Newbie question : SSM and BOClean

Discussion in 'other anti-malware software' started by doctormac, Aug 15, 2008.

Thread Status:
Not open for further replies.
  1. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Greetings folks

    Although I've been using my PC for many years, it is only recently that I have started to take online security more seriously.

    I'm running Windows98se so I#m limited in the range of security programs I can install (and please don't tell me to upgrade to Win 2000 or XP! :D I'm a pensioner and can't afford a new PC that will handle XP)

    Now, I got some excellent advice regarding firewalls on a different thread and I've had a great time sorting through those that work on Win98.

    One of the recommeneded applications was System Safety Monitor (SSM) and I did download that and installed it. It seems to be an excellent application - but the "learning curce" is steep indeed!

    Now, I would appreciate it if all you security and software experts could help me on this ...

    The Comodo product BOClean also works on Win98. But ... WHAT exactly is it? What exactly does it do? Is it similer to SSM in that it is a "behaviour watcher"

    And most important of all ... does it "work" - is it effective?

    Thanks folks. I'm looking forward to your expert insight and knowledge.

    Best wishes ...

    Dr. Mac
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    BOClean uses signatures and is not a behavior watcher. BOClean sweeps through your memory every 10 seconds, looking for malware. It should be noted that antivirus programs cover the same territory nowadays, and are the "heavy hitters" in terms of detection rates.
     
  3. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Boclean is not a behaviour monitor, or blocker, in the sense that I think you mean. (A program that monitors all behaviour and offers the user the choice to block anything unknown/ not white-listed.)
    It's a blacklist - based program that runs in memory, and will (apparently) catch any known malicious process when that process attempts to execute. What that means is that you could have a trojan on the computer, unknown. Boclean is not a scanner, and will not register its presence until it attempts to run, and at that point will offer the user the option to kill it.
    I used it for a time (on XP) but removed it simply because of overlap. It was mainly problem free.
    There have been some user reports that it is very effective, and has a low resource use, which sounds like it might be appropriate for you.
    I don't actually have any idea whether it will offer any additional protection that isn't provided by SSM. No doubt a more experienced user here will advise on this.
     
  4. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Greetings again folks

    Thanks for your very quick replies - much appreciated.

    From what you have both said, it looks as if I would be better proteced using a good anti-virus program and sticking to SSM - and learning how to use it!

    Thanks once again.

    Take good care and best wishes,

    Dr. Mac
     
  5. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    If your sure your computer is malware free then ,just run SSM in learning mode for a few days and open all your programmes,apps etc.Then put SSM back in normal mode.
    ellison
     
  6. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Good tip.

    Thank you for taking the time to help.

    Best wishes,

    Dr. Mac
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What type of computer do you have?
    My cousin has a Pentium 2 with Win XP Pro. 512mb ram. Hes been running that way for about 3 years, now with SP3.
    Someone gave him the computer when they cleaned out their storage bin.
    Originally came with 128mb. So, where did he get all that ram? Don't ask!

    I found a copy of Win XP Pro at a fleamarket for $25. I should've tried to talk him down more.
     
    Last edited: Aug 19, 2008
  8. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Hi.

    My dear old computer has a CPU of 450 Mhz and 160mb RAM.

    Not enough RAM really to run XP. I've even taken my PC back to the techie guys in my home town who popped in a memory card years ago and in so doing increased the RAM from the 64mb it was to its present 160. However, they said that these days my PC is so old there are no cards that can increase my RAM anymore.

    So ... I'm going to stick with my Win98se and use a small selection ofsecurity apps that atill work on this o/s.

    Take care ...

    Dr. Mac
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Out of curiosity, which antivirus are you using? Also, I think some people use Rising Antivirus free version which has a built in HIPS. I think some just use the HIPS component. Avast also supports Win 98 IIRC.
     
  10. verve

    verve Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    1
    No security program is going to make up for the fact that you're running win98, honestly. I recommend moving to linux in your particular situation. Install arch linux... you'll be infinitely more secure and you won't be as limited in your software choices.
     
  11. Mors_Victrix

    Mors_Victrix Registered Member

    Joined:
    May 25, 2008
    Posts:
    24
    For an AV I would suggest Avast free AV, works with Win 98: http://www.avast.com/eng/download-avast-home.html

    For AS I think Spybot shuld work and also Superantispyware free edition: http://www.superantispyware.com/superantispyware.html

    As for a firewall, I'd suggest Jetico ver. 1: http://www.jetico.com/jpfirewall.htm

    Use Firefox for browser.

