does boclean cover any trojans KAV doesnt?

Discussion in 'other anti-virus software' started by tahoma, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    ive been offered boclean via my employer, and ive studied this list: http://www.nsclean.com/trolist.html

    and im running kav. my question is, will boclean protect me against any malware that kav isnt already protecting me from, considering kav, imo, has excellent trojan protection ?
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It has been my experience that a dedicated antitrojan is usually able to handle trojans better than an antivirus. I run KAV also but I also run an antitrojan. If you can get boclean for free, grab it. It is a good app.

    bigc
     
  3. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    thanks for reply, ive already grabbed it but havent decided wether to install it. i dont really want to run any uneccesary programs
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If one nasty trojan gets in your system would make it worth while to install IMO.

    have a good day

    bigc
     
  5. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    When it comes to detection rate no Anti-Trojan can beat Kaspersky Anti-virus. But I agree with bigC that sometimes AT handles Trojans better then Antivirus tools.

    I personally don’t run any AT tool.


    tECHNODROME
     
  6. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    what about conflicts or additional slowdowns from running kav+boclean?
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It hasn't caused me any slowdown as of yet but My machine is fairly powerful. On an older machine it might but with kav 5 i doubt it.
     
  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Absolutely none that I've seen. In terms of resource consumption, it is a minor perturbation on that already incurred via the use of KAV.

    Blue
     
  9. SMaus

    SMaus Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    34
    Location:
    Hamburg, Germany
    My wife runs exactly this constellation on a relatively slow notebook and she has absolutely no problems at all. Concerning detection rate of an AT compared to KAV I'm not sure. I think TDS-3 or Trojan Hunter is better than KAV. But, KAV is an AntiVirus and the TDS and TH are specialized on Trojans.
     
  10. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    With KAV updating every 3 hours, a good, properly configured firewall and little exposure to P2P, IRC and other high-risk sites, BOClean and any other AT alongside KAV are probably redundant in terms of detection of trojans.

    However, if there are no conflicts with KAV and BOClean on your system, then no harm in layering your defense, particularly if you can obtain a 'free' license via your place of work.
     
  11. --ntl--

    --ntl-- Guest

    KAV has a bigger signature database and, therefore, catches more zoo trojans than BOClean.

    However, there are many ITW ("in the wild") trojans that cannot be detected by KAV, F-Secure and other KAV clones (but will be caught by BOClean).

    Examples:

    In general, KAV cannot detect trojans /w a changed entry point (see http://qualified.as/scheinsicherheit/example.htm ). Same applies to rebased trojans ( see http://qualified.as/scheinsicherheit/rebasing.htm ) and certain other manipulations.

    Moreover, KAV does not (and will not) support complex protectors like Armadillo or ACProtect. Consequently, malware that is compressed with the help of such protectors will remain undetected ( see http://illusivesecurity.il.funpic.de/viewtopic.php?t=6 ). Note: the scan log shows the samples that were NOT detected.

    BOClean is not affected by these vulnerabilities (but suffers from different weaknesses). In particular, you cannot easily bypass BOClean with the help of a packer or crypter because BOClean features a memory scanner.

    In summary, BOClean (or another AT /w memory scanning capabilities) nicely compliments a file scanner like KAV.
     
  12. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Acording to this test:
    "Also memory scanners like BOClean 4.11 are (obviously) not immune against rebasing. For instance, the rebased Beast 1.92, CIA 1.22 & Theef 2 beta 5 servers remained undetected. Rebased Bionet 3.18 and Optix Lite 0.4 servers were detected."

    Back in November of 2004 Kaspersky added support for Armadillo ( at least they claimed they did).

    See: https://www.wilderssecurity.com/archive/index.php/t-53159.html


    tECHNODROME
     
  13. --ntl--

    --ntl-- Guest

    @tECHNODROME

    Thanks for your comments! You are correct. Sometimes, also BOClean uses signatures that are not safe. For instance, this STILL applies to Beast 1.92 (just tested /w BOC 4.12.001). Frequently, however, BOClean uses string-based signatures that are not vulnerable. (I remember that even TDS-3 used to use at least one signature that was not rebasing-proof.)

    I partly disagree with respect to Armadillo. It maybe true that Kaspersky claims to support Armadillo. But I guess that this merely relates to a few samples protected by completely outdated versions of Armadillo:

    DETECTED (4 of 20)

    Armadillo201.OptixPro12.exe
    Armadillo220.Bionet318.exe
    Armadillo220.OptixPro12.exe
    Armadillo260.Bionet4.exe

    NOT DETECTED (16 of 20)

    Armadillo201.SilentSpy210.exe
    Armadillo201.y3kPro02.exe
    Armadillo260.SilentSpy210.exe
    Armadillo260.y3kPro02.exe
    Armadillo285.Bionet318.exe
    Armadillo301.Coldfusion108.Hexedited.dll
    Armadillo301.Lithium103.exe
    Armadillo310.AnalFTP01.exe
    Armadillo310.Asylum013.exe
    Armadillo310.OptixPro132.exe
    Armadillo310.RESOURCE.ICONDEL.DC.Oblivion01.exe
    Armadillo310.RESOURCE.ICONREPL.OptixLite05.exe
    Armadillo340.CPMII.Beast192c2.exe
    Armadillo340.CPMII.Theef2b5.exe
    Armadillo340.MydoomA.shimgapi.Repacked.dll
    Armadillo375.CPMII.Max.OptixLite04.exe

    (Test performed with KAV 5 227 and sigs dated January 9, 2005.)
     
