Clear Up Confusion re: How CBOC Functions?

After re-reading several posts, I’m confused.

IF…BoClean is NOT configured to run at boot-up of machine, BUT IS started & updated from desktop
before browsing the web, & then malware get downloaded by say a “drive by install” either “silently” or by foolishly clicking on a pop-up (silent remember) saying :“Infection Found click here to remove”…(many have had this happen)… (:SAD)

Would BOClean prevent this (during every 10 second scan) OR Only catch & correct this attack during next boot-up & only if BOC is, at that time, configured to run at boot-up (assuming this is a recognized item in defs or heuristic behavior) ?? ??? or at next program start(not boot-up)?

Would it ONLY catch & correct this attack IF BOC was running at boot-up the previous boot-up (thereby
having a comparison boot-up to restore to)?? :THNK

Thanks for clarifications you can give so we may better understand how it functions!! (:HUG)

BoClean actually already prevented the malware from installing while that box with blablabla yes/no is there. The only thing is that if you say yes you will delete the file were the virus is active.
So : If you even say no, he stopped the malware ;D

Hope I’m a bit right :slight_smile:
Xan

I don’t think there’s a difference on whether BOC was started at boot or later manually. The thing is that BOC’s mission is not preventing malware from being copied to your computer, it will act against the malware only when it attempts to run.

Would the execution/appearance of the pop-up not be a sign it’s entered & is running(stage 1)?
Stage 2 would be further downloads IF you click yes or no(regardless)?
Thanks for replies received & any additional insights! :THNK

Would the execution/appearance of the pop-up not be a sign it's entered & is running(stage 1)?
As you can read what it says : BoClean has stopped this malware, would you like to delete this file?

→ he stopped it but asks you to delete the file .

Hope I could help you
Xan

hey sandy… i am sorry that you seem to have trouble with using BOC… i don’t use spybot’s “teatimer”, but i wouldn’t think that there would be any conflict between it and BOC, except that you should disable “teatimer” when installing BOC, or when installing anything else, since, apparently, teatimer can interfere with the installation of other programs…

i think that BOC works kind of like a “sandbox” where it scans files before allowing them to run…

BOC will instantly flag malware that it has definitions for if the malware starts to run…

Reply to alaertsxan:
Thanks for your reply! This was a hypothetical case (the pop-up described would have been the pop-up from the malware -say SpySheriff :■■■■ rogue) not the one from BOC. Clearly if BOC pops-up ,then it is taking action.

Mainly concerned that despite not being started at boot-up, it would still do it’s thing. :smiley:

Reply for redwolfe_98:
Hi, again redwolfe_98, thanks for posting. Re: Spybot TT: I don’t use the 2 together only 1 at a given time. Since I’m aware of the confirmed conflicts, it’s no longer a problem to work around using which ever seems most appropriate for the netting I have planned at the time.

I appreciate the description of being like a sandbox(ie) as that I can wrap my head around easily!!
I just wanted confirmation that BOC, used as I do, would function as expected/described.
I was becoming confused as since having it BOC has never in a real world (on net) appeared to catch anything (no “stopped” pop-ups)(of course no reports). Guess I’m not wandering in dangerous enough neighborhoods(LOL)!! Thanks again! Sandy :■■■■

sandy, you can test BOC at any time with GRC’s “leaktest”, to see that BOC is working the way that it should be… just download the file and run it and BOC will flag it… here is the webpage for GRC’s “leaktest”:

you can also test BOC with the “trojansimulator”, but it is simpler to just use GRC’s “leaktest”…

I don’t think the drive-by is using CPU time/memory to download the nasty (however you “choose” to download it). This being the case, BOC would not warn you that you’ve downloaded something nasty, nor would it stop it. (Your AV or AS might, though, if it can).

Most of these downloads go to a temp file, where they sit quietly, waiting for the signal to take action. That action would be to execute/run in some way to cause an infection of the system. While they’re sitting there, your system AV or AS might pick them up on a scan, or might not (depending on its capabilities and definitions).

In order for the nasty to run/execute, it has to access CPU time/memory. In order for it to do that, it has to take its clothes off (or at least pull its pants down). BOC will see the sun (or moon) shinin’ and spank it with good ol’ “Black Magic” (1x4 board shaped with a handle, electrical-taped for support, and drilled through with a series of holes - to make it hurt more?.. gotta love Texas schools in the 70’s).

By the time the nasty reaches memory, there’s probably not a lot your AV or AS can do, but that’s where BOC steps in, as mentioned above.

IF the download process itself tries to execute a call to CPU time/memory, it will be spanked as well.

The problem would be this: A lot of these downloads aren’t activated until reboot (that’s what they’re quietly waiting for). IF you were running BOC on boot, it would catch it (where your AV/AS would not) and stop it. Without BOC at boot, you don’t have the same level of protection in that way.

LM

Hi there, just wondering but does the Boclean application stop spyware also or just malware ? Is malware/spware essentialy the same thing ? Yes I know iam not that experienced with this stuff, heh…

Reply for redwolfe_98:

Thanks for the GRC Link! I DO visit there every once in a long while but hadn’t thought to try Leak Test as a BOC test!! (:HUG) As you noted, I do have Trojan Simulator and BOC does notice it.
Thanks again… good to have you watching! Sandy :■■■■

Malware is the generic term for all the nasties, the software that work against you without your consent. It’s been traditionally divided into viruses, worms, trojans, spyware, malicious adware, and maybe etcetera. As far as I know BOC works against trojans, spyware and malicious adware, it’s not a replacement for an antivirus that will defend you from viruses and worms and possibly trojans. When finally released, CAVS is intended to include BOC’s functionality and defend against all kinds of malware.

The term “malware” is also used with another constrained meaning referring only to the malware that your antivirus doesn’t take care of, because everybody is supposed to have an AV and they have been the prime security software since the old days. So you may have heard that a certain program defends against malware when it defends against spyware, malicious adware and maybe trojans, but not agains viruses nor worms. Other software will call itself antispyware even though it also defends against malicious adware and trojans (AVG AS for one). The terms are confusing and not written on stone, also the boundaries between different kinds of malware can become really blurry at times.

Hope this helps. For more help with specific terms, Wikipedia. :wink:

Reply for Little Mac:

Thanks for that in depth explanation!! It was what I was looking for regarding just WHEN BOC would have it’s attention brought to bare by activating malware. :THNK

I have CCleaner set to clean ALL temp +dat files etc. and I run immediately before & after going on/off the net. I find this helps a fair bit w/ nasties as well as build up. I also have set to clean ALL (not just older than 48 hours) so there’s no residual to worry about. (:WIN)

Yes, the “do nothing 'til next or X# of boots” gimmick is often quite successful in avoiding an end of session scanning as well as confusing just where/when it came from (tricky little devils).
Appreciate your time & thoughtfulness! (:WAV)

Reply to Japo & Kazuya:

Just what he said!! (:CLP) Japo, you beat me to it… I was still typing reply for Littlle Mac (one of the drawbacks to the 2 finger method (:LGH) )!!! Sandy :■■■■

Thanks for info, I understand a bit better now…