Difference between Anti Virus and Anti Malware?

Forgive the ignorance, but I’m confused on which product I need, or want.

What I need is a “worthy” free Anti Spyware program that updates itself. I’ve noticed in these forums there is mention of an Anti Viruspyware (CAVS) and BoClean Anti Malware. I’m not sure what the difference is between the two, and there dosen’t seem to be a place where one would download the Anti Viruspyware (CAVS) any longer. Has it been replaced by the BoClean?

Thanks in advance for your insight.

BOClean has the distinction that it scans processes in memory for viruses. This prevents the virus from executing and has the advantage that the virus signature cannot be hidden by packing or encrypting the file. It prevented me from installing a trojan, and that is better than being able to remove it. CAVS is nearing release of a new beta and the previous version is still in beta itself. The new beta will be a dramatic improvement on the former version and should go to a release in short order.

Thanks for the quick reply, much appreciated. So basically the CAVS program will be released soon. Is there an ETA yet? Then one would need both programs, as the AntiMalware functions will not be superseded by the CAVS, correct?

Thank you,

David

I am using CBOClean as antispyware/trojan. Am i right or i need an AS program like ST ,aVG or SAS??

Hi David :slight_smile:

We don’t know when the new CAVS Beta will be released, but we expect it to be very soon. And we don’t know if CBOCleans funtionality will be added. What we do know is that CBOCleans malware database will be added to the new CAVS Beta, and that Kevin is rewriting CBOClean. But knowing Kevin the new CBOClean will not be released before Vista SP1 will be released ( Kevin realy hates Vista :wink: ). So basicly we are waiting, just like you :slight_smile:

Hi Rafel :slight_smile:

It depends on what other security programs you have, your surfing habbits, downloading habbits and ofcource what you are feeling comfortable with. Basicly you are already safe with a good Firewall and a good HIPS, and all the rest is extra. But you could add an Anti Spyware for Realtime protection and/or On Demand scanning :slight_smile:

Greetz, Red.

( Edited: I was talking about Vista SP2, while SP1 has still to come :stuck_out_tongue: )

Thanks for all the insight.

CFP 3 with Defence+ ??? I think too you are safe :slight_smile:

Greetz, Red.

Keep in mind, I’m an idiot. What is HIPS?

Short for Host Intrusion Protection System. The idea is to limit the access to critical system components and prevent the execution of unknown programs. It does rely on your judgment to stop a program from running that should not be allowed to run. I’m trying to get a few more tools included to help with that call. Basically, you would have to know that a program is new and not put there by yourself to be suspicious, but to actually know that it is malware? Malware is pretty crafty - often it misidentifies itself as being a program by Microsoft (no digital signatures, but many older MS files are not signed) - they can use pseudo-random names (can be composed of the first part of a real file’s name and the last part of another real file name) so they look like plausible names for a known file or function - usually they don’t have an icon, but some use a generic icon. You can double-click on the name of a file listed on the pop-up and view the properties of the file, but that is subject to the kind of deceptions listed above. If the file has no icon, no publisher/author, no digital signature (Most don’t), and a random name or a suspicious name, then beware - disallow it or click “Treat this program as…” and select Blocked Program. If you are wrong and it turns out to be safe, you will have to remove it from the Blocked Program list, but that’s not hard to do. Recover from a virus - that’s hard.

I’m a slow learner, so bare with me. Basically you’re saying CBOclean is a HIPS, and serves as protection against Viruses, Spyware and Malware. It will ask you if a certain process is authorized before it is allowed to be executed, and then you either approve or disapprove it. Is this a correct statement?

Then why would there be a necessity for the AntiViruspyware CAVS? Is it because CBOclean just stopps the process, and CAVS would actually scan the hard drive for offending file that’s trying to execute the process, and remove it? Kind of like how Spy Sweeper quarantines a item having found it?

Thank you for your continued patience, it is much appreciated.

BTW, there’s a discussion about this same subject here http://www.dellcommunity.com/supportforums/board/message?board.id=si_virus&message.id=65474#M65474 to where it is suggested that CBOclean takes the place of a Anti Spyware program. That’s what’s causing the confusion on my part.

There is some overlap in CAVS and BOClean. BOC was purchased by Comodo some time back and used to be a subscription anti-virus service. I’m not sure that it can be classed as an anti-spyware program, except that it does do active monitoring of your system’s RAM - something that some anti-spyware programs do - and it may have signatures for spyware in its database (don’t know for sure). The two (CAVS and BOC) are in the process of being merged into a new version of CAVS, but it is a bit far from release - no beta for testing even.

