which realtime?

Discussion in 'other anti-malware software' started by dell boy, Apr 17, 2009.

Thread Status:
Not open for further replies.
  1. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    ok mods please dont go straight for the lock button
    i am currently using threatfire which as far as i know is good at stopping malware when run or something.
    i heard about BOclean doing something in a similar way and i want to know the differences. i DONT want fanboys saying this is better than that blah blah blah
    i would like an expert for some advice to tell me whether one has a significant advantage like stopping it before it starts or stopping once it starts. i know they dont work in the same way but they have a similar effect.
    is there a comparison site or something i can look at?
    on comodo site it says BOclean is the best protection against *rootkits*, does this mean its better than threatfire?
    please dont rant and rave about who does what better just please tell me the differences between the two and if there are any significant advantages
     
  2. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    what i also forgot to ask was: is ok to use both? would i gain advantages from having both?
     
  3. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    BOClean is now integrated into the latest beta of Comodo Internet Security. It's going to be discontinued as a stand-alone product. So, ThreatFire should continue to serve you. It's very good at what it does. Look for posts regarding ThreatFire from Kees1958. He has many excellent tips in how to get the best from the program.
     
  4. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    They are very similar, either would give you some added protection.
    I use TF and it very rarely gives popups , which is a good thing in this type of app.
    It also lets you set custom rules , and gives details on what running on your system at the moment , which is handy sometimes.
     
  5. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Hello there,

    I don't know what your full security set is like, but have you given a thought to light virtualization? I'm talking about applications like Shadow Defender, Returnil which will create a virtual volume (all activities between reboots of your computer will be deleted including ANY malware that might have slipped through for whatever reasons) and simplify your life. I am presently running an antivirus and Shadow Defender only, I'd say my machine is 99,9% safe.

    There are of course other possibilities, like sandboxing(Sandboxie, Defense Wall) which will give you the same degree of security without clogging your system with too many real time applications.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    They are totally different.

    BOClean a signature based memory scanner.
    TF is a behav blocker. TF better than BOClean IMO.
     
  7. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    osaban i have sandboxie but im not usin it because its 3x as slow.
    my setup is
    avira free
    threatfire
    comodo firewall/hips
    spyware terminator
    and various on demand scanners
    also i have sandboxie but arent using because of such slow browsing
     
  8. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Good post, IMO. :) :cool:
     
  9. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    so threatfire behavior blocker is not good? and also i heard comodo antivirus wasnt quite up to scratch yeto_O dont want to sound like a comodo basher but is it good quality? is there any comparison its entered?
    EDIT: also by entire suite you think i should go for the beta with boclean intergrated or use 3.8 and wait for full 3.9 release
     
  10. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Maybe not, but from what I hear and believe, it's always improving as well as getting new features to be even more effective. If I would use a single product to protect my system, it would probably be TF.

    If I would personally go with a free setup, I would go with what I'll now paste from my own list :D:

    "SpywareBlaster
    PC Tools Anti-Virus | Avira AntiVir Personal /\ COMODO Internet Security - AV only and possibly D+ as well when v4?
    ThreatFire
    (Prevx / Prevx CSI) **
    Opera | Browser Defender/LinkScanner Lite *
    Secunia PSI
    Rising PC Doctor
    ((Panda Anti-Rootkit))
    ((SUPERAntiSpyware Free))
    ((Malwarebytes' Anti-Malware))
    ((Dr.Web CureIt!))
    ((Norton Security Scan and Clean))


    * = Browser addons

    ** = Free detection - eventual fee for removal (atleast supposed to be free before for easy adware infections and new MBR infections)

    (( x )) = On-demand security software - installed if prefered to have/when needed"


    For paid, just look in my sig. on XP. :D
     
  11. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    There's nothing wrong with TF at all. But with CFP/defense+ active, it is largely redundant, I think. Defense+ (another name for a type of HIPS) will probably cover most - if not all - that TF would.
    Boclean as a standalone monitors memory and intercepts and kills recognised trojans that attempt to start. It is not a scanner, but purely a realtime trojan zapper, it was considered very good. As part of CFP I am sure it helps make the "suite" more competent. (That's how I look at it. You have a firewall, a HIPS, a buffer overflow protector, and a trojan hunter, all in one app called a firewall. If it works well for you, it's a keeper.)
    Personally I'd do something similar to what ssj100 advocates, just using CFP and Avira, if that is the sort of line you want to go down, and you should be pretty darned secure.
    That the items in my own sig are different doesn't make them necessarily better (nor worse); just different, and with a similar level of protection, probably, but most of all, they work well on my system and I have learned enough to know what they tell me.
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    :thumb: :thumb: :thumb:
     

    Attached Files:

  13. 3xist

    3xist Guest

    I think you will be VERY happy with the latest beta. It is very, very quite. Also now there is one click Allow and one Click Block Alerts by default now, So no need to worry to keep blocking and blocking or treating as, etc like previous versions.

    v3.9 Beta 3 came out yesterday... let me know if you want a copy.

