I no longer trust BOClean - Uninstalled! [RESOLVED]

Hello…

BOClean has too much exchanging going on BEFORE the on-screen display window tells me that there IS AN UPDATE and that it will THEN go and get it.

To me, that adds up to suspicious behaviour and that just ain’t goin’ on on my machines.

For all prior updates…there was very little exchanging done and ■■■■…the notice that an update was available was up and the update starting coming down…but, no longer. Now, there is too much uploading / downloading being done before that message even shows.

And, for as long as that happens instead, no more BOClean for me: thanks, anyway!

Question: Did any other company or developer own BOClean before Comodo’s people did?

Ian.

Out of curiousity, Ian, have you examined what the traffic is?

Due to the far larger number of BOClean users, I believe that Comodo no longer rely on a single server for updates and spread it across several. There is checking involved before the GUI initializes, but I believe it’s related to what update servers are available.

This can be confirmed by using Wireshark, or any other similar sniffer on the outbound traffic.

to the best of my knowledge, no other company came in between the original owners of BOClean selling the application to Comodo (please note - there is nothing suspicious in my use of the term “the original owners” - I just forget the name fo the company that was owned by Nancy that distributed software written by Kevin).

Cheers,
Ewen

Strange comment I think. ???
Why would a company that issues security certificates do anything underhanded with their Security Software to tarnish their reputation. Wouldn’t make sense.

Now if you had said why trust Norton, I could have understood. 8)

Mike.

Ian,

I noticed that when you posted a question about this issue over here…

https://forums.comodo.com/comodo_boclean_antimalware/uploaddownload_activity_before_getting_a_boclean_update-t11620.0.html;msg82035#msg82035

Jasper responded only after running a packet sniffer (as Ewen has suggested you do) on the connection, to determine exactly what was occurring.

Given that you did not reply to his response, I’m wondering if you read it… If not, you might want to - the results of the packet sniffer were quite informative.

LM

I always run a sniffer on software so I can see what it’s doing. I will run it again if you want just to prove to you that CBOC is not doing anything suspicious. I will post all of the packets for you to see if that is what you want.

I will repeat what I said in the other thread. There was 32 packets all told and the first thing CBOC does is log into the FTP server then they do the Handshake and sync up then they see if there is a new update. In my case there wasn’t. so it closed the connection and that was it.

I did check when there was an update and it only went to their update server and nowhere else. I will not give the server names but any packet sniffer will tell you exactly what any program is doing.

If there were any suspicious packet traffic in any way I would be the first to scream bloody ■■■■■■ on this forum.

My opinion is you are here for other reasons.

jasper

Hello…

(I’ve edited my thread title to sound less extreme!)

• I don’t know what a packet is.
• I don’t know what a packet sniffer is.
• I’ve no idea what a handshake is.

In the absence of technical know-how, I responded with what was left of my options…to uninstall. A program once behaved in a certain way and then suddenly started behaving in a different way with nothing on the screen indicating to me why it was doing that. I responded by deliberately being overcautious and this is the result.

In my entire time on the Net (around 12 years, now) I’ve NEVER felt as safe as (for example) the Comodo Firewall Pro makes me feel. If Comodo’s people are genuine, and if the Firewall (ALONE) is reliable and does even half of what it appears able to do, then Comodo’s Crew have built something magnificent and free - I’ve rarely seen that in the world of crucial computer applications - ever!

But, when something appears wrong, I assume that it may not be right and I respond - makers of security software will sometimes recommend that we continue to think in terms of security and not leave absolutely everything in the hands of any software…but, apply even just basic common sense for ourselves, also. I’ve done that. Fear responses often appear rash to those with no such fears.

I was once told that, if a thing appears too good to be true, it probably is…I’m just looking forward to shedding layers of that, but it’s a painful journey.

In total fairness, I should’ve replied to the answers in the previous thread about this, and for that, I apologise. But, awaiting other replies, a lack of daily available time and a slow internet dialup connection were not my only reasons - I feel completely out of my depth, trying to understand the depths of Net security and explanations involving terminology that is “every-day” to most folks, here, become more confusing, to me. It’s no fun being Mr Dopey among the knowledgeable, in any subject.

