BOClean vs. TDS

Discussion in 'other anti-trojan software' started by downripper, May 14, 2004.

Thread Status:
Not open for further replies.
  1. downripper

    downripper Registered Member

    Joined:
    May 14, 2004
    Posts:
    10
    Ok. I have sort of read through the forum and get an impression that BOClean and TDS are two of the better AT. Now I would like to list out my needs and see how both AT handles them. What I need is just yes or no.

    1. super low resource usage (2MB to 4MB)?
    2. frequent update (at least once a day)?
    3. if possible, replace firewall all together. All I want is to block a trojan horse or trusted software to hijack another trusted software to send data out, i.e. outbound protection or other injection methods. :D

    Outbound detection that comes with the software firewall is a pain to use. Now, i have to delete the trusted list on every logout just in case I accidentally enable some trusted software which can be hijacked by the untrusted software. I thought that will be safe but may be it isn't. o_O

    I am now using NOD32 and ZoneAlarm Pro (I know this one is probably not a good choice, but I did a test and installed many firewalls and this was the only one that passed all my test) with a backup KAV. But, as I have said, it is a pain to use. :p
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Downripper - Welcome to the forum.

    Can't address the techie stuff, but I can say that TDS offers the best AT protection around. Not long ago I was using TDS with a 333Mhz box without a problem. Regarding updates, I see them almost daily (exclusing weekends). I would not recommend bundling an AT with a firewall. Strange combination in my opinion. Give TDS a try - you'll be impressed! :D
     
  3. FanJ

    FanJ Guest

    Hi,

    No offence intended !!!
    But in my humble opinion this question should have been asked in the forum-section "Other Anti-Trojan software".

    May I please ask the mods/admins to move this thread to that forum-section.
     
  4. downripper

    downripper Registered Member

    Joined:
    May 14, 2004
    Posts:
    10
    sorry...i thought there is no BOClean forum here and there is one for TDS...so i put it here...
     
  5. FanJ

    FanJ Guest


    Hey Downripper,

    No problem ! :)

    I leave the decision (whether or not to move the thread) to the Wilders-staff ;)

    Regards, Jan.
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    both are great and i recomend useing both side by side

    im a newbie and i can say this TDS is hard cor and boclean is so easy id actualy say you need both

    a fire wall so easy to use is za pro im lazy i hate reading but after 10 minutes geting the jest of zap im a darn security guru lol

    thats how easy it is lol

    look like a pro buy a zone alarm pro let them people think you know what your doing lol

    thats perty much it that 3 part combo kicks but

    if you have e-mail threw microsoft i sugest worm gurd to its for really lazy people like myself lol
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Actually, you know... I think most "comparison" threads probably do belong in a generic forum section versus the official product support forum for one of the two products involved.

    You see, while I have every confidence that we all can treat a topic fairly regardless of where it is, the main issue might well be "who sees the topic" and "who feels free to respond fully" to that topic...

    A specific vendor forum section is generally visited by a larger ratio of people that use and support that specific product, while a generic forum is more likely to get a mix of people. Further, people with strong BOClean opinions, for this topic in particular, might feel upcomfortable posting those thoughts in a TDS-3 forum.

    So, we'll move it as recommended. :)
     
  8. FanJ

    FanJ Guest

    My answer is almost the same as my buddy Blaze posted:
    Use both !
    BOClean for on-access and TDS-3 for on-demand.
    Many users use them both that way.
    And, if you like, you can use both at the same time: no problem at all !!!!!

    But that all is my strictly personal opinion !
     
  9. --?--

    --?-- Guest

    As regards you need ...

    "3. if possible, replace firewall all together. All I want is to block a trojan horse or trusted software to hijack another trusted software to send data out, i.e. outbound protection or other injection methods. "

    ... neither BOC nor TDS will make you completely happy. You should try Process Guard or System Safety Monitor if you want to prevent "injections".
     
  10. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Yes attackers are more "clever" these days, its more a real battle between them and US - a battle where traditional defences are too easily bypassed by their very nature
     
  11. downripper

    downripper Registered Member

    Joined:
    May 14, 2004
    Posts:
    10
    ok..I have got the basic idea.

    My next question is to DiamondCS, will the next version aka TDS-4 include some of features from Process Guard? Or Process Guard will be sold as it is. :p

    Do you have a list of processes suggested to put under protection for each Windows version? Without it I would need to include every running process and those that are potentially started to the list. That will not be practical. Correct me if I am wrong. :D

    The idea is basically what process need to be protected to prevent sending data out of the PC? :rolleyes:

    Thank you.
     
    Last edited: May 15, 2004
  12. --?--

    --?-- Guest

    Obviously, any internet application (for which an allow rule has been created) needs to be protected. It goes without saying that the use of a personal firewall is not redundant ... layered security.
     
  13. supastah

    supastah Guest

    --?-- hmmmmm that name looks familiar. Your style of writing sounds somewhat familiar too. But how do you pronounce it?
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I wonder if that very low on resources is the first issue?
    I must admit TDS-3 uses more then BOClean, but both are worth every penny, there are bunches of people using them both together.
    With the TDS-4 around the corner and ActiveGuard as part of that new generation software as resident part and protection and more.......
    The Execution Protection enables TDS to stop nasty code to be detected and stopped before it can even run at all, so no live trojan needed to be detected in a scan.
    The ActiveGuard will build forward on this concept (resident) and offer lots more on very new technologies.
    WormGuard has this kind of resident protection too for malicious scripts and worms, among others, while you can add more to your blocklist yourself.
    It saved me several times where even the email scanner said a file was all clear to open, WormGuard thought differently, fortunately.
    Process Guard is a standalone separate product which runs on the nt/2000/xp systems, not on the 9X series, the TDS family runs on every.
    Registered TDS-3 users can upgrade for free.
    To keep an eye on and manipulate both inbound and outbound traffic Port Explorer will be a very nice combination.
    But no matter which combination you choose, you'll always need some kind of firewall, software, hardware, build in the router, anything.
    So in fact you're looking for a kind of outbound firewall?
    Or would the protection Process Guard gives you suit your current needs?
     