(:WAV) hi apprenticedave

i think BOClean protets us from these :
Internet trojan horse programs, spyware, keyloggers, rootkits, pseudorootkits, hijackers, adware, annoyware, email relays, spam proxies, spam relays, scam downloads and email/spam robots (“bots”)

http://www.comodo.com/boclean/boclean.html

??? i don’t think so, CBOClean is an anti malware. it uses malware signature, not a HIPS.
if you need a HIPS, use CFP3 it’s got Defense+ (defense+ is HIPS)

about the topic title, maybe i can give some “expert” explanation ;D

AV : detects Viruses & worm (maybe some trojan or rootkit)
Antimalware : detects what AV doesn’t detect ;D
(:NRD)
Ganda

That is incorrect :wink:

What is HIPS :

http://wiki.castlecops.com/HIPS_FAQ

What is CBOClean :

http://www.comodo.com/boclean/boclean.html

You are partly right, and partly wrong here :slight_smile: CBOClean not only stops the malware, but is able to remove it too. But CBOClean can’t scan files On Demand, that’s why you need CAVS :slight_smile: So why do you need CBOClean you maybe ask :wink: Because it works different from all the other Anti Virus and Anti Spyware programs :

File scanners can only detect fixed patterns and if the malware has been compressed, encrypted or modified, it cannot be detected by pattern matches since it will no longer match the pattern and will thus elude detection. BOClean watches memory, registry, and the file system waiting for malware to load up and then shuts it down before they have a chance to operate.

From here :

http://www.comodo.com/boclean/boclean.html

No, if you read my previous statement you will understand that is not the case :slight_smile: Although … it could be that one day CAVS will take the place of CBOClean. But only the Developement Team can tell us that :wink:

Greetz, Red.

ApprenticeDave, I congratulate you on asking the question and representing most users out there trying to grapple with all these products. Security gurus you’ll need to explain the answer to a heck of a lot of people… :wink:

I think the average user can understand (after a bit of basic reading/explanation) the difference between a firewall and anti-virus software. However the average user “expects” any anti-virus software to be designed to able to defend itself and remove malware, trojans, etc from memory and storage. The average user does not want 4+ packages to install, run, update, learn, etc.

Comodo it’s great that the software is free (honest) but we’d really like to see the software consolidated somewhat and look and feel like it’s from the same developer. (BOClean should have had a name change years ago and I’m still trying to work out how to get rid of the ridiculously sized status messages it sticks at the top of the screen by default… It’s for techos by poor design) >:(

I agree with you wholeheartedly.

I would like to add my .02 cents worth here. Someone mentioned that BOC scans memory but the way it’s worded it seems like an AV doesn’t do that. Not true. If one runs an AV with a resident memory scanner then the AV is basically doing the same thing as BOC. Now I can’t be absolutely sure about this but my assumption is that most AVs have an active memory scanning option. A brief lesson…AVs from several years ago did not put as much emphasis on Trojan type threats in the past. BOClean was developed to pick up the slack and run resident and was tweaked to identify the malware that many AVs of the day didn’t detect. That’s why BOC was always recommended to be a backup to your AV. If the AV missed the malware then hopefully BOC would catch it if it tried to run. Many of todays AVs have much better detection of malware besides simple Virus type activity.

The advantage of CBOC has been blurred by recent developments in AV software. I sometimes run systems with CBOC only and not worry about running an AV but that is not for every system. You still need an AV but for those systems I think the protection offered by CBOC is enough that I don’t need to added protection that a full blown AV offers.

And on top of that I think the term Virus has migrated to encompass most malware so the term Malware seems more appropriate today. After all what is Spyware? What started out as tracking cookies has turned into keyloggers, trojans, worms, etc. After all they spy on you too!

sorry, i was reading through this thread and got myself even more confused. does Comodo firewall protect you from viruses/spyware/trojens or would I need a seperate program for that? I read that a new version of antivirus/spyware is coming out. Will this be integrated with Comodo firewall? Basically, I want to know what I need to completely protect my system from viruses, spyware, trojens, hackers, etc. I got the firewall part down (Comodo firewall 3.0) but the rest of the other programs confuse me.

raazman

yes, you need separate programs to “detect” malware

yes,but not now.but there will be choice to install a “suite” & standalone programs

oh, you need
1)firewall
2)AntiVirus
3)Antispyware
(:NRD)
Ganda

Hi raazman :slight_smile:

Ganda is basicly right :slight_smile: CFP 3 with Defence+ does protect you from malware, but it all depends on what you as a user decide to do when Defence+ alerts you when the malware tries to run. What if you take the wrong decision and you do allow the malware to run :-\ That is why you need seperate programs to detect malware :slight_smile:

Greetz, Red.

AFAIK most AVs doesn’t scan memory but they scan files and programs before they are read from the disk and/or after they are written to it. However many AVs can scan memory on-demand.