Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to rotty97
Re: Comodo acquires BOClean
Fcudak..I do not personally help people with HJT log in any forum for the very reason I know 90% of the time not only where they picked up the vector..but also how and where they have been surfing.  Also to many these days who ask for hjt help..never keep their OS updated..or Java..and many have pirated OS.
But if anyone is serious about security..and you can hold back yourself from trying to get Boclean install to clean up some zoo..I suggest your get one machine infected by going to a website or other real world means.. just like those who do post HJT logs and then do your experiment again.
You and I both know website and vectors where this would be fruitless..since BOClean is certainly not infalable..but if you posted your hijackthis log first..someone could certainly tell and make a descision..on what it can do..before you post the next log.
You just might be surprised.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| reply to Name Game
said by Name Game  :So have fun with your 'beasties'..maybe I can even get tataye to make you a few new ones or loan you a few that never hit the stree's in his blackhat days...Eddie does not live in lost vegas..and the golden oldies are still spinning.  even tataye is a BOClean customer 
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
madirish
Premium
join:2003-08-04
Cleveland, OH | reply to rotty97
Re: Comodo acquires BOClean
"Kevin McAleavey is First Scientist to Detect New Strain of Malware which Mutates and Jumps from Computers to Humans"
read more here:»www.castlecops.com/
-just made me laugh- |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by madirish :"Kevin McAleavey is First Scientist to Detect New Strain of Malware which Mutates and Jumps from Computers to Humans" read more here:» www.castlecops.com/-just made me laugh- And he does it with such finesse even other passengers can understand.
FILEDATE: 2007-03-31 07:51:20 (UTC)
CURRENT VERSION OF BOCLEAN IS 4.22.002
Listings do not include variants which are already covered. As of this date, Privacy Software's BOClean analysts have seen a total of 274,706 specific variations of various malware and behaviors as well as additional characteristics and components, all of which are covered in the Update file. This does not include "duplicates" and "copycats" as typically reported by others as "unique" based upon a lack of an "MD5 signature match." Add so-called "traces" and handling each individual piece as a separate "signature" detection as is done by our competitors and BOClean is well past 1,800,000 "signatures" or more as a quantification of "effectiveness by numbers." Our definition of "unique" is based upon specific code written by an original "single author" for use by others. The relative scarcity of "unique authors" is taken advantage of in our design by our ability to "know the actual author" rather than their varying output. Over ten years, we've gotten to know many of them personally in their designs. And the "trojan authors" of yore are today's scammers.
Our definition of "Variants" are numerous "new" malwares already covered by BOClean which have been modified by various techniques designed to elude traditional "file-scanning" software. Our "count" of variants should be considered to be far lower than reality since our "variant count" is based SOLELY upon variants we've actually seen. The number "in the wild" is substantially higher given that BOClean already detected them and thus no "investigations" were required. Since BOClean utilizes multiple unique methods of detection per malware, variants (even those "unknown" or "zero-day") are already covered by BOClean if they use already obvious techniques even with obfuscation. BOClean also stands guard without slowing or interfering with your system, connection speed or software and actually repairs the system after an attack, restoring it to its original condition. No manual editing is required. We STOP the nasty.
Please also note that various antivirus companies will create their own names for malware and thus those unique names may not appear in our listing. Wherever possible, we use the ORIGINAL names given to the malware by their original authors at the time of release. Many malwares are also variations of earlier versions and given new names when "discovered" at a later time by the antivirus companies. Therefore the absence of a particularly named "virus" in our listing does not necessarily mean that it is not covered. Since we tend to be "first discoverers" we tend to use the names provided by the original authors or a name based upon the functionality of new nasties, or in the rare case where we cover it without knowing what it actually does, by its first filename when discovered.
Where possible, we might go back at a later time and adopt a name used by ALL vendors for a particular malware if we use a generic name upon first discovery. From time to time, as the industry settles on a SPECIFIC "universal name," we might rename previously named malware to the more widely expected and known names in order to make research by our customers more convenient.
Certain conventions in our naming though might be helpful. If the name of the trojan contains the letters "ROOT" in the name, then this is a "rootkit." If the name contains "BOT" then it's one of numerous "bots" whether by worm or by exploit. We go out of our way to try to preserve the name or type of bot such as "MYBOT" (known as "MYTOB") or SPAMBOT, IRCBOT, IPC$BOT or other descriptive names to provide an idea of what KIND of bot a particular detection is related to. If the name contains "SPYSCAM" then it's one of the many fake "anti-nasty" foistwares of dubious "antispyware" ilk. If it's "BANCOBRA" then it's one of numerous "banking/credit card fraud" programs, the origin among Brazilian criminals. "Banker" is a familiar comparison among some AV's for this type of malware. "KEYLOG" in the name indicates that it's a keylogger and there are other "keywords" in our naming conventions which indicate the TYPE of malware. Then there's the ZLOB'S which are CWS in a fresh incarnation of NEW coders and their hiding behind "free codecs for porn, jokes, whatever." Lacking any of these conventions in our naming though, then a name in the listing can be considered a unique "backdoor" or "dropper" of other malware. Wherever possible, the corporate names of spyware/adware companies are used in order to SPECIFICALLY identify the origin of malware. "$REVENUE," "CWS" and others are such cases. Many OTHER vendors refuse to name names of criminal syndicates. We DO.