  14. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Tahoma,
    BigC is reading my mind again, which swells my head a little because I do not have near the experience or creditials he has. This is an excellent question too, because like Nancy said AV's are getting very good at cleaning the trojans up. I do not believe in leaving my trojan detection and cleaning to AV's of any brand.
    Many times Kevin will send out update advisory saying so in so, trojan or worm or something is lose. We offer this update well ahead of most AV's "Come and get it". I know KAV has quick updates to it's credit I hear. I have never used it.

    My advice if I was offered BoClean by my boss I would load it keep it up to date and feel very safe. Resource useage...wow on my systems 4.12.002 not even hardly a noticed app. running there. ;)

    BoClean+KAV+firewall=Great Wall of China manned by the best warriors of the world. Sleep good you are well protected. :)
     
  15. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    thanks for all the replies guys. lots of interesting reading. im still not sure wether to install boclean though.
    btw kav issue hourly updates now, not every 3 hour.
    and im using outpost 2.5 with component control set to maximum as well so i feel quite safe with that + kav (plus all the anti-spyware apps, hpguru's hosts file AND hardware firewall as well)
     
  16. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I will add that BOClean uses extremely low resources. On my 1 ghz athlon it uses only 3.5% of the CPU each 10 second cycle. I've used it with KAV 4.5 resident and not noticed any change in performance of my pc. I'll say you probably won't need it if you are running KAV 5. But then i'll add that i don't believe it will make any difference to the speed of your system if you do decide to use BOClean. You can always try it. It uninstalls well. I've tried all manner of applications on my pc and BOClean has always played well with them. Give it a try, you can always uninstall it. And just think that if it only catches one nasty that gets by KAV then it will have been worth it.

    muf
     
  17. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I'm puzzled by something but this may not be very important, is it or isn't it? On my pc, as posted in another thread, the new 002 BoClean does a 15% CPU usage spike every 10 seconds, but on my wife's machine it is a 41% spike. With the old BoClean 4.11, my wife's machine would spike at 5%, a jump from 5 to 41% with the version change; mine changed also from 5% to 15%. :doubt:

    Acadia
     
  18. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Nautilus, I do tend to agree here.

    Now: why skip the confusion and log in using your nick next time?

    Wolfe
     
  19. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I noticed that also with the BOClean version 4.12.001. However, with the newer version 4.12.002 it dropped back down to about 3-4%.
     
  20. --ntl--

    --ntl-- Guest

    @Acadia

    I could imagine that the increased CPU usage partly results from the fact that BOC now tries to encrypt its signature database (which is good).

    @Wolfe

    "Now: why skip the confusion and log in using your nick next time?"

    I do not know why you are talking about confusion. Are you surprised that I say something nice about BOC although I had a public dispute with Kevin?

    Registration protects you from being impersonated. Because this does not frequently happen to me there is currently no need to use my registered nick. Apart from that, I strongly believe that registration, control, banning, editing, deleting or closing topics, abuse of mod powers etc. does not benefit this or any other forum. That's why I do not require anyone to register in our forum. Moreover, I believe that the users of a forum should elect their own moderators (like in a democracy). But I guess that's not what you wanted to hear and, moreover, I understand that it is strictly forbidden to discuss such heretic ideas in this forum. Therefore, I will refrain from explaining my reasons in more detail ... ;-)
     
  21. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    I think in the other thread (not sure now) it was mentioned maybe by Mod. Blue that it depended on what else was running the more there was the bigger the spike. I would tend to agree with that. Maybe I'll give it a little more thought and take a look and edit.
     
  22. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    mercurie,

    Yep, that was me. I did do a quick challenge test and that's roughly what appears to occur - makes sense to me based on what it does.

    Blue
     
  23. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    To N -

    If you ever watched Perry Mason you would know that Mr. Berger opened the door to this line of questioning.


    Here are my thoughts on the difference of values on the cpu spikes. I am thinking they probably don't correlate to the actual difference in resource consuption. I think reading those numbers would be like using a sundial to time a 50 yard dash. When you say the spike is about 45, that may be the number displayed but is that necessarily the high value? I'm just guessing that the actual value is probably much higher, but for a very small duration of time. The timing appears to be a repeating pattern so you see a fairly consistent value. just for fun i looked at the performance monitor while creating and deleting 15 empty folders at the low polling setting. the cpu usage was reported as a almost contant 12 percent. I repeated the same task as close as I could at the fast setting (under view) then the numbers became almost random. it was zero alot it was in the 50 percent range often, and less frequently it would show values around 10 percent.

    Well anyway, I think the CPU usage is more intended for a process running along time, like a spybots scan (just guessing). Still, I'm just as addicted as anyone to looking at the graph and the numbers.
     
Loading...
Thread Status:
Not open for further replies.