This details the test:
http://techsupportalert.com/Security%20Tests/Security%20Tests%20-%20%20Comodo%20BoClean%204.23.htm
What does everyone think?
Tested by someone who obviously doesn’t know what BOClean is supposed to do.
But still, some tests do address the kind of protection BOClean is supposed to give? Anyhow, the test seems very strange. It just can’t be true that the results should be that bad… I still believe in BOClean as it has saved me once or twice 
I would want to see more detailed methodology.
Toggie
I would take this as a list of possible ideas or extra features to add, although there are so many other programs that take care of these section(s) of the computer. The features are not needed.
Address lookup:
canonical name techsupportalert.co
Administrative Contact:
Richards, Ian editor@techsupportalert.com
PO Box 445
Moss Vale, NSW 2577
AU
4868 1350
Fax:4868 1350
Ian Richards?
Isn’t this the same clown that wanted payola for published results several years ago?
The ink spammer IIRC…
Address lookup:
canonical name anti-trojan-software-reviews.com.
Registrant Contact:
Ian Richards (editor@techsupportalert.com)
+61 2 4868 3116
Fax:
PO Box 445
Moss Vale, NSW 2577
AU
Bingo!
Heh, Melih will be getting an offer “he can’t refuse” before long if he hasn’t already.
IIRC, he blackmails vendors for a good review.
Kevin would be able to confirm the ID.
His associates were comment spamming BBR for awhile.
Gizmo Richards???
http://www.backup-software-reviews.com/about_site.htm
http://www.pcsupportadvisor.com/index.htm
http://www.techsupportalert.com/free-vs-paid-av.htm
He is a busy fellow it seems.
I cant take these results too seriously - many of the tests are just not applicable and BOClean has not proven so popular for these many years by failing to stop malware.
:SMLR
From the test-
“Here I try to install some adware and malware infected programs typical of the kind naive surfers download from free and ■■■■■ websites. They include an infected game, screensaver, keygen, ■■■■■ and a search toolbar. All were obtained from currently operating web sites”
Seems to me to be the case for your AV or some type of behavior blocker.
Now I’ve been using BOC for well over 2 years and from my understanding BOC being a memory scanner stops the malware BEFORE the damage can occur.
Remember BOC is considered a second line of defense as per Kevin, not a replacement for something like your AV.
Just giving my opinion on what I believe this test is all about, now if I’m wrong someone please correct me.
Is it because most of his tests were done with “simulators” that simulate malware behavior? If so, and if BOClean does not have signatures for these “simulators” (since no need to), I can understand the results.
But his “2.4 Shoot In The Foot” tests, if they’re applicable to real world then perhaps some improvements needed there.
Hehe … the “TONER GUY!” Ayup … that review being at the top of google for years after we couldn’t AFFORD to pay his “publish or perish” blackmail along with a certain moderator at a certain “security board” with an agenda is what put PSC out of business … I am speaking SOLELY as myself here, no reflections on COMODO but truth be told, THAT boy is a shakedown artist and will publish whatever “truth” he’s paid to print. We did rather well in an earlier “review” when PSC PAID him, but his price to “endorse or ■■■■■” was WAY beyond PSC’s ability to pay and so the “higher bidder” won the “best for most users” award. And of course, it was the ONLY thing that could defeat (ahem) “the BEAST trojan.” Heh.
But the review, as have been MANY in an absence of the reality that BOClean was never a file scanner or HIPS, just never got the difference that BOClean was and just lumped it in with all the other “scanner thingies” and inevitably in the absence of a clue, we lost the comparison. Nobody else out there ever designed a program to be a “backup solution” rather than a primary one and for our unique approach among so many clones, we lost every time in the comparision aside from those actual experts that recognized the difference and endorsed BOClean as actually useful. But with THIS particular guy, he was a shakedown artist and Nancy still has the cancelled cheques to prove it. 
I see “Toner Guy” made a post over at Wilders.
The most important question that he is missing is:
Does Boclean catch the malware your AV misses?
the answer is yes!!! And that’s what its designed to do…?
If he wants HIPS… then should wait for V3 of CFP and use Boclean in combination…
Melih
Gizmo at Wilders!
Interesting isn’t it?
