<quote>
The question is, how does BOClean exactly do it? Does it isolate it before it's scanned, or is it really scanning it while running? Even if it's the latter, BOClean should be able to scan fast enough to prevent damage.
1. Kernel has to be accessed first. So, something must run prior to that (in memory- BOClean).
2. General enough to apply it to every single software program Grin
3. Same as 1 - something must run first, but yes, there could be some script that does that. How does it defend itself indeed a good question.
</quote>
#3 i think is addressable, the answer is to follow standards and don't be logged into your computer surfing the web, checking email, etc.. as an Administrator. If you're a normal user, the malware will (MOST of the time, barring OS security vulnerabilities) run as the user, but BOClean assumedly is running as an Admin, Local System, etc.. so BOClean can't be messed with, the kernel can't be messed with, and so on.
Any systems admin allowing their users to be logged into their computers as an admin is playing with fire.
Even you can prevent forest fires!
That's my $.02 anyway.
-Tony
Author