  15. downripper

    downripper Registered Member

    Joined:
    May 14, 2004
    Posts:
    10
    yes. low resource usage is the number 1 concern. :rolleyes:

    ok. Let me put it simple. Goto http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/software.htm :p

    and test out leaktest 1-14. Just let me know which software gets 14/14 then that's what I want. But, I tried the free version of Process Guard, it failed on WB and dnstester. :rolleyes:

    I am only interested whether the AT out there is aware of the methods these test utilities use. I don't want the AT to just get the signature of them and block them when it sees them. This is not real protection because a trojan can use the same exploit and do harm on my pc. :D

    Cheers!
     
    Last edited: May 15, 2004
  16. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    I use both on a 98se system.Boclean is enabled all the time and uses little resources.I like the fact that it just sits there and i dont have to mess with it or think about it ,but that it protects when needs be.TDS3 is much more than just an anti trojan and you can spend hours just messing with the tools included with it (string extractor etc)I use TDS3 more as a second opinion to boclean and as a reliable scrutiny tool.Support for both and updates are excellent.Personally i like to use both.Boclean as resident and TDS3 to play with :)
    ellison
     
  17. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    I use both as well. To be honest, TDS rarely gets used as I have never really had a trojan problem. My McAfee Virus Scan actually is the first to stop anything anyways...its probably all I need. I run BoClean all the time but it has yet to catch a single thing. The question of which to use however was answered when BoClean decided to charge users for their next upgrade...TDS-4 will be free to current users. I will probably just stop using BoClean and go completely TDS-4 when it comes out...I understand it will have resident protection which is all I really want anyways.

    The best protection I ever purchased was my Linksys firewall router. I would imagine that it along with a good AV is all you really need.

    Where do you peeps get these trojans from anyways? EMail? Any good AV should catch that. The point is, I think all this is overkill...and some of you still get trojans? I guess I am lucky.
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Since trojans do not (usually) replicate automatically, the ones you see will usually be planted by a cracker who (being smarter than the average virus) may use run-time compression software or hex editing to get by any AV/AT signature scanners. This could then be emailed to a prospective victim - but a far more likely use is to plant it somewhere where tracing the source is difficult. So Usenet, IRC and P2P are prime sources and people using these are the ones who should consider AT software along with AV.

    Just to confuse matters a little more :D - TrojanHunter is a well-regarded AT with frequent updates and has an easy-to-use interface. I can't comment any further on it though.

    Finally please note that no AT can currently replace a software firewall (with the possible exception of Tiny - which is a software firewall). To do so would mean hooking into Windows' network stack and keeping track of all current connections as well as intercepting network packets with illegal or corrupted headers intended to cause a Denial of Service. Not only can a software firewall cover these situations, it can also advise you of "legitimate" applications making network connections you may prefer to block - like for example Windows Media Player or Windows Update (this applies to rules-based firewalls like Kerio and Outpost rather than simple permission-based ones like ZoneAlarm or Look'n Stop though).
     
  19. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    A firewall is a MUST, and many methods of firewall bypassing will be blocked now by the best firewalls. ProcessGuard is intended to assist the firewall but most importantly, to block forced code-injection at the kernel level, and to block rootkits. If your firewall and AV fail, a rootkit could then hide forever. If it cant root itself into the OS, it wont EVER be able to hide and can easily be spotted by the firewall when it tries to open a port or connect OUT

    TDS-4 will not include ProcessGuard, but we will provide a way for users to put our layered security programs together - and when we do, they will become even more powerful due to working together :)
     
  20. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    Is my Linksys good enough? If I go to Shields Up! on S. Gibsons site, it shows ALL my ports as stealthed. I would rather not run a software firewall. I figure if something tries to call out, BoClean should zap it. Besides, I run full virus and trojan scans weekly with McAfee and TDS-3.
     
  21. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hardware is great.. but outbound blocking is ONLY accomplished by running a software firewall. Thats a firewall's job, not BOClean or TDS

    Why not ? :) Try Kerio 2.1.5 if you dont like resource hogs.. very light
     
  22. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    OK I'll give it a try. The only thing on Kerios site though is version 4. Where can I get the v2? I really dont want the added bulk v4 appears to have...I dont need a popup stopper or anything else. All I need (i guess ;) ) is an outbound connection monitor. Is there anyhting else that would serve the same purpose because I really dont need all these features....only outbound connection monitoring.

    On another note...just a question. I also run Total Net Shield....a proxy (port forwarding). When I go to steve gibsons shields up! test, it shows a few of my ports open....this is with the proxy running. If I run without, all my ports are stealthed. Is it scanning the proxy server and not my PC when I test with the proxy running? Does this pose a security risk? I assume that my PC is safe with or without the proxy server....my linksys firewall router is always on.

    Why do they call it a Firewall router anyways...arent ALL routers firewalls? Strange because they make a point in calling it a firewall router....its the BEFSX41.
     
  23. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
  24. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
  25. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    Does it really pass all 14? I've tried them with Zone Alarm Pro and with security set on medium it fails some of them. If I set program controls to full I am inundated with alerts and after a while my connection dies. I might have to give a Tiny demo a go.
     
Thread Status:
Not open for further replies.