Comodo Antimalware?

  • Thread starter Thread starter Alan D
  • Start date Start date
A

Alan D

Does anyone have any experience of using Comodo BOClean Antimalware (free)?
Any recommendations? Discouragements? Does its continual monitoring mess
with Defender's rtp? Or anything else?

Your collective wisdom would be much appreciated by this seeker after truth.
Cheers,
Alan
 
Not with BOClean itself, but with Comodo, Alan. They absolutely refuse to
support via email any free products, which I discovered using their
Verification Engine. While I can't blame them with no revenue coming in to
pay for support, at least with Defender you do get the two free support
incidents from Ms as well as this nice forum, so beware of that limitation.
I would like to hear about anyone who's had a successful problem resolution
using the two free Defender incidents though :o)

However, to be fair, Comodo does maintain a web forum presence, so I'd
immediately join their newsgroups/forums if you decide to go that route.

http://forums.comodo.com/comodo_boclean_antimalware-b83.0/

I've heard that their users either really love or hate BOClean, so let us
know how you fare, sorry I can't give more help.
 
Alan - I run it and have no issues (I have Defender too). Not that it's ever
caught/logged anything, but then I'm very careful where I go and what I do
anyway.
 
in message
Does anyone have any experience of using Comodo BOClean Antimalware
(free)? Any recommendations? Discouragements? Does its continual
monitoring mess with Defender's rtp? Or anything else?
Click to expand...


BOClean is getting dated, as even its author will admit. It still has
decent protection but is significantly limited when compared to other
IPS (intrustion protection system) software. It is a simple IPS that
will eventually get integrated into Comodo's anti-virus product along
with improvements to make it comparable to current IPS products (well,
for the freebie versions of current IPS products). Their firewall
already incorporates a rudimentary IPS feature (via the application
rules along with component checking). That is, their firewall includes
IPS for processes that want to get a connection and later their
anti-virus will include IPS to control what can load into memory
(nothing runs unless it gets into memory). It looks like IPS isn't
getting into the AV product until the next version which is expected
sometime around September. Their current anti-virus 2.0 (beta) is a
real pig for memory. So was their last version. They are promising to
reduce memory consumption in version 3.0 which is also supposed to
include IPS (i.e., BOClean with significant improvements).

In the meantime, look to DiamondCS ProcessGuard. It has been the IPS
gold standard for awhile but it, too, has fallen behind. I now use
System Safety Monitor (SSM). However, all IPS programs will end up
prompting you relentlessly at the beginning to get your permission to
allow programs to load into memory and the callers of those programs to
load that program. It has a learn mode. If you are absolutely sure
your host is clean, enable learn mode and then run every application you
have, including calling apps from within other apps, like clicking on a
URL link in an e-mail displayed in your e-mail program, sending mail
from the web browser, and so on. Also reboot your host so it learns
what is allowed to load on boot. Both ProcessGuard and SSM have learn
modes. When learning is done, make sure to turn off the learning mode.

Using either ProcessGuard or SSM you can, for example, prevent
Microsoft's WGA from running on startup. Easier than all the other
suggested methods of deleting files and editing registry entries. If a
program can't load into memory, it can't run. However, it will be up to
you to decipher the prompts to decide whether or not to let a program
load once or always. IPS programs are not for newbies. You have to
know a some about the OS, your applications, and be willing to
investigate when a prompt asks you about something you don't know or are
unsure of.

I currently have a problem with SSM with its update operation because it
refuses to communicate with the Comodo firewall (which has its own IPS
function). I have to temporarily disable the firewall to let SSM get
updated. IPS programs don't have whitelists, blacklists, or signatures
to constantly get downloaded as do anti-virus or IDS (intrustion
detection system) programs, like Windows Defender. That's not how they
work. The intention of IPS is to prevent, not to detect late and then
attempt a cure. I'm not concerned about ensuring that I have the latest
version of SSM installed, and I can disable the firewall and check at
monthly intervals, or longer, to see if there happens to be a new
version available (or just visit their download page).

I've only used the free versions of ProcessGuard and now SSM. The paid
versions afford more protection. However, if I was to pay, I'd
investigate more into the AntiHook product since I have seen some
exploits get past the freebie version of ProcessGuard (which is flawed
on letting rundll.exe execute without also matching on the parameters to
know what it is running, something that SSM easily catches) and have
read about some exploits for SSM.

