Disappointed with BOClean--Again

Discussion in 'other anti-trojan software' started by xxxxx, Nov 29, 2005.

Thread Status:
Not open for further replies.
  1. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,716
    Location:
    Toronto Canada
    I am currently using 4.20.001 could someone post when the latest program update is available? :)
     
  2. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    PLEASE email upgrade@nsclean.com again if you want the new build. It's difficult to go back and see who got what version. There's just too many requests to riffle through, and some may not want or need the new build right away. Plus we have new requests coming in as well on top of this.

    It would really make things saner for us and get you a file faster. TIA!:)
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,716
    Location:
    Toronto Canada
    Ok, good to go. :)
     
  4. xxxxx

    xxxxx Guest

    Any chance you could implement a PHP script or something on your own web site, that would allow legit customers to enter their info (name/email/order #), and download BOClean that way?
     
  5. 42g0

    42g0 Guest

    Wow, I think I'll be buying BOClean. Which of these rootkits should I keep and which should I uninstall?

    1. NOD32
    2. EScan free
    3. Icesword
    4. Prevx 1 beta
    5. Ghost security suite
    6. Regrun
    7. Unhackme
    8. ProcessGuard
    9. Winpatrol
    10 BlackICe IDS
    11. Outpost firewall.
    12. Counterspy beta
    13. Ewido

    Not all are used as resident but as on demand

    I thank you for your help in this matter.
     
  6. 42g0

    42g0 Guest

    I have uninstalled Processguard and NOD32 so far.
     
  7. meargh

    meargh Guest

    2-10, 12, 13
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    ProcessGuard = rootkit ? what planet are we from ?

    A rootkit intends to hide files from the user. ProcessGuard does NOT.
    Referring to PG as a rootkit is ridiculous :(

    Please "keep it real". Rootkit is a serious buzz word these days, saying ProcessGuard is a rootkit could almost be considered slander. We built it to BLOCK rootkits :rolleyes:
     
  9. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Kevin, just so that you are aware (incase it wasn't obvious last time I pointed it out), the way BOClean works isn't efficient. You shouldn't be calling ReadProcessMemory 1000's of times when you check for signatures in process memory.

    Lots of security applications hook ReadProcessMemory and add a little processing time to these functions as you pointed out. The reason it is very obvious with BOClean is because you call these hooked functions too many times unnecessarily. Your method of checking for signatures is inefficient, regardless of the security programs installed. If you are interested in a better approach which is more efficient, you can email/pm me and I will give you a better alternative.

    Using the word "ROOTKIT" to describe other commercial products is a bit harsh, as most people associate ROOTKITs with malicious behaviour. It would be like me calling BOClean a trojan or spyware because it does something similar to malware.
     
  10. 42g0

    42g0 Guest

    ok, I have system restored back to what I have. I am thoroughly confused. Everyone is an expert and are not agreeing with each other. Meargh, sorry I'm not familiar with you so I'm not sure whether your advice is sound. I'll wait until this thread hashes out and makes more sense to me.
     
  11. 42g0

    42g0 Guest

    what I gather is I have too many hooks (hooks - which is what a rootkit does) So one hook is enough. I'm thinking that appdefend may be the one app or hook that I should have. Processguard is a good one hook to protect many apps but appdefend does the same, I think, as well as protect the registry.
     
  12. 42g0

    42g0 Guest

    sorry about the multiple posts. To be honest, BlackIce was the first to alert me of that FBI email with that worm/trojan or whatever it was and shut down OE connection so it would not download to my computer. I restarted OE and bypassed BlackICe then NOD32 alerted me.
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    With regard to the term "rootkit" I would agree with Jason/Gavin about it being used inappropriately here. This term originated in the UNIX world to refer to utilities that could be run to gain "root" (= administrator) access on a UNIX system. These utilities would then try to hide all signs of their presence in order to avoid being detected and removed.

    With Windows, remote access has been less of an issue (due mainly to the ease of compromising boxes via applications like IE) so all rootkits have had to do is concealment. Expanding this term to refer to any application hooking Windows' kernel for any reason (which now includes a number of security applications) is just confusing the issue and diluting the perceived harm that a malware rootkit can have.
     
  14. justpassing

    justpassing Guest

    Well what if someone said instead that said security application uses techiques that are used by rootkits , would that be better? :)

    Okay if it uses such techniques to conceal itself it becomes a rootkit, like Sony XCP stuff. Do security apps conceal themselves yet? ;P

    Not sure about hooking to kernel , but I just tried the latest SSM 2.0+, now that's a LOT of hooks , I can't remember how many, it was ridiculus like 150 or 250 or something. Either that or the tools i'm used f$%^ed up. The more the merrier huh? But as long as you have only one of them.....
     
