Why wouldn't running a squared in RealTime be as effective as CBOClean?

Discussion in 'other anti-malware software' started by duke1959, Apr 24, 2007.

Thread Status:
Not open for further replies.
  1. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I'm using Prevx1, Avira PP, (6 mo.trial) and CBOClean which I like, but I was thinking of using a squared Anti-Malware instead. The reason behind my thinking is it has Behavior Blocking that BOClean doesn't, plus more signatures and more features as well.
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Running both in real time,no slowdowns or conflic's. Have had BOClean for a while now and added A squared realtime (4 month free from major geeks webstie)
    If something gets past one the other should get it,or one of my other security apps in my setup.
     
  3. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I read that BOClean has behaviour blocking.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I thought Prevx1 had some sort of behavior blocking capability. I am runnung it w/ CBOC, have no problems. Seems to me prevx1, CBOC and a squared can live together. Good to know. Have a nice one.
     
  5. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I just have to think that a squared Anti-Malware has better Trojan detection than BOClean Antimalware because it has more signatures and IDS Behavior Detection.
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If the malware is new, so that no scanners yet recognise it, then it is clear that BOClean would be no help at all; whereas A2's IDS may be able to detect 'malware-like behaviour' of the file and offer some protection if you answer the pop-ups correctly.

    When the malware is recognised, then it could be a different story, some malware files are encrypted so as to defeat AVs and it is only when they are unpacked in memory that they become recognised, in this situation BOClean's memory scanning could be more effective than the scan given by A2's Guard when the file tries to run - so it would then be a case of whether it is better to have IDS protection or memory scan protection.

    Perhaps it would be nice to have both, but that would mean running two trojan programs, which may not be necessary. I think it comes down to what other defences you have; if you already have some behaviour blocking you would not need A2's IDS, whilst if you are comfortable with your AV's AT abilities, or are running something like AVG-AS/ewido then BOClean may be superfluous.

    If it comes down to a straight choice between A2 and BOClean, without any other consideration, I would have to go for A2 because of the IDS, which I think is more important because of the fast mutating baddies we are seeing these days.
     
  7. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Yes but how good is it's ids, i meen did anyone have actually seen proof it works?
     
  8. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Thanks TopperID. I really like using a-squared and will finally try to stay with one security software program other than my AVG AV and FW. I was just considering adding CBOClean for some extra protection and of course to help soothe my software addiction. LOL.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    As stated earlier I am impressed by the user friendliness of A2 IDS behavior blocking. I confronted it with a subset of my test proggies. With the intelligent false positive reduction it even recognises tests!

    The IDS has a paranoid option, which requires more cpu cycles than it brings profits (A2 also informs you about it). To me this looks like an alternative/additional development path which did not bring the goodies A2 hoped it would bring and therefore was offered as an option.

    The difference between super user friendly and full control is in selecting or deselecting the intelligent false positives reduction. Without it, A2 fires on anomolies. The real good thing is that its control is so granular, they are also able to give very clear and pin pointed pop-up warnings.

    Behavior Blocking and malware is a trend we will see more:
    - Sana Security + Norton
    - Novartix + PC tools

    I hope the alternatives will spike up competition. I could not lay my hands on a product key for the Norton Antibot beta, so I am using A2 malware (paid) and CyberHawk Pro (paid) just for fun. Until now I will keep A2 on the machine of my wife and I will give away CyberHawk Pro on the machine I gave to a friend. A2 is definitely impressive (and the new CyberHawk Pro 2.04 is running much faster).

    regards
     
  10. walking paradox

    walking paradox Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    234
    To clarify, I presume you meant one of the following, right?

    Behavior Blocking and signature scanners OR Behavior Blocking and traditional anti-malware

    It would be interesting and informative if you formalized your comparison of these behavior blockers into a report or analysis and shared it with us.
     
Loading...
Thread Status:
Not open for further replies.