    For older versions of some programs try: www.oldversion.com

    Since you most probably don't fall into a cattegory of a ''high risk internet user'' you shuld be fine with this setup. Also use Spybot (in expert mode) or autoruns (or something similar) to delete applications that run at your start up, that you really don't need, so you'll save your system resources. In your case less is absolutely better. :)
     
  12. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Greetings again folks

    It's been a few weeks since I first posted here, so this is a quick update.

    As several folk at Wilders have pointed out, as long as Win98 is fully updated with all the Windows Update patches and fixes, this operating system is much safer than Win XP because nobody targets Win98/ME anymore! :)

    After reading all your help and trying out most of the suggestions, I've settled on the following security setup for my dear old - and ever so faithful - Win98se!

    * Anti-virus : Avast Home

    * Firewall : Kerio 2.1.5 - with a combination of BZ's replacement rules, advice from threads here at Wilders, and my own application rules.

    * HIPS : System Safety Monitor (free version)

    The above three all offer "resident protection" - so they are always on and looking. I have not noticed any slowdown.

    I also have SUPERantispyware installed. The free version does not have resident protection but I use it to do an on-demand scan once a week. I also do a web-based antiviral/malware scan using the services provided by Nod32, BitDefender and Trend Housecall. I do this scan once a week and alternate which of these three I use.

    I don't want to go over-the-top with too many apps, but I do think the three resident protection apps I have now cover most of my basic security needs. And no ... I don't really go to "high risk" sites (I'm not even sure what they are!)

    So yet again, thank you everybody for your time, help and great advice.

    Best wishes,

    Dr. Mac
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    NOT good for an older computer. Rising has 5 processes running & uses 648MB of commit. Good grief!
     
  14. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    ScripTrap, BugOff, REMOVE OUTLOOK EXPRESS, use a safer email client, BitDefender Free -- which has on-access and proactive protection for Win 9x/ME ONLY, or Rising AV with 12 MB for Win 9x/ME, SpyBot, a good HOSTS file, SpywareBlaster, WinSonar, WinPartrol Free, WinCleaner Antispyware from www[dot]wincleaneras[dot]com, AnVir Task Manager Free, and forget the HIPS, the firewall, Opera or FireFox, and you'll have a fast 9x/ME PC which is very, very safe. In fact, I'm running 98 SE while too many of my friends are disinfecting their Vista and XP machines today! Unicode viruses, worms, trojans and other malware cannot even be recognized by a DOS based PC, such as 9x/ME. I love 2000, XP and Vista, but so many are trying to destroy those PCs.

    Dave

    PS If you choose Ditdefender Free, during installation CHOOSE THE COMPLETE OPTION. To get the best performance from your PC, you may wish to try AnalogX MaxMem, CacheBooster (set to general purpose or CD-burner), CookieWall, and the rest of their toys.
     
    Last edited: Sep 6, 2008
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Yours is a lot like mine. I have 160MB RAM and a 366MHZ processor. Mine was originally 64MB as well, a pair of 32MB sticks. Got a 128MB stick from a co-worker for $10. For everyday usage, 160MB is enough for 98 to work quite well, especially if you don't use Internet Explorer. Mine runs all day and night, gets rebooted every couple of days or so.
    That is completely untrue. 98 is not vulnerable to most of what circulates today. By using DOS, (a 98 users best friend and most effective security tool) anything malware does get can be easily removed. Rootkits for 98 are almost nonexistent. A standard install of 98 has one open port, and it's easy to close. A 98 unit is much easier to secure as it has much less that can be attacked. The OP is well on their way to making a well secured OS that can be used daily without worries. That "98 can't be secured" is pure propaganda that's spread by companies who aren't making money off of 98 users, primarily the one who made 98. My 98 unit has no AV, antispyware, etc, is connected via DSL, runs 24/7, and has at least 6 different users, half of which know nothing about security. It stays clean in spite of them.

    By far, the biggest weakness isn't 98 itself. It's Internet Explorer and Outlook Express. The vast majority of malicious code will come thru them. Contrary to popular belief, they are removable. A word of caution. This will break other software that relies on Internet Explorer components. If you're uncomfortable with removing IE, use Kerio to block all traffic to and from it and SSM to prevent it from running. SeaMonkey is an excellent browser suite that works very well on 98. I've found it to be more secure, faster, and much easier on the systems resources than IE6 could ever hope to be.

