself into the OS, it wont EVER be able to hide and can easily be spotted by the firewall when it tries to open a port or connect OUT

TDS-4 will not include ProcessGuard, but we will provide a way for users to put our layered security programs together - and when we do, they will become even more powerful due to working together

 

Is my Linksys good enough? If I go to Shields Up! on S. Gibsons site, it shows ALL my ports as stealthed. I would rather not run a software firewall. I figure if something tries to call out, BoClean should zap it. Besides, I run full virus and trojan scans weekly with McAfee and TDS-3.

 

Hardware is great.. but outbound blocking is ONLY accomplished by running a software firewall. Thats a firewall's job, not BOClean or TDS

Why not ? Try Kerio 2.1.5 if you dont like resource hogs.. very light

 

OK I'll give it a try. The only thing on Kerios site though is version 4. Where can I get the v2? I really dont want the added bulk v4 appears to have...I dont need a popup stopper or anything else. All I need (i guess ) is an outbound connection monitor. Is there anyhting else that would serve the same purpose because I really dont need all these features....only outbound connection monitoring.

On another note...just a question. I also run Total Net Shield....a proxy (port forwarding). When I go to steve gibsons shields up! test, it shows a few of my ports open....this is with the proxy running. If I run without, all my ports are stealthed. Is it scanning the proxy server and not my PC when I test with the proxy running? Does this pose a security risk? I assume that my PC is safe with or without the proxy server....my linksys firewall router is always on.

Why do they call it a Firewall router anyways...arent ALL routers firewalls? Strange because they make a point in calling it a firewall router....its the BEFSX41.

 

Try this link:
http://www.kerio.com/dwn/kpf2-en-win.exe

 

Then you need Tiny Personal Firewall 5.5.1332.
-hojtsy-

 

Does it really pass all 14? I've tried them with Zone Alarm Pro and with security set on medium it fails some of them. If I set program controls to full I am inundated with alerts and after a while my connection dies. I might have to give a Tiny demo a go.