Peter2150
September 16th, 2009, 07:01 PM
-{ Quote: "
Our concept is very simple. There are other vendors out there that claim to do what we do but when you put them to the test, they simple don't stop code execution. It's as simple as this, load up BluePoint in a vm and try to run a new batch file, a new vbscript or a newly created executable. It will not run without your explicit permission. Meaning, you will not see the executable show up on task manager at all, 0 lines of malicious code will execute. Test another security app claiming to be similiar to ours in the same vm (without BluePoint) with the same files, were they blocked? Do they show up on task manager but the product tells you it's blocked? That's the difference with our product and that's what matters in the real world as far as preventing malware.
You'd be surprised at how many of our competitors allow code execution (shows up in task manager!) then attempts to block the item after the fact. They are not doing the job properly. Once executable code shows up in task manager, you've already allowed too much.
Our model is simply but the devils in the details." }-
Hi Chad(I hope i am right about your name)
You've gotten upset a couple of times when people have accused you of misrepresentation. I would chalk it up to exuberance, but as you say the devil is in the detail.
As I read what I quoted I would come away with the impression if I see the program I've tried to run in taskmanager it may be to late. SIMPLY NOT TRUE. It may or may not be on an individual case, but as a generalization NO.
I did some investigating which is why there was the delay in my post. I worked with a couple of small utilities that don't need installation. One for example when running uses about 6500K and each the I/O categories show about 30-50 I/O's to get the program open.
I then ran the program using just Online Armor. At the point of pop up challenge there was nothing in taskmanager. Blocking the program, and all was over.
Then I tried same thing with Malware Defender. Whoa, when the pop up appeared, there was indeed a line in Task Manager. But then when I looked I notice only 65k of ram had been used and there had been no I/O. I began to suspect that the process had been created but the exe hadn't yet been loaded.
I checked with Malware Defenders author and he confirmed, that yes the process is created, but MD intercepts before the kernal API, that starts anything loading. With that I retested using Process Explorer to see what files were opened. First I looked with it running, and I could see all the DLL's and the exe open. Retested and at the point the MD pop up challenged, yes there was a process started in task manager, but no files had yet been loaded. No code, no threat. And when I blocked in MD, the process disappeared.
So in this case your statement is wrong. It might not be the same in all cases, but when you generalize like that you end up wrong, and thus open to criticism.
Pete
Our concept is very simple. There are other vendors out there that claim to do what we do but when you put them to the test, they simple don't stop code execution. It's as simple as this, load up BluePoint in a vm and try to run a new batch file, a new vbscript or a newly created executable. It will not run without your explicit permission. Meaning, you will not see the executable show up on task manager at all, 0 lines of malicious code will execute. Test another security app claiming to be similiar to ours in the same vm (without BluePoint) with the same files, were they blocked? Do they show up on task manager but the product tells you it's blocked? That's the difference with our product and that's what matters in the real world as far as preventing malware.
You'd be surprised at how many of our competitors allow code execution (shows up in task manager!) then attempts to block the item after the fact. They are not doing the job properly. Once executable code shows up in task manager, you've already allowed too much.
Our model is simply but the devils in the details." }-
Hi Chad(I hope i am right about your name)
You've gotten upset a couple of times when people have accused you of misrepresentation. I would chalk it up to exuberance, but as you say the devil is in the detail.
As I read what I quoted I would come away with the impression if I see the program I've tried to run in taskmanager it may be to late. SIMPLY NOT TRUE. It may or may not be on an individual case, but as a generalization NO.
I did some investigating which is why there was the delay in my post. I worked with a couple of small utilities that don't need installation. One for example when running uses about 6500K and each the I/O categories show about 30-50 I/O's to get the program open.
I then ran the program using just Online Armor. At the point of pop up challenge there was nothing in taskmanager. Blocking the program, and all was over.
Then I tried same thing with Malware Defender. Whoa, when the pop up appeared, there was indeed a line in Task Manager. But then when I looked I notice only 65k of ram had been used and there had been no I/O. I began to suspect that the process had been created but the exe hadn't yet been loaded.
I checked with Malware Defenders author and he confirmed, that yes the process is created, but MD intercepts before the kernal API, that starts anything loading. With that I retested using Process Explorer to see what files were opened. First I looked with it running, and I could see all the DLL's and the exe open. Retested and at the point the MD pop up challenged, yes there was a process started in task manager, but no files had yet been loaded. No code, no threat. And when I blocked in MD, the process disappeared.
So in this case your statement is wrong. It might not be the same in all cases, but when you generalize like that you end up wrong, and thus open to criticism.
Pete