    The only place a 98 box falls short in comparison to XP is at the keyboard. 98 doesn't separate user profiles well. This only matters on multiple profile machines. System Safety Monitor can offset that problem too. It does allow you to make separate rulesets for each user. Its window filter module can be used to lock any one or all users out of any folder, application, document, etc that you choose. Even works on website names. If your PC has more than one user or if you just want to make certain that unwanted users can't just log in, check out the top item on Doug Knox's site, " Prevent Unauthorized Users from accessing your computer."

    DW2108
    There is more than one way to secure any PC, including a 98 box. We use different methods and tools. I don't agree with not using a firewall but I'm a control freak when it comes to my PC. I like rule based apps like SSM and Kerio and the detailed control they give you. I got tired of the constant updating routine that's required by AVs and similar apps only to find that they're never really up to date and nowhere near complete in their detections. Worse yet, whenever the vendor comes out with a new version of their AV, AS, etc, it either won't run on 98 or has gotten so bloated that it bogs it down. IMO, on a 98 box an AV has reached the point of being counter-productive. The majority of what they detect won't bother a 98 box anyway. 98 compatibility is is only an afterthought to the few that still work on it. Most of their code is for NT systems and serves no purpose on DOS systems. I've found that SSM is completely capable of defending 98 without one, as long as the user doesn't choose to open malicious code, but then that's always been the bulk of them problem with PCs, what the user opens. In normal use, I keep the UI on SSM disconnected so when a user tries to open something I wouldn't approve of, all they get is "access denied." Other users aren't allowed to answer prompts, which removes the risk they bring. As far as light and fast are concerned, the combination of SSM and Kerio are lighter than any AV. My PC boots up with 94% free resources. The best I've seen using an AV was 85%, and that was with an older version of AntiVir. It's been about 2 days since the last restart and with 20 processes running ATM, it's still at 75% free resources.

    Regardless of the methods and apps we choose, one thing is for sure. Our 98 boxes will continue to work well and stay safe in spite of the propaganda that claims otherwise. The only thing that will take mine offline is IPv6, and that too may change.
     
  16. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Greetings again Noone_particular.

    You made my heart sing when reading your praise of Win98 above. :)

    Indeed, I have a few friends who swear by XP - and yet they quite often call me or e-mail me about various "nasties" and strange goings-on with their PC's - and that is despite having programs like ThreatFire, AntiVir etc. One of my friends has a selection of these PLUS the so-called king of them all - Nod32 - and yet her PC STILL gets infected!

    As you will see from my post above, I've taken what you have said to heart and am using Kerio and SSM. But psychologically, I do feel safer having Avast installed as well. As I said above, I honestly haven't noticed any slowdown at all by having those three security programs running.

    ==================================

    dw2108 ... thank-you for that long list of suggestions. As I said, I've now settled on my own security combination. However, I'm always more than willing to learn so will certainly take a look at the programs you have listed (if I can find them on the web) So ... again, thank you very much.

    Take good care folk and go well ...

    Dr. Mac
     
  17. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    @ noone_particular, how heavy is SSM with only 160 MB RAM? Lite or not?

    @Dr. Mac, you're welcome. Hope you didn't use all our suggestions and end up with the permanent BSOD!
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    In days of yore, I used SSM with WinME & small RAM. Once SSM was installed & got its hooks into the kernel, its use of system resources didn't amount to a flea's flatulence. In those days I used DrWeb for my AV -- Avast was much too heavy back then. I don't know how it is now.
     
  19. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    Dr. Mac, you can get these at snapfiles[DOT]com/freeware, majorgeeks[DOT]com, the original vendors' sites, and by the links shown by noone_special.
     
  20. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    SSM is extremely light on 98 units. On mine, it's using 3.3MB with all modules enabled. With the UI opened to either the process monitor or rule screen, the usage goes up to 3.5MB. It adds a few seconds to my bootup time. Other than that, If it wasn't for the tray icon, I wouldn't know it's running. How that compares with a "flea's flatulence" I'm not sure. Never heard it put quite like that. LOL

    My entire security package uses 6.2MB combined, slightly less than windows explorer.
     
