Info on eventual BOClean 5 upgrade

Discussion in 'other anti-trojan software' started by optigrab, Nov 26, 2003.

Thread Status:
Not open for further replies.
  1. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    From the NSClean website:
    http://www.nsclean.com/index.html

    15Nov2003
    Development for BOClean 5.xx commenced, establishing this (11/15/03) as the date after which all BOClean 4 series purchasers will qualify for a FREE upgrade to the feature-based BOClean 5 upgrade. Critical upgrades for the 2 and 4 series will be fulfilled (as necessary during this interim period) according to the current BOClean Maintenance Agreement.

    http://www.nsclean.com/nancysnote.html



    (Apologies to the Mods if this post belongs elsewhere.)
     
  2. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Optigrab, VERY interesting, thank you. :eek:

    Acadia
     
  3. srfox

    srfox Registered Member

    Joined:
    Jul 25, 2003
    Posts:
    86
    Location:
    Los Angeles
    Great News, Now I can consider getting BOClean.
     
  4. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
  5. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I love Kevin, but I hardly ever know WTF he's talking about! ;)
     
  6. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    He does have his own unique style doesn't he. Or do all New Yawhkers talk like that?

    Acadia
     
  7. FanJ

    FanJ Guest

    Heya Acadia,

    BIG thanks for THAT link; I missed it :rolleyes:

    [hr]

    Yeah, I love to read Kevin's postings :D
     
  8. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Well, I live just a couple hundred miles from Kevin, and I don't talk like that. :D

    And for people who might want to (or already have) mentioned their interest in BOClean 5, here's a quote (one of many) from Kevin on it:

    Good thing Kevin doesn't work in marketing! :D I love the honesty! And I agree with him 100%.
     
  9. FanJ

    FanJ Guest

  10. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    LOL, yes Kevin's aways had difficulty containing his uh..."enthusiasm" every time the issue of a BOClean on demand scanner has come up. ;)

    I must say that when I first downloaded BOClean I was stunned at how small the app is. Then delighted. :) No care and feeding required and it's well behaved: it stays out of my way and now even updates itself. Glad to see that BOClean 4 will remain viable. :)
     
  11. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    me too, besides there's always a wealth of information hidden there? plus a sense of humor..
     
  12. Well, gawrsh, THANKS, everybody! I guess I'm just a product of living out in the woods of upstate New York. Yes indeed, BOClean "4" as everyone's come to love it will "forever be wild" regardless of what we do - everything ELSE wouldn't require "runtime" ANYWAY. But for those who INSIST that we sniff at buggered files and find NOTHING until it runs, then fine - if that's what people want, we'll do it ... but the spirit of BOClean 4, if something gets past the file scanner, will still leap up and give it a solid biffing just the same. :)

    Once the snow flies (as it has) then "cabin fever" (an incurable disease, only cured by death) sets in. In order to live in a remote area without becoming a "republican" one MUST have a sense of humor, and STILL watch cartoons every day on TV at the age of 54. "Life is what you MAKE it." :)

    But in my continued childish jumping up and down before our wigs here, I still insist in Monty Python truism by inference, based on "Argument Clinic" ...

    "FILE SCANNER? You bloody Scots GIT, you've already got one."

    "No I haven't, I need ANOTHER program to rescan what I've juist scanned" ...

    "No you don't!"

    "Yes I do!"

    ... continuing to spiral from Monty Python into Laurel and Hardy ... I guess my mentality is my own fault here - I'm used to dealing with digital terrorists ... instead, I perceive the exterior goings-on as schoolboys doing pratfalls. It's *so* boring. :)

    So PLEASE excuse my flippant attitudes, I'm just so tired of it all ... FORTUNATELY, here where *I* work, they appreciate my freedom to say what I think, even if it's embarassing. And in "Uh-merica" lately, that's SOME SERIOUS freedom! After all, one's BOOT is the only truly politically correct orifice. :)

    Seriously though ... as I posted elsewhere ...

    My "ridicule" is based solely on the perpetual harping on "it's GOTTA
    have a file scanner" and my own attitude of "fer KRIMMINY'S SAKE! You've
    GOT a file scanner already, it's your ANTIVIRUS. What good did it do ya?"
    99% of the time, it's already caught the critter before it even gets
    written to the hard drive. BOClean's there for that other 1% ...

