BluePoint Security product Q&A

this one looks in a way like prevx,maybe i am wrong

 

Please report them! You may even get a free license out of it


I know not everyone liked the videos series, hence why we took it down. At the same time I think people should be informed (maybe in a less Hollywood way of course) of how easy it is to bypass "most" of the products out there simply by opening up a developer and writing a new threat. There's a complete false sense of security with many products. We would be happy to provide a copy of the keylogger to any vendor that asks, although it won't solve the problem. They'll add it to their def list and if someone were to create another 30 minutes later, same problem. And it gets worse, the keylogger did not "exploit" any holes in the os or products being tested. It was simply 30 lines of code in vb6. Meaning, the keylogger didn't even attempt to evade these products, most of them just didn't seem to bother preventing it.

To me, this is why we still see infections and prevention failure.

 

We are similiar to Prevx in that both products utilize the cloud for detection, however the security model is completely different. Prevx uses heuristic detection while BluePoint relys upon white listing (default deny anything we don't know about or that is not trusted without your permission).

Our security model is based upon if we don't know the publisher it's denied and you are asked for permission. Quite a few notifications, yes, but you are rewarded with very very strong protection against new malware. Nothing will be executed silently behind your back.

 

i think this is cool idea to prevent any unknown publisher from loading,just to prevent infections
it will be even nicer if bluepoint silently blocks all silently without any alerts,but again will have to have an installation mode for trusted publishers

 

Gotta admit, we keep beating the hell out of you and you come back for more. Hell, I may actually make you a friend soon. Nah!

Lets look at your quote. Isnt your math wrong. I would say with that combo and the average user a 50 percent of right or wrong would apply.

Now for some advice. Quit pushing. Quit comparing. Quit hanging out here all day. Invest that time in the product. Only respond to legit questions and answers that only relate to your product. Give a few licences away. Get any frigging videos or references to off the internet and you just might, might, want to honestly, apologize that was the wrong approach to take. The weird thing is, it may have been accurate in some circumstances.

People at other forums talk about the family atmosphere here, the "You better like the products that Wilders does or you are toast." That is such BS. There are more things run through the grinder here then anywhere else. There are more experts and idiots, here then anywhere else. And that my friend, is what makes this place special. You dont kick the door in, you knock. So, you got one groupie, do as I suggest and you may get more. But remember, You dont kick the door in, because, the backward swing, can damage your hip bone.

So, lets start afresh, people try it. If it stinks tell why based on the product not the person. If it works, can someone beside jmonge let us know. And if you listen to these good folks here, you may just have something. Oh, and dont create a product for geeks, create one for all.

 

One last jab, you are right in comparing yourself to Prevx. Reader must figure out answer.

 

Out of the box simplicity is one of them.

Take a look at this screenshot:

http://www.torchsoft.com/images/md_screenshot.jpg

Grandma certainly isn't figuring that one out anytime soon. Although I could easily teach her how bluepoint works in about 15 minutes.

There are certainly other products on the market that can protect you properly with the proper configuration and settings of course. We aren't really out to compete with the more obscure products, we are after the AV companies, that's where the real failures are.

BluePoint easily prevents malware from all vectors (usb, network, cd etc). We are not concerned about where malware comes from, only what is trusted and what is not when it comes to executable code.

 

I consider Prevx to be an excellent product, we would be happy to be associated with them. They consistently outperform the AV companies with ease. As has been previously stated, our security model differs from theirs quite a bit, the similarity is only in the fact that they use the cloud as we do instead of pushing defs to customers.

 

Since when did threats play by rules?

just poking at you

 

Advice taken and I even agree with most of it!

 

Well I'm going to take your product later today for a rigorous test drive (3,000 safe well known applications, and 3,000 malicious to be fair ) I like the deny approach, however, I would like it more to by default be deny not matter what. Technically speaking, if an average user wants to run something they will not matter if it is unknown, however, since you are using a white listing approach, all unknown applications SHOULD be blocked automatically with no user intervention. Therefore, your whitelist should always be up to date with safe software, rather then focusing on malicious. That way average users will have a large database of white listed applications, which can allow them to install SAFE software. Just a tip

 

Totally agree or not, many a vendor has learned that the consumer always comes first. Take care and good luck with some accurate testing of your product here. That I can assure you, it will be given.