  21. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Greetings again dw2108

    Thanks for the links.

    By the way, after reading your previous post I downloaded BitDefender free (version 10) and installed it today. As advised by you, I did install the Complete setup. However, it appears it does NOT provide resident protection nor does it include spyware scanning. So, might go back to using Avast AV.

    ==================================

    I can certainly confirm that SSM (free) appears not to slow down my PC in any way. As I've said, I'm using Win98se with 450Hrz CPU and 160mb memory.

    ==================================

    Noone_particular - I'd be interested to know which port is open after a Win98 installation.

    Is it by any chance the NetBios ports (137 - 139) ?

    Also, I have absolutely no idea what that IPv6 is that you mentioned above. However, one of BZ's replacement rules for Kerio has a specific rule to block this. He says that 99% of us won't need it, but I've added it to my own rule-set ... just in case! :D

    Oh! yes ... and I'm using Sea Monkey as I write this!

    Best wishes all ...

    Dr. Mac
     
  22. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    Doc, make sure that Automatic Updates is enabled, and give BD Free three reboots. Let it set on your PC for a few hours so that it can activate its VM behavior. Get the EICAR test file in text form and try copying the EICAR test file to another place, and watch it lock that file and deny you access. If you get the EICAR with a .com extension, BD Free and many other AV vendors don't care about harmless test files, so it's ignored for a while and BD Free eventually takes care of it. Or try using Download Express, which generates a double dot extension. Try downloading an EXE. BD Free will prevent Download Express from changing the GOODFILE.EXE.DE to GOODFILE.EXE

    @ bellgamin and noone_particular Thanks for those links and info on SSM.

    Dave
     
    Last edited: Sep 8, 2008
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It is a NETBIOS ports that is open, don't remember which one offhand. Info on closing them with network configuration can be found here. If you share a printer or files over a local network, this can cause a problem, otherwise, it's not needed. A quick look at Kerios status screen will tell you if the NetBIOS ports are open, listed as "listening". Make sure that "hide listening sockets" under settings on the status screen is unchecked.

    IPv6 is the next version of internet protocol being deployed. It is eventually expected to replace IPv4, which is what we use now. The new operating systems are IPv6 compatible. 98 is not. Neither is Kerio 2.1.5. This will be a problem for 98 users eventually. When that will be is hard to say. Since Kerio doesn't filter IPv6 properly, BZ added that rule to block it outright. It's not critical. Kerio would prompt you if it received IPv6 packets, labelling them as "other".
    What do you think of it? I like the built in managers on the tools menu. There's some really nice extensions for customizing it.
     
  24. doctormac

    doctormac Registered Member

    Joined:
    Nov 17, 2004
    Posts:
    30
    Good afternoon dw2108

    I've got BitDefender running in my systray right now. Have rebooted three times and allowed it to load each time. Now, I'll wait out those several hours and allow it to do whatever it decides to do. Then I'll test to see what it does with the EICAR .txt file.

    =================================

    Well, Noone_particular, what you said about IPv6 above is very bad news indeed! What with my 98se box fully fixed and patched by Windows Update, and having some good security apps that never need signature updates (Kerio and SSM) ... I was looking forward to using my beloved Win98 for many more years into my ripe old age!

    I wonder if "they" (who ever "they" are) will run the new IPv6 protocol but still keep the IPv4 protocol running alongside it?

    Sea Monkey? Yes ... I do like it and have started to learn about its settings and tweaks. So far, so good, and it does seem to load webpages quiker than I.E. The only thing I miss about it (and that is the same with the Firefox browser) is that you can't save a webpage as a single .mht file, nor can you click on File >> Send (webpage URL) to desktop (as a shortcut)

    ================================

    Well, I must say this thread has turned out to be an extremely interesting and useful learning thread for me! :thumb: (even though those nasty "they" people are going to prevent me from using the Internet with their new-fangled IPv6)

    Go well and take care ...

    Dr. Mac
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    You can save a shortcut to your desk. Shrink the browser wondow slightly, hover the mouse over the small icon in the address bar, left click and drag it to wherever you want it. Works on the desktop, folders, the bookmarks and the personal toolbar.

    As for IPv6, this could take some time. It's also possible that someone will adapt 98 to use it or make an IPv6 to IPv4 converter. I'd bet we have a couple years anyway.
     
Thread Status:
Not open for further replies.