After my post virtually no comment about the BoClean defects I listed. No denial, no qualification of my comments, nothing. Instead more innuendo about me.
Let’s get straight to the pointy end. Here’s a set of yes/ no questions for Kevin and his defenders to answer about BoClean.
-
Can BoClean be terminated with Windows Task Manager?
-
Can BoClean be terminated by a number of malware programs currently in circulation?
-
Can BoClean protect memory space?
-
Can BoClean detect process injection of running processes?
-
Can BoClean prevent a trojan crashing the system to force a restart?
-
Does BoClean use simple text string based signature detection?
-
Can BoClean detected processes cloaked by common rootkits?
Yes/ No answers will be just fine.
OK I’ve made the challenge. It’s now up to Kevin to respond.
And note that in the process I have not criticized anyone, just the product.
Reply With Quote
The real problem is no one understands what this program is. maybe some education is in order, it’ll be hard though…
I spent more time reading this guy’s write up…
now some interesting observations:
We all know that he ■■■■ well knows Kevin and Nancy quite well! He makes his review sound as if he is new to Boclean…
ok, Kevin was kind enough to share an email communication between Nancy and Ian Richards and Nancy and Xcccc Xxxxxx dating back to Aug 2002.
I hope Kevin will post the full email thread but here are some excerpts that might of interest
Email from someone called Ian Richards to Nancy: Date: Wed, 22 May 2002 17:34:14 -0700 (PDT)
“I note your comments about adding a scanner to BOClean and I would certainly like to check out any betas that you might have. As an aside, I think there is little marketing disadvantage to BOClean in not having an scanner. It’s reputation is well established as a small and resource efficient product that provides great real time protection. This sets it apart from most of the other AT products and defines its own market niche. Just my opinion.”
Now… its a great thing that we can Archive our data like email and thanks to Kevin for providing this… and guess what i found… again thanks to the marvels of archiving technologies
Now this is before they turned against Boclean (archive.org is a great service that literally archives the web thru time)
BoClean Review
and this is after they turned against boclean:
http://www.anti-trojan-software-reviews.com/review-boclean.htm
Now, if you look at when they turned against boclean is Dec 2003. You can check the history of the review here… look at the archive for dates before Dec 2003… its good review… after Dec 2003 the very same review has been modified to be bad…
http://web.archive.org/web/*/http://www.anti-trojan-software-reviews.com/review-boclean.htm
I didn’t want to get involved, however the more I read, the more I felt compelled to interject as there is great misinformation.
I hope the authors of this so called review website will be ashamed of what they have done!!!
Melih
edit : Name removed pending moderator review
I thought I would post the Before and after posts here for all to see:
Review of BoClean Anti-trojan
Editor’s choice: best for most users
Home What is a Trojan Horse? How we reviewed anti-trojans About us
BoClean is from the New York State based Privacy Software Corporation. This company has been producing security products since 1996. BoClean has developed an excellent reputation in security circles. After using the product we can assure you that’s it’s reputation is well deserved
Design and Usage
Most anti-trojan programs usually consist of a file scanner and an in-memory monitor. Not so with BoClean. The product consists of a memory monitor only - there is no scanner.
This approach may at first seem odd but it actually makes a good deal of sense.
Firstly more and more trojans are being released with complex compression and encryption schemes designed to escape detection by scanners. It’s very difficult to assign signatures to such files as every version of the same trojan may well be different.
However at some stage the trojan has to be decompressed and decrypted in order to be executed and that where in-memory monitors can catch them, “with their pants down” so to speak.
A second good reason behind the BoClean approach is that the in-memory monitors of many anti-trojan programs appear to have been added to the product after the scanner had been developed. A sort of after-thought to catch the odd trojan missed by the scanner.
BoClean on the other hand has been developed right from the start to be a in-memory monitor. This is no after-thought, it’s the real thing and it shows.
Once you have installed BoClean a little icon appears in the notification section of your task bar. That signifies the program is now quietly watching everything that’s going on in the memory of your computer and is waiting to pounce if necessary.
Actually BoClean only scans memory every 10 seconds. This way it uses fewer resources yet is fully effective. The 10 seconds scan interval can be reset by the user and those in a very high security environment may wish to lower this figure.
