BOClean - What do you say to mixture of non-signature and signature scanner?

Well, I don’t think I need to explain my self any better. I think the subject explains itself.

So, what do you guys think? It would cover more basis, than just making use of signatures.

I think it would be the natural evolution of BOClean. It sure deserves it.


Hi m8 :slight_smile:

This has already been sugested by several other people, but so far the upcomming BOClean 5 will only have signature based detection.

Greetz, Red.

The word “signature detection” kinda makes my knees weak. Heh. Yes, it’s “signature detection” of SORTS because most nasties behave in certain ways, and if you’re looking at memory rather than file signatures, you can actually make those signatures represent “behaviors” in that, if you choose wisely, you end up with a signature that represents a behavior rather than a static position in a file as most AV’s do. Matching FILE sigs has always been a zero-sum game as a simple rearrangement of the file makes it something else. However, in memory, there are certain rules as to what needs to be and where or Windows just sits there drooling, crashing, or doing nothing at all that the authors wanted it to do.

It is the desire of COMODO (haven’t heard different in two years now) that BOClean remain designed as it is as a “standalone” tool. Our guys have taken a number of internal pieces of BOClean which have found their way into CIMA, CAV, CFP and other pieces of the COMODO toy chest … therefore, if you want to scan files, the CAV guys have all of the same stuff that BOClean gets in its database (“it’s one big happy starship”) although it’s a FILE scanner. CFP watches memory and has the ability (since the firewall stops executables before they can even start and has a sniff at those using the same “intelligence”) to look at functions in memory as BOClean did. Thus, from a strategic “forest for the trees” standpoint, there’s really no point in changing BOClean itself from a philosophical standpoint as all that was done in BOClean over the years has been adapted to the SPECIFIC needs of the AV, the firewall and other COMODO utilities. And so, only makes sense leaving BOClean to do what it always HAS done with an even greater degree of “fine grain” in “watching their back” for CAVS and CFP … if, somehow, it manages to get past either, you have another chance to win without another layer of “airport security” to do yet another strip search on your machine and make you late for your flight. :slight_smile:

Do it “COMODO” style, and you’re kewl. Heh.

[attachment deleted by admin]