    Cheers,
    Josh
     
  14. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I'll gladly receive that copy - haven't installed Beta 2 anyway. :)
     
  15. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Betas are for testing and may not be stable and could posssibly crash your system. Unless you can recover from a crash with an image and/or data backup, I would steer clear and wait for the release. This goes for any beta or RC and has nothing specifically to do with Comodo.

    With a properly configured browser, Avira and Threatfire with a hardware firewall would be enough. The same could be said of running Avira with Comodo which already has been suggested.

    I also wouldn't give up on Sandboxie. It could be a conflict somewhere with your other security programs causing the browsing slowdown.

    And please check out mine or Tarq57 signature's for a linky to Secunia. You can do an occasional online scan at least once a month or download an install it. It helps keep your programs updated which goes a long way in being secure. :thumb:
     
  16. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I understand that Sbie can take a little longer to start up an application but the OP mentioned slow browsing with it which most folks don't have. I currently have a security app. conflict with Sbie that slows my app. startup time from 7-10 seconds. It's being worked on though. My normal (no conflict) sandboxied Firefox statup is 3 seconds.
     
  17. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I only use an icon to start FF sandboxed. My current conflict is rare and it's with OA. I may have to give the forced sandbox a try for the heck of it. There also may be a workaround on Sandboxie's side that I need to try that helped 1 person.
     
  18. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    well i dont know if something is conflicting, and i dont know how to find out but load up was 16 seconds last time i tested and loading something like google takes about 5 seconds when its normally about 2. i got pizzed off using it and decided id use it only for "the dark side of the internet"
     
  19. IBadget

    IBadget Registered Member

    Joined:
    Jan 14, 2009
    Posts:
    59
    Location:
    Waipahu, HI
    You should also give Drive Sentry a try. I'm currently using it and I love the Auto Advisor thing as well as the black- and whitelist. The Auto Advisor is great because it automates decisions for unknown (neither on the black- nor whitelist) programs. I also love the behavioral heuristics of DS. When CIS 3.9 becomes final, I will read user comments about it, and if the comments are favorable, assuring me that CIS 3.9 works perfectly without causing damage to the computer, then I will uninstall DS and install CIS 3.9. CIS is well-rounded, i.e., covering registry changes, file changes, global hooks, installation of a device driver, and buffer overflow. The new one-click Allow/Block everything will give DS and GeSWall some competition.
     
  20. 3xist

    3xist Guest

    Definitely. :)

    Cheers,
    Josh
     
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Are you talking about loading your browser in a clean sandbox to your homepage (google) or just surfing page to page?

    When testing for a conflict, you can disable some of your security apps and then try sandboxing your browser. This is best done if your behind a hardware firewall (router) or just Windows firewall. It's also good to know your system is not infected before disabling your security softwares.

    For what it's worth, the newest (not released yet) Sandboxie has helped my conflict with startup times of 2 seconds but I'm still testing.
     
  22. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    have recently tried it again and not much slow down, and it was normal browsing that was the slowdown.
    whats this force to sandbox? how you do it?
     
  23. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Have a look at the "Forced Programs" on this page. http://www.sandboxie.com/index.php?ProgramStartSettings To get to the feature open Sandboxie Control - click Sandbox - hover over Defaltbox or whatever your sandbox name is - click Sandbox Settings and then expand or click Sandbox Start - click Forced Programs.

    Also pay attention to the first note on the bottom of the page. Once you force a program to run sandboxed, it will start sandboxed even when you click the normal browser icon. The note has a link explaining how to temporarily disable the function.

    Also, I'm testing a non-released version of Sandboxie and I don't have to use the Forced Program feature to get fast browser/apps. startups.
     
  24. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    yah but thats premium only rahyt? nvm thanks anyway
     
Thread Status:
Not open for further replies.