Double clicking the icon brings up a number of choices including configuration and updating. Click here to see a screenshot.
Clicking the update button didn’t turn out to be quite as simple as you would hope. Rather than simply retrieve the new signature file from the website, we were taken to the website where we had to initiate the download. After the download we then had to load the update into BoClean. The vendor claims this procedure is for security reasons. This may well be the case but frankly, we found it to be the only clunky aspect of an otherwise beautifully executed product.
Editors note: After completing this review, version 4.10 of BoClean was released. New features include continuous monitoring for new processes and a simpler database update facility.
Performance
With BoClean running we could detect no effect on the performance of our PCs. Even with the slowest machine, a 450MHz PIII, we couldn’t perceive even the slightest decline in responsiveness. BoClean is a very resource efficient product, the best of any product we tested. The only way you know it’s there is from the presence of the task bar icon and it’s brief, once-every-ten-second flash.
Lean it may be but it’s mean as well. BoClean really pounced on the trojans in our signature file currency test. It missed only one trojan on the first test, the best performance of any product apart from TDS-3. In the re-test two months later it got the lot.
When BoClean detected a trojan it stopped it dead in its tracks. It also did an admirable job of cleaning up. A full log of events and actions taken was produced.
The excellent performance of BoClean with our test set of trojans indicated good design combined with high diligence by the manufacturer in maintaining the currency of their trojan signature file updates.
Overall we were mightily impressed by BoClean. It’s simple to use, resource efficient and highly effective in detecting and killing trojans. It’s an ideal product for the typical PC user or for organizations to install on end-users machines.
Other Reviews
To my knowledge BoClean has only been reviewed twice and in both cases it received the highest rating, though this was a shared honor. Don’t be too overwhelmed with these results; one of the reviews allowed BoClean to be updated during the course of the review which is not exactly methodologically kosher. The other review was more qualitative than quantitative. This said, the results are still impressive and well in line with our own findings.
Support
BoClean offers email support only. There is no support section on the web, not even a FAQ. Nor is there a help file provided with the product. However the email support is excellent. On the 3 occasions we tested it out we got same day answers to 2 questions and the third was responded to within 48 hours.
Summary
This is a simple to use, resource efficient product that offers first rate protection. The lack of a disk file scanner will be of concern to buyers seeking multi-layered protection but for the average user, BoClean offers outstanding and inconspicuous protection with the advantages of simplicity as well.
Version tested: 4.09
Price: $39.95
Download: No trial version available. Click here for purchase details
Trojans in database: 1470 as of the 1st of August 2002
Website: http://nsclean.com
Signature File Update frequency: weekly
Anti-Trojan Software Reviews Home Page
And this is after turned against BOClean
Review of BoClean Anti-trojan
Home What is a Trojan Horse? How we reviewed anti-trojans About us
BoClean is from the New York State based Privacy Software Corporation. This company has been producing security products since 1996. BoClean has developed an solid reputation in security circles. After using the product, we can confirm that this reputation is well deserved though we must say that this product’s lack of a file scanner is a serious concern.
Design and Usage
Most anti-trojan programs usually consist of a file scanner and an in-memory monitor. Not so with BoClean. The product consists of a memory monitor only - there is no scanner.
This approach may have been appropriate once but must be queried given recent developments in Trojan design.
Many of today’s trojans attempt to pull down anti-trojan defenses mounted by the user. For example, one common trojan claims that it can disable any of 32 different anti-virus/anti-trojan monitors that may be running on the user’s computer at the time the trojan is executed. And it’s no idle boast - this trojan does have that ability. Watching it in action is an awesome experience.
Designers of anti-trojan monitors try and protect their programs against this sort of attack using a number of clever techniques. A common one is to have two monitors running in memory with each watching the other. If a trojan shuts down one monitor, the other notices it and restarts it immediately.
This is of course a cat and mouse game. Sometimes the trojan will win, at other times the anti-trojan monitor. The simple fact is that the best way to stop a trojan is never to let it be executed to start with.
That’s why a file scanner is so important. It allows you to detect and remove a trojan before it is executed and gets control of your computer.
Although BoClean has no scanner, it is arguably the best monitor in the business.
