BluePoint Security product Q&A

Hi Chad(I hope i am right about your name)

You've gotten upset a couple of times when people have accused you of misrepresentation. I would chalk it up to exuberance, but as you say the devil is in the detail.

As I read what I quoted I would come away with the impression if I see the program I've tried to run in taskmanager it may be to late. SIMPLY NOT TRUE. It may or may not be on an individual case, but as a generalization NO.

I did some investigating which is why there was the delay in my post. I worked with a couple of small utilities that don't need installation. One for example when running uses about 6500K and each the I/O categories show about 30-50 I/O's to get the program open.

I then ran the program using just Online Armor. At the point of pop up challenge there was nothing in taskmanager. Blocking the program, and all was over.

Then I tried same thing with Malware Defender. Whoa, when the pop up appeared, there was indeed a line in Task Manager. But then when I looked I notice only 65k of ram had been used and there had been no I/O. I began to suspect that the process had been created but the exe hadn't yet been loaded.

I checked with Malware Defenders author and he confirmed, that yes the process is created, but MD intercepts before the kernal API, that starts anything loading. With that I retested using Process Explorer to see what files were opened. First I looked with it running, and I could see all the DLL's and the exe open. Retested and at the point the MD pop up challenged, yes there was a process started in task manager, but no files had yet been loaded. No code, no threat. And when I blocked in MD, the process disappeared.

So in this case your statement is wrong. It might not be the same in all cases, but when you generalize like that you end up wrong, and thus open to criticism.

Pete