*UNIQUE* Malware detected and purged automatically by BOClean v4.22:
»www.nsclean.com/trolist.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
r355
@carnet.hr
| reply to Anon
said by John2g :The "problem" is only in your mind. You are incorrect. That's why I used the quotes. It's not a problem per se but that, to my knowledge that it does not act until malware is active. Now, without saying it's not good or anything, I just don't like it. And I must say that I've no knowledge of it's disinfection abilities. I thought it was only good at preventing malware not actually being used in cleaning it afterwards. |
|
Martinus
Premium
join:2001-08-06
EU
| reply to John2g
said by John2g :even tataye is a BOClean customer You mean a paying customer?
And welcome back, lad
--
Si naciste pa' martillo del cielo te caen los clavos |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to r355
Re: Comodo acquires BOClean
said by r355 :
The "problem" with BOClean, it is only good (correct me if I'm wrong as I have not used it) to stop from getting infected when you run a nasty. It's hopeless once machine is infected, and it stands still until you actually run something. Some might like this approach and see it as something groundbreaking, but I personally don't (besides, any av/at have on-access scanner anyway). I would like to keep it off my computer in the first place and at least have software have a shot at fixing it.
That's a pile of BS. I have about 500 viruses on my machine. They haven't done diddlysquat to my machine. I'm not concerned about them at all. Why am I not worried? Simple. They are in zip files and I have never unzipped/executed any of them. They are completely harmless until executed. If I did execute any my real time AV would pounce on them and stop them. If any got by my AV and I had BoClean installed it would stop those when they tried to execute.
Unreasonable fear of viruses doesn't make sense. Beginners and average users probably should have an unreasonable fear and that is who the AV companies aim their bloated software at which has http scanners to keep those nasties totally at bay. Those of us who know enough to read and post here should have a more reasonable respect for viruses...fear them but not in a hysterical manner. I once feared them as you appear to do. I had the great fortune to be taught by a master here about how to safely handle them. I don't do much handling like a researcher would because anyone can have a slip-up (and you frequently need to have your AV turned off so you can handle them) and if the AV was turned off when the slipup occured then you better have a current True Image handy.
So, I don't "push my luck" but at the same time, I don't harbour irrational fear of viruses getting anywhere near my computer because I understand that it is only when they are executed that they pose a problem. Under the "master's" tuteledge, I was even able to handle one virus and submit it to my ISP and ISP headquarters in Virginia and then to Symantec and back and forth...lots of handling...because Symantec wasn't detecting and they are the vendor on my ISP's national email gateways. I was sort of amused at how fearful the person dealing with this issue at my ISP's national headquarters in Virginia was regarding my sending the virus to him. The head of local tech support in Hawaii was just as fearful and they set elaborate precautions before I could send it....gee, it was perfectly safe. I zipped it and password protected it, yet because they didn't really understand how a virus infects they were convinced it would infect their computers just by the zipped, password protected attachment appearing in their email. Amazing.
As for BoClean, what is there to clean after BoClean stops it from executing in memory?
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ |
|
tempnexus
Premium
join:1999-08-11
Boston, MA
| Exactly it's like CDC being deadly afraid and warning the public about all the viruses it keeps stored for research. The viruses and bacteria have not been disseminated thus cause no threat to the general public as a result they do no have to be reported. However, they will be reported and mitigated as soon as they somehow escape the confinement or are somehow introduced into the general populace.
Same goes for Boclean...Boclean does not care about stuff that can't infect you, it cares about immediate danger items aka the items that are residing in the memory and stealing/dealing/whatever the information you have in your system. |
|
richter35
Premium
join:2004-01-03
Croatia
1 edit | reply to Mele20
Mele20, I know it's BS, and I did not claim there is anything wrong with the software. I merely said I prefer for AV/AT to catch it while I browse folders, even if it's not harmful. I am not mortally afraid of viruses. I do not run anything on-access nor do I scan my email (Gmail and Yahoo filter it anyway). I am aware that malware is not harmful until it's active, but...I can also handle it even if it's detected by my AV and I know that it contains malware. Simply put it on ignore list, but I'd like to be notified nonetheless.
You say I'm wrong and it's BS and yet you confirm that BOClean will not act unless malware is ran. I just don't get it. I just said that it does that and *I* don't like it. And I'm labeled as spreading BS. I did not say it's faulty in any way or that it will not catch infection once executed.