There are many programs on my machine which I don’t allow to automatically update, the only exceptions being, right now, SpyBot S&D and SpyWareBlaster - and, it took me a while to trust those, too, as I remember from some years back. There have also been many that ended up uninstalled for this very same (long unexplained exchanging) reason, just until I learned (in easy terms) what had been going on and why it had gone on at all.

Norton and others have made me a computer/Net paranoid…their behaviours were too inconsistent and that made me nervous. It was made worse, for me, because Norton (let’s face it) just DOESN’T WANNA GO, when you try to get-rid.

For Comodo’s people to have DELIBERATELY included spyware into a program would’ve been ridiculous! My concerns were only that something had PREVIOUSLY been written into EXISTING code without their knowledge or that I may have had a suspicious download coming from elsewhere, somehow. “Sniffing” and “handshaking” are wasted on my inexperience in detecting those problems - in the absence of insight I am guilty only of continued and worsened ignorance and a fear response grounded in that ignorance.

Apologies, again, for having not replied to the other thread.

Ian.

Ian

Thank you for your reply.

Our goal is to protect you! You will always get our 100% effort to protect you and nothing else.

thanks
Melih

Tnx for the response, Ian. I’ll try to lay it out in a less-cryptic manner for you (those with computer knowledge tend to forget that not everyone is at their level, I’m afraid).

A “packet” is just a term for each piece of information that makes up traffic flowing on a given internet connection (to a website, email, download/update, etc).

A “sniffer” is an application that examines those packets and shows the back-and-forth activity during each stage of the process. A very common one is Wireshark (formerly Ethereal).

A “handshake” is a term regarding one part of the back-and-forth process wherein both “sides” of the “conversation” greet one another, introduce themselves, and agree that they are who they say they are (just like when you meet someone).

What all this means in terms of Jasper’s post is that the traffic generated by BOC is perfectly normal, and nothing untoward is occurring there.

Comodo has added (and continues to) more servers in different locations to handle updates and whatnot (not just to BOC, but in general), as the product demand increases and their previous setup becomes outdated. They are regionally placed, and updates will contact the correct one based on where you are. This is part of the process. Comodo regularly drops servers, adds new ones, and so on, to continue to meet the needs of their userbase. Thus, it’s not just one single server that you’re connecting to, and it may change from one day to another. So in case you see a completely new connection being generated (a new IP address) that isn’t something to necessarily be concerned about.

I hope that clears it up some for you. I’m sure that if you are interested, Jasper will post the results of the packet sniffer and explain what they are. I also realize that may be more than you want to know…

LM

Sorry for jumping to conclusions Ian. I stand corrected. After not answering your first post then posting the same thing again I mistook your intentions. Legitimate opinions are always welcome.

jasper

TheGodSplinter,
FWIW, better network (packet pickers) gurus than you or I have and continue to watch what CBO (as well as the other products) communicate to the Comodo servers.
I’m out of pocket but when I get home I’ll put some of it up,
Trust me, it’s cool.

Hi, Folks…

Many thanks for your replies and for the present (and any subsequent) clarifications.

I’ll try to keep up, but I’m likely always to be a little internetually challenged.

Now, I’ll go and get BOC downloaded, again.

Ian.

Something I find handy with downloaded applications, that I’ll pass along just for grins…

Within “My Documents” I have a folder called “Downloads.” I automatically save everything I download to that folder (as opposed to the standard of Desktop). This serves a couple purposes:

1. A source to go back to, if I need to reinstall an application (very handy for dial-up users)
2. A record of installations w/dates (at least for the download) in case something goes wrong with the system, it may help track issues down

LM

LOL. Snap!

;D

You mean “within Micr0$0fts Documents” ? (:TNG)

@ GodSplinter : You have a very healthy way of thinking about computer-security
even for a person who doesn’t know what a packet-sniffer is .
A packet-sniffer is a tool for nerds who don’t have a life outside computers
that allows you to watch (and capture) exactly what your NIC and the apps using it are doing.
Keep thinking in that way and you should be perfectly safe !!

(:CLP)

Greetz, Red.

Glad you are happier now Ian. I have marked this topic as resolved and locked it. If you wish it re-opened please PM a Moderator with your request.

:SMLR