Questions about Micropoint

For those of you who have tried Micropoint (ht tp://www.micropoint.cn/):

Am I right that Micropoint is most similar to programs like ThreatFire, Prevx 2.0, PRSC and Mamutu? How does Micropoint compare in terms of ability to recognize and stop threats? In terms of number of popups? Resource usage?

Does it run smoothly alongside CFP or OA?

Is it being actively developed?

Would you recommend it?

Also, I think I saw a reference somewhere that there is a 90-day trial. Is this correct? Any idea how much it costs afterwards?

Thanks for any and all answers...

 

A very fearsome behavior blocker, with its protection abilities paralleled only by ThreatFire IMHO. Resource usage should be a non-issue. The last time I tried it, FPs tend to run a wee bit on the high side on foreign systems, while Chinese people who use it report only a few.

No idea, sorry. I don't use those two.

Yes, and very.

Would you recommend it?

It's currently in beta. After 90 days the trial will automatically renew itself. No known price for a final release, but given the currency conversion rate y'all Yankees should be able to get it for peanuts.

 

Thanks for your answers, Solcroft.

In another thread someone said that he was a beta tester of this program and he considered it an AV. I read another comment somewhere that Micropoint is basically EQSecure + Rising Antivirus. Do you agree with either of these statements? Does that mean it could conflict with an existing AV?

As for EQSecure, this is another Chinese program I haven't tried, and I know you're a translator for this program, Solcroft. I read a review that said EQSecure combined classical HIPS features (like ProSecurity) with behavioral anti-malware features (like TF). Would you say it's more one or the other, or equally both? How do you think it would it stack up in Matousec's firewall tests (which ProSecurity did well in)? If used as a behavior blocker, is it as easy to use as TF?

 

No.

MP is an antivirus, since it attempts to identify viruses and block only those. The technologies it uses (behavior blocking) isn't quite the same as a standard antivirus scanner, but it also works towards the same purpose, and hence it's not entirely accurate to call MP an antivirus product.

As for why I don't agree, MP is an "intelligent" behavior blocker, while EQ is a "dumb" HIPS that does not try to distinguish good from bad, only popping up an alert whenever one of its user-defined rules is triggered and leaving the decision up to the user. It's also not Rising, or any standard antivirus product. For one, it lacks an on-demand scanner. Secondly, while it does maintain a list of know malware, its on-access scanning engine is relatively unsophisticated, and the backbone of its protection comes from behavior blocking.

It's always possible for an arbitrary program A to conflict with another arbitrary program B. However, I've seen many users use it alongside a standard AV product (due to MP's lack of on-demand scanning, according to the devs this feature will be incorporated soon) with no major issues.

Absolute rubbish. EQSecure contains no behavioral blocking features; it's a "dumb" HIPS thorough and thorough. The latest beta version does come with a sandbox function, though. As for MP, it's an intelligent behavior blocker, like TF and AntiBot.

Personally, I have always ignored Matousec test data. And when it comes to the behavior blocker product class, Matousec's test methodologies are even more irrelevent than usual.

As for ease of use, MP is more or less similar to TF, in the sense that both require little to no user setup or intervention once installed.

 

And other types of malware, right?

I had to go back to make sure it was a review for EQSecure and not MP. I remembered correctly:

https://www.wilderssecurity.com/showthread.php?t=170691

I guess there is still a lot of confusion over terms and classification of HIPS. HIPS can be defined so narrowly as to include only things like EQSecure or SSM, or so broadly that it encompasses almost all security products including AV. I've seen classical HIPS referred to as policy-based or rule-based behavior blockers. The behavior blockers we're talking about, programs like TF and MP, can have all number of names: HIPS, behavior blockers, expert-based behavior blockers, behavioral anti-malware, etc. It's all so confusing!

Why?

I don't think behavior blockers fit his definitions for firewall. I asked Matousec if he would test Prevx 2.0 and TF in his firewall challenge, and he said Prevx didn't fit the definition (I guess because it doesn't have inbound connection control?), and that TF partially fits the definition when used with rules, but it was "absolutely insecure" because it is too easily terminated. I think that's throwing the baby out with the bathwater. TF's process can be protected (I don't know how well) with OA or CFP. I think as long as the primary security program cannot be terminated, TF or MP offers a good second layer. But Matousec also thinks layering can harm system stability and security. I have heard of cases where alerts have failed to pop up when a certain security program was run alongside another security program, but I'm not sure how common this is. It would be nice if someone would do a study on this.

It sounds great! I think I'll try it. Thanks for your replies!

 

Right.

Because Matousec is, among other things, a pompous idiot with an over-inflated sense of self-importance and no realistic and/or practical view of security. His extremely shallow tests are also no more sophisticated than running a handful of test programs, which I can do perfectly well by myself, and would rather do by myself than trust his interpretation of the results. Last but not least, his tests focus only on firewall outbound protection, a feature which is completely useless and irrelevent in my security setup.

 

Looking at the Micropoint site link above they quote:

"Effective scan engine with traditional signature and classical firewall package to filter the network attacks".

Does this mean that there is a firewall capability built in? What would be the firewall requirement if running Micropoint?

 

Matousec believes that end-users should have good process-based security coupled with network access control in a sound security strategy/setup. Because of this, he tests personal firewalls with HIPS-like features or HIPS which feature network access control (AppDefend, ProSecurity, SSM, etc). And because of this, his tests aren't aplicable to pure packet filters (old school firewalls), HIPS without network control (EQSecure, etc), behaviour blockers, sandboxes, etc.
Leaktest testing isn't a bad thing per se but it should be taken in context.

 

I actually asked Matousec about EQSecure today, and he said,

 

If that's the case, I wonder why he said Prevx 2.0 doesn't fit his definition? From what I've heard, it does have outbound protection in Pro or Expert mode.

 

Maybe he considers that Prevx in Expert mode isn't an usable setting and/or the outbound control is insufficient. IIRC, Prevx only monitors network connections for "not approved" apps.

These are the important bits to read before making conclusions based upon Matousec's tests:

 

I'm curious about this too. I almost suggested MP to Matousec for the firewall challenge because of this.

 

The last time I tried Micropoint it install Gain Gator on my machine, can anyone tell me is it Spyware/Adware free or not ?

 

This time I try it the serial number has been expired.Can't install it.

 

Anyone still running this? Since this is a beta, is there a list of know issues or bug reports to look at?

I was thinking of giving this a spin, will need to make a backup first...

 

chinese version of the micropoint proactive on sale successfully on June 25,2008.english version is in beta testing program now.user can continue to use micropoint proactive defense software after the ending day of the beta version.i think it will beta for a long time cause chinese version is just on sale for a short time.

what i known is: Known programs which have the issues are the following programs at current:avp v5.0.237,the version of McAfee prior to 9.0,Outpost Firewall, F-Secure Client 6.01 enterprise version,F-Secure Client 6.02 enterprise version,F－Secure 2007,F－Secure 7.01,and Unlocker.

it is hard to say.but it is really good software.antivirus or antimalware or anything,i only can say like the official sayings:virus malware,trojan,adware and so on. these all are threats for our system..

the official site for foreign users is so simple, what we can do is just wait till the changes and the good software..!

 

Think I'm gonna give this a spin today but, does anyone know if it will run on Vista Home Pre SP1?