Second, I said it's nothing new...well, unless I am completely wrong (and I am not saying I am not), it doesn't do anything that special that let's say Ewido on-access scanner wouldn't do, or...? *I'm just asking a simple clarification*
Third...I did not state machine would get infected while BOClean was running. I simply asked, which I did not put in a good way for which I apologize as you can clearly see English is not my first language and I'm not Security MVM/MVP, whether or not installing BOClean after infection will make a difference and if it would clean infections already present? |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | Installing it after the infection will help remove the badware it knows about and is running in memory
Cudni |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to r355
said by r355 :
The "problem" with BOClean, it is only good (correct me if I'm wrong as I have not used it) to stop from getting infected when you run a nasty. ...
...I would like to keep it off my computer in the first place and at least have software have a shot at fixing it. ...
So not a problem then?
Cudni
--
Some are born to failure, others achieve it, all deserve it.Help yourself so God can help you.MVP, Microsoft Windows Security 2006-2007 |
|
richter35
Premium
join:2004-01-03
Croatia | Yes there is no problem, thanks for clarifying that. It does what it does, and it does clean active malware when present upon install. That's what I wanted to hear. I'll stop at that. Thanks. |
|
JTM1051
Premium,MVM
join:2000-07-08
Moorpark, CA
| Your AV's resident scanner should catch the nasties first and probably never see any action by BOClean until a nasty (trojan/malware) has been encrypted, repacked, patched, hex edited or otherwise modified to be obscure and sneak by AV's defs.
The synopsis at bottom of the BOCLean page:
"Think of your antivirus as a burglar alarm. BOClean is a motion detector."
For a better explanation of how BOClean protects your system, read the first three paragraphs at BOClean in normal operation.
In the "Compatatives" page at AV-Comparatives, scroll down page till you see the "Anti-Trojan Comparative 2006 March 2006".
In the report's section "4. Some questions and answers"
Question 1: If dedicated Anti-Trojan products have lower on-demand detection rates than common Anti-Virus, why it still makes sense to use them?
Answer: Anti-Trojan products may not have the best on-demand detection rates, but usually they offer additional tools to identify active malware or to remove the malware from the system.
Some products have Intrusion Detection Systems to block the malware while execution based on its behaviour (behaviour blockers) or are very good at detecting dialers or spyware (not included in this test). Other Anti-Trojans products may for example have a memory scanner, monitor and clean the registry and/or have tools to monitor start-up programs, current connections, running processes, etc. ..." |
|
Mowergun
join:2004-02-15
Charleston, IL
 ·Consolidated Commu..
| reply to rotty97
said by Mowergun :FROM: » Re: BO Clean questionLogically I know that kevin and Nancy cannot keep this up forever, someday they will want to retire. Some day some security software company may make them an offer they cannot refuse. I hope that day is a long time in the future. 2006-08-19 12:00:53
Little did I know in August of last year when I made that post, that Kevin and Nancy were already shopping BOClean around. |
|
Jer03
join:2006-08-16
Las Cruces, NM | reply to rotty97
Anyone know when the free BoClean will be available?
Thanks,
Jerry |
|
K McAleavey
Premium
join:2003-11-12
Voorheesville, NY
| reply to Mowergun
The description of "shopping it around" actually meant that we were looking for funding to remain independent and to have money to hire additional programmers and analysts. However, "file scanning" and "anti-anything" is a software mindset that's been going since the early 1980's and is passe ... and with so many "newbies" who've gotten into this in the last couple of years seeing some sort of goldmine in this (Kaspersky and others doing freebies should be a clue as to how BAD this market is, you CAN'T compete with "free" no matter HOW good you are) has evaporated any potential of investment in us or anyone else.
So the next step was trying to partner with someone else who had resources we could draw upon or an outright sale given that nobody's making any money at this and the workload just kept going further up and up. So our FIRST responsibility was to those who'd paid us and to whom we'd made a promise. Kept us awake TOO many nights ... we didn't want to go the way of TDS and a few others of similar vintage - either pulling the rug out or just giving up while remaining a walking corpse.
I really can't fathom all this negativity - the amount we "cashed out for" isn't going to buy either of us "a place in the sun" here ... it was NEVER about the money, it was about Nancy and my personal responsibility to those "few" who actually paid us to do what we do and our own sense of honor about that and what our "mission" has been for over ten years now.
COMODO, for all the naysaying, has agreed to HONOR our commitment to all AND to ensure that what we'd had to put on the back burner because we just couldn't DO it anymore will see the light of day. "File scanning" was a waste of time (you're going to look for a problem ONLY when your machine is SO hosed you finally noticed?) ten years ago ... and what we offered was way ahead of its time THEN. As a "backup" to your AV which should have stopped it in the first place but obviously didn't (as many can attest from personal experience) ... this isn't the 80's anymore, it isn't even the 90's anymore.
What we always WANTED to do (but were bogged down supporting this 1980's mentality and 1990's mentality) was to PREVENT nasties from ever happening in the first place. So now, with COMODO taking us and our stuff in, we can continue our faith with those who gave us money AND we can now finally turn our focus to things nobody else has even considered doing ... I'm serious here ... the BEST is YET to come!
And nobody got hurt ... aside from *US* ...
--
Kevin McAleavey submissions@nsclean.com
»www.nsclean.com
Makers of BOClean |
|
