(?) BOClean and Prevx1 compared (?)

[Guest]

[SiberLynx]

Hi Guys,
Who can suggest good reading where BOClean and Prevx1 are compared?
Probably somebody can share personal experience with both of them (used separately or together).
I have Prevx1. No comments for now otherwise my post will stop being a question.
Thanks

[sukarof]

I am always looking for something new. After having traditional HIPS installed for a couple of years I decided to put my trust in community based "IPS" I just love the tranquility, no annoying popups on every new thing I do. I just put my trust in Prevx1 Pro mode.
But on the other hand, I just wont get infected. It is incredibly hard to encounter malware imo, so it is hard to say if Prevx1 does any good :/
But it gives a peace of mind. Hopefully it will catch something if I ever happen to come near real lmalware.

It is all about faith, not very far from religious thinking really. At least for me. I have tried them all (HIPS, AV, AT, AS)  but they never found anything else than the leaktests or samples of malware I fed to them.

Today I choose to believe in Prevx1, whenever Boclean comes out maybe I will change my belief into that one instead. My religion is that one day I will actually encounter a wild malware and my security app will protect me.

As far as operating the Prevx1 goes (I have the research version) it is a stable lovely little app that doesnt cause any conflicts with anything. Well, one or two times there has been hickups but the Prevx1 team has been very responsive and fixed the problems really quick.

[Little Mac]

They're two different things, SiberLynx, although I can see similarities from a user perspective.

BOC is only a real-time trojan spanker; and by all reports a darn good one.  It looks at the unpacked/unpacking trojan in a different way than conventional anti-malware applications, so that it's not confused by the fluff that may be present.  As I understand it, ya just can't blow smoke on BOC!

Prevx, on the other hand, is designed to watch for certain types of behaviors and/or applications trying to run.  It is a HIPS or IDS type of application.  It is designed to stop a whole lot of different malware (not just trojans) from executing.  By all reports it's quite good at what it does.

Comparing the two is kinda like comparing an apple and an orange.  They're both fruit, they both taste good (opinion, I know) and are good for you, but they're very different.  Heck, you may even want both!

The plus side to BOC is it's very very very lite on resources.  Prevx uses a lot more, but theoretically it should do more for you.

Hope that helps,

LM

[Soyabeaner]

BOC is only a real-time trojan spanker

Why didn't you post that suggestion here?

Define resources here: memory or cpu?

[~cat~]

BOC is only a real-time trojan spanker; and by all reports a darn good one.  It looks at the unpacked/unpacking trojan in a different way than conventional anti-malware applications, so that it's not confused by the fluff that may be present.  As I understand it, ya just can't blow smoke on BOC!

Only a real-time trojan spanker?
A little OT but for clarity's sake..
BOC is a full spectrum antimalware that handles spyware/adware, rootkits, keyloggers, worms and what's left of the older category of "viruses".
When BOC goes public I so look forward to not seeing the endless HJT logs littering forums and search results.

[Little Mac]

My apologies for oversimplifying or dumbing down the capabilities of BOC.  I refer to as an anti-trojan app because the application itself refers only to trojans:

23519 trojans are covered in your current BOC422.XVU file:

taken from BOC's text file of covered trojans.  I realize that it addresses known variants of these 23K trojans, giving (as I recall) close to 300K it can identify and stop, plus the ability to spot unknown variants of those as well.

It is still not, as I understand it, a full-blown antimalware application (in that it could stop virtually everything).  Believe me, I mean no disrespect toward the product.  As I understand it, many versions of adware/spyware/RKs/KLs are in fact classifiable as "trojans". 

Now, I'm not by any means a long-time user of BOC, nor have I done anything to develop the application, either!  I have read the website, and many many posts on various forms, about it.

At any rate, I don't think it was designed to do everything that an application like Prevx was designed to do, which was my primary point.

LM

[SiberLynx]

Greetings
Thanks, Guys, for your input.
I understand that those two are different in their approach.
Probably the best answer (or more questions) I'll get when I try BOClean myself.
My main concerns are:
- how would they coexist;
- do I want or need them to coexist;
- what about the resources eaten (by each  and separately) especially when BOCleans' real-time guard works.
- does BOClean has an option not to act automatically when a suspect found
That sort of things and others which will come with experience.
[ at ]sukarof

...I just wont get infected. It is incredibly hard to encounter malware imo, so it is hard to say if Prevx1 does any good :/
But it gives a peace of mind.

