Will I Benefit From Using BOClean?

Discussion in 'other anti-trojan software' started by CogitoErgoSum, Nov 25, 2005.

Thread Status:
Not open for further replies.
  1. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    I am seriously considering the purchase of BOClean. Will the addition of BOC be both complementary and beneficial to my present resident, "active" security setup listed below?

    Look'n'Stop
    NOD32
    Online Armor
    RegRun Pro
    Task Catcher
    UnHackMe

    Any comments, opinions or thoughts on this matter would be greatly appreciated.


    Peace & Love,

    CogitoErgoSum
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    CogitoErgoSum,

    My personal approach to configuring my own system is to assess vulnerabilities and either add or change a component to address the most significant deficiencies. For example, in my own case, my priority list is:
    • Prevent unsolicited entry and load balance protection through the use of a hardware router. This is the first piece in and an absolute requirement in my opinion since no user action is required to infect a bare PC on the Internet. A software firewall (the native Windows ICF for example) does the same job, but my preference is to the router to shift initial blocking duties off the PC (i.e. load balance). Use even if only 1 PC is connected to modem. For hardwired configurations, almost anything works. For wireless, get one with decent throughput characteristics and encryption/MAC filtering/configuration options.
    • Broad coverage against malware.
      • For causal users:
        • A decent security suite (AV/AT/spyware/software firewall) should be suitable and may be the only package. Examples include the suites provided by Norton, McAfee, Kaspersky, and others. Do a straight default installation, set it for automated update and periodic system scanning, and then leave it alone aside from an infrequent check that it's working.
        • Signature based file scanners have one possible gap - weak and/or variable coverage of new file compressors. This can be remedied by scanning the executable after it is decompressed. If a suitable decompressor is not implemented in your AV, you have to rely on the native malware decompressor doing the job - in other words, look at it once it loads into RAM. A process memory scanner for will do this: examples include BOClean (my preference) or Ewido.
      • For more advanced users:
        • One of the AV's (along or as a suite component) rated Advanced+ on the www.av-comparatives.org Retrospective and/or On-demand tests. Currently, that list is comprised of, in alphabetical order: BitDefender, Dr. Web, Kaspersky AV, McAfee, NOD32, Symantec.
        • A process memory scanner for backup to the AV as described above - BOClean or Ewido
    • Proactive defenses which monitor/control application activities and the manipulation of the system registry. Something along the lines of one of the following types of options:
      • SafenSec
      • RegDefend/AppDefend
      • RegDefend/ProcessGuard
      • Online-Armor
      The specific choice depends on a lot of factors including specific behaviors to be covered, licensing needs, and expertise and there are a large number of options available. My list is very incomplete. There's also a lot of activity in this area with a number of applications having very finely focused niche targets. Some of the newer suite-type products are implimenting some of the features found in this class. This layer clearly serves as a backup to your primary AV with the AV flagging files identified as malware and this layer allowing you to block the underlying activities that could be derived from malware.
    • Software firewall for application based outbound communication control. I don't use this to trap malware, but to simply allow a finer degree of control of what applications running on my PC may or may not do with respect to external communications.
      • As part of a suite with the AV
      • As part of the Proactive Defense measures above
      • Standalone software firewall
        • Outpost Pro
        • LooknStop
    Depending on personal preferences and usage profile, a router and single security suite may be a very suitable choice. I do tend to recommend augmenting any single product with some level of backup, and products like BOClean do this while also adding some additional useful characteristics. Note that even for a user looking for best-in-class within each category, only 3-5 distinct products are active to cover all the bases with a reasonably high level of backup.

    If you look at your own set-up, at least within the construct that I try to follow, you have the following:
    • Unsolicited entry - LooknStop or router if installed
    • Broad coverage against malware - NOD32
    • Process memory scanner - none
    • Proactive defense - Online Armor/RegRun/UnHackMe/Task Catcher. There's some duplication here, but duplication is fine as long as there are no negative consequences and it also depends on whether all these processes are active or if some of the features are installed but not used realtime.
    • Software firewall - LooknStop
    Sorry for the long answer to a short question, but I find background context a little more instructive than a simple - yea - use it!. There are other paths to the same result. Personally, I'd give BOClean a shot. It is an application I've learned to appreciate over time.

    Blue
     
  3. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Thanks Blue. No apologies needed, as I very much appreciate your efforts to explain how you go about assessing and addressing pc security deficiencies. It appears that BOC would serve to plug up a hole in my current security setup.


    Peace & Love,

    CogitoErgoSum
     
  4. dwax

    dwax Registered Member

    Joined:
    Oct 21, 2002
    Posts:
    57
    BOC would be a good investment! It has stoped 5 trojans from activating on my PC.It stops them in their tracks,before they can execute.
     
  5. IainBanks

    IainBanks Guest

    I agree

    Read https://www.wilderssecurity.com/showthread.php?t=107541

    It's clear from reading that, that while other people in 'security companies' are having some concerns with regards to combating rootkits, for Boclean it's a trival problem that they have solved years , neh decades ago. This shows what a great lead Boclean has over everyone.

    I highly recommend you get Boclean, and skip all the other security products who are ameteurs by comparison.
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    The fact that is also has hundreds of CoolWebSearch variants in its database is also of benefit ;)
     
  7. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Thanks dwax, IainBanks and Blackcat for your input regarding BOC. I have decided to purchase BOC v4.20 when it comes out.


    Peace & Love,

    CogitoErgoSum
     
  8. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    You will get a free upgrade to 4.20 if you buy 4.12 - why wait any longer for such great protection?
     
  9. dwax

    dwax Registered Member

    Joined:
    Oct 21, 2002
    Posts:
    57
    As seen in BOC report.Stops them dead!

    10/18/2005 14:31:44: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:32:50: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:32:52: 180SEARCH7 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\180SEARCHASSISTANT\SALM.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:33:26: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:33:59: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:34:40: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:35:11: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:35:41: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:35:59: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:38:45: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:39:11: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:39:31: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:39:55: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
    10/18/2005 14:40:15: ADSERV3 TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    ------------------------------
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    BOClean would make an excellent addition to your setup. Before adding anything beyond that, however, I would look more closely at what you already have. You can gain significant security by tightening the rules in your firewall and doing some system hardening. I would use either the Ehnanced ruleset or Phant0m's ruleset for LnS, then create some rules for applications such as your email client.. it's hard for a malicious email to auto-download a trojan if your email client is restricted to only communicating with your email servers, for example. You can usually tighten things down pretty well, different apps can be tightened down to different degrees, some only by ports, some by both ports and addresses. There are also quite a few system services (both background services and fuctions available in the OS) that can be turned off to significantly reduce the number of ways that things like worms may infect your system.. it's not adding to the security you have, but rather trimming out what you don't need, which reduces the opportunites malware have to infect your system. How you use the apps that you already have can make all the difference :)
     
  11. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Thanks for your input Notok. They are very much appreciated. FYI, I am using the Enhanced ruleset for LnS. I have disabled "54" WinXP SP2 services and employ the use of Harden-It, Samurai and WWDC for system hardening.


    Peace & Love,

    CogitoErgoSum
     
Thread Status:
Not open for further replies.