    I wrote a little diatribe earlier on DSL Reports, but it's a needle in a
    haystack at this point, page six on this link:

    http://www.dslreports.com/forum/remark,8620641~mode=flat

    I'll reproduce it here since you folks are actually INTERESTED in why I
    did all that ranting and raving and am threatening to call it "BozoClean"
    ... fear not, Nancy will NEVER let me do that but *I* think it's a catchy
    name that will finally put us out of business. :)

    The article is about virus tests, how useful they may or may not be, and
    one of the diversions in the thread turned to why antitrojans don't detect
    the clients and editservers unless they too are malicious. My response was
    as follows:

    -------- rant mode ON! ------------

    The PROBLEM with "file scanning" is that there are just TOO many ways of
    getting around them. It's not so much that the AV's aren't doing their job
    - they genuinely ARE. And if a nasty gets into a machine with the DEFAULT
    format as generated by the editserver, or they use something like UPX,
    Aspack and such, there ARE "unpackers" which are part of the HUGE
    collection of DLL files included in the file scanners out there. With any
    such modifications, they WILL be detected at the file level successfully.

    The PROBLEM is that there are a number of techniques that can cause the
    unpacking to fail or to fool it. There are other techniques which cause a
    file that has been successfully unpacked to slip right by. This comes down
    to the "AV mindset" which hasn't changed much since the 1980's. :(

    Back in the "golden age of viruses," a virus would attach itself to the
    *END* of a file, then alter the init "entry point" to do a JUMP to the
    viral code which would execute first, then point back to the ORIGINAL
    entry point. It was *so* easy. As the number of viruses got larger and
    larger over time, the AV's found themselves getting VERY slow in scanning
    the WHOLE file. So in order to increase scan speed, they began cheating
    since viruses almost always would provide a pointer to the end of the file
    anyway.

    They'd just scan the last X number of bytes at the END of the file and if
    a match occurred, "Y virus detected!" It was fast, efficient and workable.
    As viruses became more sophisticated, the authors began adding junk at the
    end of the file, and this resulted in throwing off the AV's which were
    designed to count back X bytes and scan. This worked well since viruses
    could attach to any number of files of varying size, so the "back count"
    became the "modus operendi." If the match code wasn't at that location,
    they'd slip by. So over time, the AV's had to find an alternative to "scan
    at a fixed location" without resorting back to the "scan whole file" that
    was obsolete.

    The "magic" involved finding that "entry point" and doing a CRC, or an
    MD5 hash of a swatch of data at the "entry point" using a "pattern match"
    or "signature" to match definitions against the suspect data. Compared to
    a moving window match, this was fast and allowed some flexibility. Many
    Antitrojan scanners use this "standard antivirus" technique as well.
    However, once again, while viruses and worms tend to create and distribute
    a "fixed pattern" in most cases, those who create and distribute "back
    doors" (and now many of the "spyware" types as well) use techniques to
    modify the data, change the sequences within the file, or "pad" the data
    in order to "throw the dogs off the scent."

    File scanning, whether done by an AV or an AT, is prone to this problem -
    this is the reason for my comments (I've been involved in computers longer
    than Bill Gates, so I've been along for the historical ride since the
    beginning) as to file scanning and the efficacy of antiviruses in general.
    "Trojans" are different. There are many tools which allow a nasty placed
    on an individual computer TRULE unique, which is not the case for
    mass-distributed nasties. "Customization" is the problem with many of
    these where a particular "ne'er-do-well" assembles a special "server" for
    a SPECIFIC target that is highly unique. Therein lies the difference.

    I agree that it would be nice to hunt down the "client" applications, and
    possibly the "edit servers" as well, but therein lies another issue. For
    each and every "unique signature" you add to the definitions, the LONGER
    it takes to compare each item against the totality of possibilities. Given
    the dangers of keyloggers, password stealers and other "fast" trojans,
    time is of the essence. Each comparison takes CPU time, and it is
    cumulative. The more "signatures" you have, the longer it takes to parse
    each "suspect." And faster CPU's doesn't change this fact - nasties run
    faster as do the "chasers." And we've long since reached entropy on "short
    cuts" to scan as fast as anyone is able to, so there's no new techniques
    available for faster scanning. And as the number of definitions increase,
    the longer it takes for each "sniff." Folks notice lags when they start
    programs and I see frequent complaints about "slowdowns" by AV's. There's
    why.