It is nice to hear that. At least one Guy has peace of mind and cannot be infected Let us celebrate! 
Now more seriously, probably you don't install a lot of software which you use and then leave for a while untouched, and you don't run Previxs' full scan more often (than me). From my experience of doing the above - in >90% of cases the scan will find something "inactive" so it will be put in a holding cell. Sometimes it is 2-4 items. All of them are false positives. I can leave them in the Holding or I can move them to Probation cell (and run - I am one risky bastard!). Time will pass and they (most of them) will change their red color to the beloved green. It is good that i can hold those till making my mind. And it shows that this community service works somehow. But what I don't like is that the info in community DB can be very inconclusive. Some people panic when they see 3  dll/ocx/exe names and red flashing notification screens screaming Clean! Now! And they do, and then they can have a real disaster... (that was written in some articles about Heuristics)
Another thing I don't like very much is this constant internet activity of Prevx communicating with the Base Mother Ship. It doesn't hurt a lot but subconsciously I don't feel I am completely accepting it. As soon as those inner-voices will migrate from subconscious area to the conscious part of my grey matter - I will uninstall Prevx.
My regards
Take care everybody
 

 

[sukarof]

[ at ] sukarofIt is nice to hear that. At least one Guy has peace of mind and cannot be infected Let us celebrate! 
Now more seriously, probably you don't install a lot of software which you use and then leave for a while untouched, and you don't run Previxs' full scan more often (than me). From my experience of doing the above - in >90% of cases the scan will find something "inactive" so it will be put in a holding cell.
 

 

Well actually I do install (and uninstall) alot of software, let say 2 or 3 times week on average, maybe that isnt enough... I beta test too, I even do cracks now and then just to see if they have something. Not that often though, but every time I see posts about how dangerous they are in general.
But true is that I dont do full scans with Prevx1 very often, maybe I should try that more often. No one would be more happier than me if any of my security apps found something.

[SiberLynx]

But true is that I dont do full scans with Prevx1 very often, maybe I should try that more often. No one would be more happier than me if any of my security apps found something.

Well, you scan. It will take a l-o-o-o-ng time so have a good book to read or just go to another comp and crack something :-).
I really wish you the best and that it wont find a thing. Actually I am a friendly Guy and it will not make me happier if infection and/or false positives found there.
Saying that, it would be nice of you to post a short report of scanning results in you own words definitely, like:
Found - 69 false but positives and 1 crack; ... the crack wasn't amongst computer files, though...
Have fun       

[Five]

BOClean and PrevX running together here fine. No system impact of note.
Info about PrevX:
http://winnow.oitc.com/AntiVirusPerformance.html
Go to Castlecops PrevX forum and see the lack of responses there

http://www.av-comparatives.org/index.html?http://www.av-comparatives.org/seiten/comparatives.html
Go down the page to October 2006 "Comparative of various protection tools"
Read the whole paper thoroughly. Check the AV-C forum for discussion.
Again imo poor response anywhere, including [ at ]castlecops from PrevX.

I have license and want PrevX to be GREAT and so feel entitled to harass them about "hype" in claims when compared to these test results
Why are you worried about phone home from PrevX: it's called updating !!
PrevX already hooks your system so deeply what are your exact concerns.
( have a look with Rootkit Hook Analyser )

These tests prolly now ood: things move fast these days!
The zero-day performance is a bit of an eye opener.
Heh: if they wrote the Grom Removal tool then I have some faith.

Ther are few if any tests of BOClean
Gizmo ran one ages ago
Nautilus (" ,.- " ) posted [ at ]wilders many times re his tests of BOClean: search around here:
http://illusivesecurity.pytalhost.com/
He is still active elsewhere: if you speak german go to rokop security.
Post at his forum and you will get a response.

The only way to really test BOC is to dl one by one all the mals you can find (heh 23000 and counting in BOC detections) or infect some machine with everything you can find with BOC in "off" position, then  reboot if you can.
Now that BOClean is free we will see how well it holds up to mass use and perhaps less "expert" users ie more and more systems.
WE may also see some testing as it is now free.

Nautilius always objected to having to reveal his identity to get a copy of BOC and is a very interesting and provocative character.

KMcA has always offered transparent explanations re BOC and working of same. search at wilders where you are a member for all posts by him and you will get a good overview.
Search also for references to "Nautilus" and ",.-" to see the great agent provocateur in action.
Many of his posts were in the days prior to mandatory registration at wilders but they should still be found in many threads in archives.

There are to my knowledge NO comparison tests btwn BOC and PrevX.

[Tags:]