 

I think its a behavioral blocker like Threatfire or Mamutu. A classical HIPS would have a set of configurable rules. If you need more comprehensive protection this can be used in place of Threatfire and alongside a traditional anti-virus product to provide all the protection one needs. TF is free while this one is a paid security product.

 

Come on we are living in a capitalist world. Such a behavior such as trashing your competitor is expected. It is a tough world, it's the survival of the fittest i.e crushed or be crushed. There is no such thing as kumbaya my Lord, Kumbaya in a competitive world.

Follow jmonge advice try the product and voice your opinion later. Please never forget that the capitalist business world is a jungle, one cannot afford to be soft and weak when it comes to a product's competitors.

 

Are you sure you are using ESS? This morning I had the faint notion that you were using McAfee Total Security 2010 beta.

 

Ok, I installed 200 samples. As many as the VM could hold All 200 samples were shown as unknown, 198 remained undetected during the scan. A scan of the computer detected 18/2554 take about 100 html samples off (sorry I forgot to remove them :/).

The 1,200 safe samples of files I had, only 102 were classified as white listed. Missing whitelisted applications included, Wordpad and Notepad?

Also, one of the samples infected Task Manager and BluePoint kept blocking Task Manager from running as it was infected.

The 18 samples detected were unable to be removed or quarantined, as they did not show up in the detection panel?

A lot of work needs to be done, as this looks promising, but I would not let the average user use it just yet.

I must say though, this was not an easy test. Of the 2554 samples, most vendors only detect around ~600.

~Comment removed.~

 

Mcafee, and it is beta, killed my internet in less then 12 hours. It kills me how Eset gets the heck it does when there are so many suites that it puts to shame in quality.

But this is about BluePoint and we need to embrace the offer to test it. There is no better testing bed then Wilders, when you really think about it. Be fair to this vendor and give him the same constructive feedback Wilders does for all. That is really all that matters.

 

I think it should be set to deny on default. Windows7 Firewall Control acts in a "deny" mode unless you specifically authorize a service or executable. If its malware, you don't want it to run. In other words, if you don't trust the software, that's exactly what a behavioral blocker/anti-executable should perform for the average user. If you trust it, you can allow it.

 

333halfevil:

Out of curiosity, were you able to infect the vm after installing BluePoint or was it infected prior to the install?

Thanks for the feedback guys, you've been busy!

 

I'd really like to see some prevention tests if you guys have time, that's really what the products was designed for.

Again, we really appreciate the honest no BS feedback, good and bad.

PM me, I may be willing to provide license keys if you're willing to test things out for us.

Thanks

 

very generous offer, you are to be commended. This folks can help you, it may take awhile but they can make your software even better. Me? No, I just try to offer advice.

cheers
Jeff

 

One other thing I forgot to mention, make sure when you are running your scans while testing, you check under settings -> file types to scan -> selected ALL.

Also, under settings tick off heuristic scanning as well as compressed files.

You may end up with lower than expected detection rates otherwise.

These settings apply to on demand scanning only, not real-time protection.

 

cool i noticed that when i disable the notification unknown publisher or even malware get a ride to quarentine vault i tested with a malware sample and with the notification on first and blue point alerted me about unknown file detected,publisher unknown and also description unknown,with notification on who wants to allow this this unknown notification explain it all.now i did same test with notification off and run same sample now i didnt get any notification and silently sent this malware to quarentine which is cool very cool indeed,i run a scan and this file was quarentine and ofcourse was not running it was in jail nice program the file i was testing is the card.exe

 

I infected the machine AFTER installation. I would never do it beforehand

If I denied the installation, I doubt it would have infected the VM. However, I was pretending to be an every day user, like I really wanted to install the program. Therefore I allowed 200 malicious applications to execute, and ran a scan on it while it was loaded into the memory.

Then I reset the VM, with BluePoint already installed, updated, ran a scan with 2554 samples (all extracted into a folder) and let it detect. I did configure the scanner beforehand, giving it the best chance at detecting the malware.