Home What is a Trojan Horse? How we reviewed anti-trojans About us |
|
|
BoClean is from the New York State based Privacy Software Corporation. This company has been producing security products since 1996. BoClean has developed an excellent reputation in security circles. After using the product we can assure you that's it's reputation is well deserved Design and Usage Most anti-trojan programs usually consist of a file scanner and an in-memory monitor. Not so with BoClean. The product consists of a memory monitor only - there is no scanner. This approach may at first seem odd but it actually makes a good deal of sense. Firstly more and more trojans are being released with complex compression and encryption schemes designed to escape detection by scanners. It's very difficult to assign signatures to such files as every version of the same trojan may well be different. However at some stage the trojan has to be decompressed and decrypted in order to be executed and that where in-memory monitors can catch them, "with their pants down" so to speak. A second good reason behind the BoClean approach is that the in-memory monitors of many anti-trojan programs appear to have been added to the product after the scanner had been developed. A sort of after-thought to catch the odd trojan missed by the scanner. BoClean on the other hand has been developed right from the start to be a in-memory monitor. This is no after-thought, it's the real thing and it shows. Once you have installed BoClean a little icon appears in the notification section of your task bar. That signifies the program is now quietly watching everything that's going on in the memory of your computer and is waiting to pounce if necessary. Actually BoClean only scans memory every 10 seconds. This way it uses fewer resources yet is fully effective. The 10 seconds scan interval can be reset by the user and those in a very high security environment may wish to lower this figure. Double clicking the icon brings up a number of choices including configuration and updating. Click here to see a screenshot. Clicking the update button didn't turn out to be quite as simple as you would hope. Rather than simply retrieve the new signature file from the website, we were taken to the website where we had to initiate the download. After the download we then had to load the update into BoClean. The vendor claims this procedure is for security reasons. This may well be the case but frankly, we found it to be the only clunky aspect of an otherwise beautifully executed product. Editors note: After completing this review, version 4.10 of BoClean was released. New features include continuous monitoring for new processes and a simpler database update facility. Performance With BoClean running we could detect no effect on the performance of our PCs. Even with the slowest machine, a 450MHz PIII, we couldn't perceive even the slightest decline in responsiveness. BoClean is a very resource efficient product, the best of any product we tested. The only way you know it's there is from the presence of the task bar icon and it's brief, once-every-ten-second flash. Lean it may be but it's mean as well. BoClean really pounced on the trojans in our signature file currency test. It missed only one trojan on the first test, the best performance of any product apart from TDS-3. In the re-test two months later it got the lot. When BoClean detected a trojan it stopped it dead in its tracks. It also did an admirable job of cleaning up. A full log of events and actions taken was produced. The excellent performance of BoClean with our test set of trojans indicated good design combined with high diligence by the manufacturer in maintaining the currency of their trojan signature file updates. Overall we were mightily impressed by BoClean. It's simple to use, resource efficient and highly effective in detecting and killing trojans. It's an ideal product for the typical PC user or for organizations to install on end-users machines. Other Reviews To my knowledge BoClean has only been reviewed twice and in both cases it received the highest rating, though this was a shared honor. Don't be too overwhelmed with these results; one of the reviews allowed BoClean to be updated during the course of the review which is not exactly methodologically kosher. The other review was more qualitative than quantitative. This said, the results are still impressive and well in line with our own findings. Support BoClean offers email support only. There is no support section on the web, not even a FAQ. Nor is there a help file provided with the product. However the email support is excellent. On the 3 occasions we tested it out we got same day answers to 2 questions and the third was responded to within 48 hours. Summary This is a simple to use, resource efficient product that offers first rate protection. The lack of a disk file scanner will be of concern to buyers seeking multi-layered protection but for the average user, BoClean offers outstanding and inconspicuous protection with the advantages of simplicity as well. Version tested: 4.09 Price: $39.95 Download: No trial version available. Click here for purchase details Trojans in database: 1470 as of the 1st of August 2002 Website: http://nsclean.com Signature File Update frequency: weekly |