Most memory monitors included with anti-trojan programs appear to have been tacked on to the scanner, almost as afterthoughts. However BoClean was developed right from the start to be a in-memory monitor. This is no after-thought, it’s the real thing and it shows.
Once you have installed BoClean a little icon appears in the notification section of your task bar. That signifies the program is now quietly watching everything that’s going on in your computer and is waiting to pounce if necessary.
Double clicking the icon brings up a number of choices including configuration and updating. Click here to see a screenshot.
Clicking the update button results in a new signature file being fetched from the website. It worked well if a little slowly.
Need cheap inkjet cartridges? Check out
Blatant ad URL removed by mod… hehehe. ;D
Performance
With BoClean running we could detect no effect on the performance of our PCs. Even with the slowest machine, a 450MHz PIII, we couldn’t perceive even the slightest decline in responsiveness. BoClean is a very resource efficient product, the best of any product we tested. The only way you know it’s there is from the presence of the task bar icon and it’s brief, once-every-ten-second flash.
Lean it may be but it’s mean as well. BoClean really pounced on the trojans in our signature file currency test. It did well in both our 2002 and 2003 tests and there can be little doubt that that the people at BoClean are doing an excellent job keeping the signature file database file up to date.
Overall we were impressed by BoClean’s monitor. In our opinion, it’s the best anti-trojan monitor in the business.
Other Reviews
To my knowledge BoClean has only been reviewed twice and in both cases it received the highest rating, though this was a shared honor. Don’t be too overwhelmed with these results; one of the reviews allowed BoClean to be updated during the course of the review which is not exactly methodologically kosher. The other review was more qualitative than quantitative. This said, the results are still impressive and well in line with our own findings.
Support
BoClean offers email support only. There is no support section on the web, not even a FAQ. Nor is there a help file provided with the product. In 2002, the email support was excellent. On the 3 occasions we tested it, we got same day answers to 2 questions and the third was responded to within 48 hours. In 2003 the support appears to have fallen off. Only one of our questions was responded to within 48 hours, another took three working days, the other five. This is not acceptable. We’ll monitor this over the coming months and if this continues, we’ll take the product off our recommended list,
Summary
This is a simple to use, resource efficient product that offers first rate protection. However the lack of a disk file scanner is a serious product deficiency given the capacity of modern trojans to pull down monitors like BoClean.
Version tested: 4.10, current version 4.11
Price: $39.95
Download: No trial version available. Click here for purchase details
Trojans in database: 2225 as of the 5th of September, 2003
Website: http://www.nsclean.com
Signature File Update frequency: weekly
Cheap inkjet cartridge sites reviewed: Click here for the best printer cartridge sites
Anti-Trojan Software Reviews Home Page
I am just a bit curious what the point of testing a signature based app with behavior testing tests is?
Yep, December of 2003 was when we couldn’t afford the thousands of dollars for a “good review” and he went with a competitor. And apparently since we couldn’t afford a “favorable review” PSC got trashed for not coming up with the scratch. Since PSC is gone, the actual cancelled check (yes, we DO have it) is in the possession of an attorney who is closing out Privacy Software Corp but we should be able to get a copy of it next week hopefully. In the meantime, here’s the original exchanges for the “good review” when we HAD the cash:
------------ emails removed because of legal liability to Nancy, sorry ----------------
Nancy and I are very sorry we couldn’t afford to continue to pay these people - the bad review (based on highly flawed testing of an obsolete version and completely incorrect information at every turn is what eventually put us out of business. The google results on that “test” remain in the top 3 when googling BOClean.
And with respect to this completely useless and inaccurate test, someone else made the perfect comment on it to the effect of this is like testing a lawnmower to see how well it does your laundry. BOClean is designed to stop running malware, it is not a general purpose HIPS program nor is it an antivirus or web filter … I was asked by Melih to explain why we did so poorly in this so-called “test” and I’ll share it with everyone else here for better or worse.