    Thus, it comes down to keeping the number of definitions that must be
    compared to the absolute minimum. To be able to cover as many "variants"
    as possible with good solid "unique" definitions that can identify
    variants, behavior patterns and such. And sadly, because so many "hacker
    tools" and libraries are finding their way into a lot of recent software,
    written by lazy programmers who use them rather than writing their own
    code from scratch, heuristics tend to false alarm so frequently that many
    of the time honored "heuristics" are falling by the wayside as a result of
    legitimate software containing "bad code."

    In our case with BOClean, that's the reason why we DELIBERATELY exclude
    items that are not in and of themselves malicious, why we exclude many
    worms and viruses that AV's can be COUNTED ON to detect long before WE get
    a sniff at them, and why we don't cover clients or edit servers UNLESS
    they contain a server WITHIN. Sadly, given the realities, speed is
    everything in preventing nasties from performing their tasks.

    Sorry for the long-winded diatribe - but there are reasons for why these
    things are done the way they are. In our product, we leave the
    file-scanning to others. We don't mind another product "grabbing the
    glory" ... our purpose is simple: to get that which gets past the scanners
    as a "last resort." That's also the reason behind many of my more colorful
    comments about "bloat." The AV's and most AT's are VERY good at catching
    nasties by means of a file scan. (and how long was it running before the
    scan found it?)

    -------- rant DETECTED! Do you want to remove the file too? -------

    But that's why ...
     
  13. Douglas

    Douglas Guest

    Thanks Kevin for this post. It's how newbies like me learn.
    It's good to hear a voice of reason (even if it's in the rant mode :)).

    Regards,
    Douglas
     
  14. srfox

    srfox Registered Member

    Joined:
    Jul 25, 2003
    Posts:
    86
    Location:
    Los Angeles
    So Kevin,
    If I understand all this, there will be seperate upgrades for 4.xx, when needed and 5.0 being done, with an option to upgrade to 5.0 if someone wants to do that?
     
  15. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    LOL. Hey Kevin, I'm curious. How much coffee do you consume on an average day? ;)

    Acadia
     
  16. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    Hi....

    Yes, for all those who purchase BOClean on or after 15November 03, a free upgrade to the 5.0 version is included at the customer's option (in other words, email me when it's out and request it). All others can upgrade for the special price of $20.00, even though we haven't set a price for it yet. Support for 4.xx will continue.

    Kevin has (finally) gone to get some much-needed (to put it lightly) sleep.
     
  17. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Well, I just IM'd him, and he said he'd been up for 36 hours. So I'm guessing in the 3-gallon range.

    We should start a pool! :D
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    If one has 5.0 & uses it a while, then pines for returning to the simplicity of 4.xx, will one be able to run ONLY those aspects of 5.0 which equate to 4.xx alone?

    I am a bozo [but I might recant]. :)
     
  19. controler

    controler Guest

    Hello all :D

    For those of you that do not remember, Bozo was a clown.
    I used to watch him all the time as a child. Our parents generation
    coined the phrase "Bozo" to characterize a certian person as having clown like qualities. We used to hear people using that alot back then.
    If you did somthing goofy somebody would call you a "Bozo"
    But some people got mixed up and used "Bozo" for other meanings, such as if you had done something they thought was stupid.
    I have been reading Keven's posts too lately and want to thank him
    for bringing back some of those memories.
    Even though there was another phrase used alot back then by our older sisters " It takes one to know one" , I know Keven it not a "Bozo" LOL
    Although we are all clowns at certian times of the day.
    Keep up the good work Kevin ;)

    con
     
  20. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    It's a bit early to say for certain (as I don't know what sort of integration issues are yet to be seen), but the desire is to allow that. :)
     
  21. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    Just fill it with coffee, OK? :D
     
Thread Status:
Not open for further replies.