Because the point of IPS is to prevent and not cure, if you allow IE,
services.msc, or any other allowed program to make changes to your
system, like the browser's home page or to the hosts file then the IPS
program isn't going to stop it. You allowed that program to run or
allowed a caller to load that program. That's why I still use Windows
Defender to detect (albeit late) any changes which then prompts me so,
if I disallow, then WD will attempt to undo. PrevX is better in that it
pends the change instead of polling for changes (which means WD detects
the change late, after the process is gone, and why WD cannot identify
the culprit that made the change). WinPatrol works the same way as WD.
With PrevX, the change isn't allowed until you choose to allow it (or
opted to remember a prior same change). Alas, the research version of
PrevX is no longer free. PrevX is an IDS (intrustion detection system)
program that detects the same changes as does WD but PrevX pends them
until allowed unlike WD that allows them and then prompts to let you
undo them.
 
BOClean is getting dated, etc etc.
Click to expand...

My goodness - thanks very much indeed for such a detailed and thorough reply
to my query. This is really useful stuff. I suppose my immediate reaction is
to question whether I really want to go down this road at all, but I'll work
through what you've said very slowly and carefully to make sure I understand
it properly. Thanks again.
 
i tried commodofree firewall and did not like it
I also tried their mailware program and it is very flakey too
robin
 
Hello Alan,
No Problem at all using Comodo Firewall and BOClean with Defender's Real
Time Protection enabled on Win XP SP2 with 512 MB Ram. BOClean does not scan
your PC; it works as a Motion Detector, monitoring your system for any
malware that attemps to start up and, that has passed your various scanners.
So I personnally consider this Product as my last line of defense! I hope
this could help you!
 
Pierre-Richard said:
No Problem at all using Comodo Firewall and BOClean with Defender's Real
Time Protection enabled on Win XP SP2 with 512 MB Ram. BOClean does not scan
your PC; it works as a Motion Detector, monitoring your system for any
malware that attemps to start up and, that has passed your various scanners.
So I personnally consider this Product as my last line of defense!
Click to expand...

Thanks Pierre-Richard. As Dave M pointed out, it does seem to evoke a kind
of love it/hate it polarisation among its users. It's interesting to see this
range of views, albeit a little bewildering!
 
Yes! This is even true for any piece of software, like-unlike! I think each
user has to configure his PC in its own, personal manner. It is important to
have an overview of Sofware available and then make a personal choice.
Sometimes this needs testing a produkt!
 
i tested comodo firewall on my test computer and found that it doesn't
remember as will as it should.
When i allowed certain progams as permanent it still came up asking me if i
wanted to allow them.
And it was very annoying. I uninstalled it and went to the free Zone alarm
and found that to remember alot more than the comodo one. Also I have the
comodo antispyware on it 2005 and funny how it has not been updated to a
newer version and it is a bit quirky too.
robin
 
However, if I was to pay, I'd investigate more into the AntiHook product
since I have seen some exploits get past the freebie version of
ProcessGuard
Click to expand...

There's a free version of AntiHook. Has anyone here tried it?
 
Alan D said:
There's a free version of AntiHook. Has anyone here tried it?
Click to expand...


The free version (for home users only) is 2.6. The latest version is
3.0. See
http://www.infoprocess.com.au/AntiHook30.php?topic=upgrade#posn1 for
what 2.6 doesn't have.

Remember that if you don't understand the prompts then the product is
not just worthless but actually hazardous. Get ready for an education
in your OS and apps.

Before installing any IPS, make sure to save an image of your OS
partition or do backups. If the IPS screws up, your OS won't load.
Before installing, visit their forums to get an idea of what problems
might arise from using them (but remember that forums exist to report
problems so there is a strong negative bias).

Read:

http://wiki.castlecops.com/HIPS/IDP_programs/services

Note that these are listing features of the latest versions while the
free versions are the prior version (and the free version of SSM is
lacking some of the full version features).
 
Vanguard said:
Remember that if you don't understand the prompts then the product is not
just worthless but actually hazardous. (etc....)
Click to expand...

Thanks for this timely warning, which has tipped the balance. It sounds as
though this is something I should investigate only when I have a lot more
time on my hands than I do at present!
 
Back
Top