Comodo BOClean Questions...

Hi

I have just come across Comodo BOClean. Is this software a substitute for antispyware or is it to be used in addition to antispyware?

What IS the difference between malware and spyware as it all seems to me to be shades of gray?

I run AntiVir Personal Premium and SUPERAntiSpyware Pro so would there be any point trying Comodo BOClean?

Any info and suggestions on configuration greatly received.

 

From what I understand, BOClean would only serve a supporting role with your current set up. It is a memory monitor that watches what enters and if it's bad, then BOClean snaps into action. It doesn't have your 'typical' on demand scanner that most are used to. It is only a real time application. If something would happen to get by your AV and AS, then yes, it could be useful.

To me, the line between spyware, malware and trojan seems gray also. I would say that BOClean is not a substitute for an anti-spyware at this moment. They are working on improvements. I think it was considered and anti-trojan and now it's call an anti-malware. If you want to know more about it and are considering it, I would highly recommend glancing over the user guide. http://www.comodo.com/boclean/supboc.html

Their forum is here. http://forums.comodo.com/comodo_boclean_antimalware-b83.0/

I hope this helps and hopefully someone else will stop by .

 

I would agree that BOClean's focus was and in many ways still is anti-trojan. But if I understand how BOClean works, it looks to me like it could be adapted to look for many other kinds of nasties.

For the last couple of years, one of BOClean's ad slogan's was that BOClean users didn't need to run HiJack This! (because, I assume, they never became infected with anything needing an HJT log.)

I have ran BOClean for nearly 2 years and had little issue with it. It's had a couple of false positives that I dealt with but they were not a big deal. (The new 4.24 version has better help to recover from FPs.)

My current setup at home is NOD32, SAS Pro (real-time turned on), Comodo BOClean 4.24 and MJ Registry Watcher. They all play very well together...

 

Malicious Software covers all variants of baddies. Spyware is specfic to software that attempts to gain information from your system and 'phone home' with it, or merely direct you to sites based on your habits etc. Adware is often spyware, because it will follow your activities in an an attempt to foist tailored advertising on you. If the adware just displays adverts without collecting info on your surfing interests, it may be considered pure adware rather than spyware.

Spyware is often delivered from trojans, so anything with anti-trojan capabilities will be protecting you from spyware, but the protection may not extend to infected machines or spyware installers themselves - it is directed at the trojan that delivers the spyware.

Pure viruses are self-replicating malware that infect system files, whilst trojans exist as their own files - this is a bit like viruses that infect cells of the body while bacteria are cells themselves and exist outside body cells. An AV is required in order to deal with pure viral infections, but they can also catch trojans realtime and prevent them from running.

An AT memory scanner like BOClean or AVG-AS can inspect files as they unload into memory, thus being able to recognise heavily encrypted baddies that are thereby disguised from the AV on your system.

Yes, everything is muddled into a grey area so malware can be mixed into a variety of forms without being pure virus, pure virus, pure spyware etc.

It's up to you to decide whether to run different realtime scanners covering the different possibilities. For many people (who know what they are doing) running anti-spyware realtime should not be essential since spyware is not going to be allowed to install anyway. On balance I would rather be running an AT than an AS (an AV is non-negotiable for most people - you do need that), but it will depend on whether you have adequate Execution protection from HIPS etc. CounterSpy for example does have execution protection and therefore is worth running if you don't have SSM etc. In the past AS apps have not offered this type of protection realtime (I'm really not sure about SAS).

Personally I much prefer to base my defence on realtime protection, rather than demand scans which I only do infrequently.

 

If you run Antivir PE you don't need any Anti-Spyware. You only can scan you PC with SAS weekly.