One of the biggest problems PSC had was a lack of sales and that translated directly to a lack of staff and resources. Given our obligation to continue despite the shortcomings, all efforts were put into keeping up with the ever-increasing load of malware at the expense of improving the code. This is now being gotten up to speed in all directions under COMODO but we’ve still got a way to go in order to catch up with all the damage this chap has done to us as a result of not writing him more checks …
1.1 - Ghost Security Registry test … unknown test, not in defs because it’s a simulation looking for a kernel registry detector HIPS program. BOClean is not HIPS. You might want to look for “techsupportalert” in this thread about it:
1.2 - Regtick V0.21 … also unknown test and actually looks to me like a legitimate tool that we wouldn’t cover in the first place. Will submit since we apparently need to cover this and let those using it “legitimately” just exclude it in BOClean
1.3 - Scoundrel Simulator … unknown test, will submit for inclusion.
1.4 - ZapAss … this is a FIREWALL TEST, will submit for inclusion.
1.5 - Trojan Simulator … this is covered and created by a competitor. Installs HKLM run startup and tells me that the “tester” selected NO when presented with detection in which case the autostart WOULD remain behind as well as the file. Dumbass.
1.6 - Trojandemo … no longer available … will need to look through our archives to see if we collected this one - probably not.
1.7 - Crash … they’ve GOT to be kidding! BOClean is NOT HIPS. This is a legitimate test tool from OSR Online - we’re NOT going to cover this … the explanation is as follows:
“You say the drivers you develop aren’t doing a good enough job of crashing your system and you need a way to force a system crash? Here’s that way: ■■■■! Run ■■■■.EXE and a dialog box with a big red button reading “Crash Now!” appears. Click the button and… ■■■■! Or, change your mind and click on the little “Never Mind” button. Somebody’s needed to write this utility for years. And who would you expect it to be other than OSR?”
1.8 - Raw Memory Access Test … again with the HIPS … this is a LEGITIMATE memory editor/debugger … what are we supposed to detect here?
1.9 - Termination Resistance Test … already discussed, requires kernel protection and the reason why Process Guard went away is that it is not possible in Vista and dubious at best in XP with recent system patches. Preventing the WinAPI function “TerminateProcess()” from working unconditionally as designed in Windows requires hooking this API at kernel level, determining which process is to be terminated and doing a JMP at kernel level if it’s “ours.” For more detail on this hooking of the kernel, see a program called “Process Guard” which did this. There are a limited number of hooks and hooking this requires relocating kernel functions which is also normally detected by HIPS and rootkit detection tools. Doing this is NOT a good idea and originally when BOClean was first put out there when we had military contracts, hooking the kernel was specifically prohibited in our contracts. This for historical purposes. So when customers demanded this, we told them to purchase Process Guard if it was that important to them. And our “friends” here KNOW this!
1.10 - Resource Usage test … pointless.
2.1 - Keylogging - undetected ones were unknowns, will send. Crashing of BOClean result of that problem in the original 4.23 release, was fixed in the 4.23 which was not released. Fixed also in 4.24 … please note also that once again, these are HIPS tests!!!
2.2 - Morgud version 2 … was unaware of this replacement for the earlier version - will send, filename includes zip password … and again, this is a HIPS test!
2.3 - no information to go by here …
2.4 - can only guess that there are samples we haven’t received.
2.5 - FuTo is detected, but can only guess that the VM prevented access to the actual location since HAXDEF wasn’t removed. One does NOT test in VM’s for an effective test.
2.6 and 2.7 - don’t understand why this is even in there.
Summary: It is quite obvious that this so-called test was done maliciously as the “reviewer” knows QUITE well what BOClean is all about (see previous email) and chose to ignore that, specifically choosing tests which are clearly not what BOClean is designed to do. In the past, he’s used zoo trojans and other “custom work” by competitors and refused to submit the samples after the fact to any vendors other than his own “affiliates.” Please examine his previous, completly inaccurate “staged test” of BOClean which greatly assisted in putting PSC out of business when we couldn’t afford to pay the shakedown LAST time …
http://www.anti-trojan-software-reviews.com/review-boclean.htm
Note also the “inkjet” ads throughout. In a PRIOR review (where we PAID) we received glowing but again inaccurate reporting … and not ONCE, even when we received a favorable review was the testing done in any way competent.
Hi Kevin
I see your friend chris 
is trying to pull himself out of the hole he dug for himself over at Wilders … trouble is people keep stepping on his fingers. I reckon if you threw that cheque in on top of him it would just make it almost impossible to get out.