  15. xxxxx

    xxxxx Guest

    That was my response as well--referring to NOD32 and PG as "rootkits" confused me.
     
  16. meargh

    meargh Guest

    You should really start a new thread for this. It's one of those "Ask 10 different people, get 10 different answers" types of things. I responded with my own preferences and prejudices, that's all.

    I do, however think you have way too much software installed (or "did have installed"). But ... new thread. :)
     
  17. YYYYY

    YYYYY Guest

    God Kevin, for someone who claims to be so busy, you sure know how to post long, slanderous and meaningless posts that really have nothing to do with the main question. Instead of using the ridiculous term or "RootKit" for every product except Boclean, perhaps you might just want to accept the fact that how Boclean works is inefficient and if you knew how to code, you'd probably take the same approach as any other application you call a Rootkit.
     
  18. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    Im trying to come up with athe most efficient suite of security apps I can find. Ive eliminated many and am now running BoClean, McAfee AV, and Webroot SpySweeper. I have licenses to RegDefend AppDefend and PG as well. AD and PG give me issues with PunkBuster games so Ive eliminated them. Would RegDefend provide and additional security to what I am already running? Would it be a good choice to re-add?
     
  19. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,105
    Most Definitely! I'd also recommend re-adding either AD or PG if the problem with PB is sorted.
     
  20. 42g0

    42g0 Guest

    I started a new thread like you suggested but the genius BlueZannetti closed my thread an decided on his own that I was trolling. So once again:

    ........so I have too many hooks and I need to say good bye to some of them. Will you guys help me to make decisions here? Thank you for your help and time.

    1. NOD32 - resident
    2. EScan free - on demand
    3. Icesword - on demand
    4. Prevx 1 beta - resident
    5. Ghost security suite - resident
    6. Regrun - resident
    7. Unhackme - resident
    8. ProcessGuard - resident
    9. Winpatrol - resident
    10 BlackICe IDS - resident
    11. Outpost firewall - well you know
    12. Counterspy beta - on demand
    13. Ewido - on demand
    14. Samurai - I have no idea how this runs

    Hey blue, how about asking before you assume?

     
  21. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    42g0,

    1. How about registering so this can be handled by PM? Post as a guest and you close the lines of communication.
    2. A valid answer was given.
    3. Lots of things hook, rootkits is one of them. Hook does not invariably mean rootkit. Read.

    Personally, I still think this is a troll, but let's assume it's not and proceed from there. Characterizing valid programs like NOD32 as rootkits is off-base, regardless who makes the statement. Here's your list and what I'd recommend....

    1. NOD32 - resident - leave as is
    2. EScan free - on demand - my opinion is duplication at the install level is fine, disk space is cheap
    3. Icesword - on demand - see (2), hope you knwo how to use it.
    4. Prevx 1 beta - resident - beta is for testing/remove it
    5. Ghost security suite - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
    6. Regrun - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
    7. Unhackme - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
    8. ProcessGuard - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
    9. Winpatrol - resident - of 5/6/7/8/9 - choose 1 only as resident, others as demand only if functional in that state
    10 BlackICe IDS - resident - 10/11 optional if you have a hardware router
    11. Outpost firewall - well you know - 10/11 optional if you have a hardware router
    12. Counterspy beta - on demand - see (4) - remove
    13. Ewido - on demand - see (2)
    14. Samurai - I have no idea how this runs - never use anything this foreign to you

    Questions?

    Cheers,

    Blue
     
  22. 42g0

    42g0 Guest

    as far as your answers go, thank you.
     
  23. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    Personal Foul!!:mad:

    Read the long post and get educated. I want to learn. Keep them coming Kevin. The XXXXX offers constructive postings. The YYYYYY just personal attack!:p :p

    I just sent my email to the upgrade link earlier this evening before coming here. Will likely get the build .002 I hope.
     
  24. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    By the original definition of rootkit,- of which can still be found even on the internet - I agree with kevin. look it up. If you want your OS undermined, go with a rootkit. That is what they do, that is how they work.

    Of course today with acronyms du jour and disorders being named for what used to be "a crappy day" these days I understand where the confusion comes in. "buzzword" itself is another one, it is itself a buzzword, AKA iritating nonsense.

    Will you have a holiday tree or a christmas tree this year?
     
  25. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Pray tell us, which definitions were you looking at? This, this and this (to take 3 examples picked via Google) do not correspond with Kevin's expanded definition at all - though the second example is goofy in that it confuses rootkits with keyloggers. The more detailed Wikipedia definition also differs.

    If Kevin wishes to expound on the virtues and capabilities of BOClean's usermode hooking then more power to him. However labelling other products using kernel mode hooking with the term "rookit" is doing a disservice both to him and the security industry generally.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.