Hacking DefenseWall, GeSWall etc in 60 seconds

Officially- no.

 

Ok thanks Ilya, i will keep watching. I have a strong suspicion i will be compelled to buy a copy when it's released.

 

Whats the downside of having CD/USB/LANSources ticked to run as untrusted as default? If there is no downside - why dont DW install with those boxes set ticked.

I have had them ticked as long as the option has been around, but I am not computer savvy. I just try to stay protected.

Best Regards

 

USB are protected by default, CD/DVD and LAN are not because:
1. usually, CD/DVD is not a source of infection, but movies/games.
2. usually, within corporate environment, internal LAN resources area is secured.

 

back to bluepoint

Going back to bluepoint

This is their promo video


http://www.youtube.com/watch?v=yuJoXPYpcB4

+
Would be interested in how it monitors the install in the video
Simple


-
some misleading advertising about other anti-malware companies.

and this is matts review


http://www.youtube.com/watch?v=mg1_vcLzfSU&feature=channel_page



Thing is , for all the other apps, Matt will just block , if he gets an alert browsing the internet.
So I think I think the review is a little unfair to focus on the Allow/Block so much.
Also it allowed CCleaner by signature which I think other products would have
just given an allow/block for !

And I would have been really interested to see if/how it monitored the PC after he clicked allow.

Has anyone tested BP ?

I don't like their tactics but think the product itself could have potential to be a one-stop-shop for me.

 

Re: back to bluepoint

Ur second link not working.

 

Re: back to bluepoint

I believe this is the review Joeythedude was referring to.
http://remove-malware.com/

 

Re: back to bluepoint

Yes but all other applications Matt tested did give warnings as to what the threat is, file name, location and other warnings enabling you to determine whether it is malware or not.

 

I have been a fan and follower of Wilder's Forums for many years and thought I would introduce myself finally. I am the CTO and one of the founders of BluePoint Security and would be happy to answer any questions regarding our product. I noticed a few posters asking how things work and since BluePoint Security is a relatively new product I thought it would be nice to get answers directly from us.

Ask away!

 

Hi, I wish to understand: is BluePoint Securit an IDS, a Behaviour Blocking, an on the cloud program, what ? Thanks.

 

Thanks for the question blacknight,

BluePoint Security combines application whitelisting, in the cloud scanning and heuristics.

As it's primary protection mechanism BluePoint Security relies upon whitelisting, meaning if a publisher or application is not known to us as trusted you will be asked for permission. We base our core security model on whitelisting as it's impossible to truly determine if a new application is safe or not unless they are a trusted publisher. When a new virus is released, products relying on signatures and definitions will fail to prevent or remove the threat. With heuristics, the behavior may or may not appear to be suspicious to your security product and you may end up infected.

When we refer to "scanning in the cloud" what we mean by that is we do not release definitions or signatures as updates. Instead, BluePoint Security communicates directly with our servers at the time you scan to determine in real-time which items should be removed. There are many benefits of the "cloud" versus constant definition updates, one of which is that we are able to help our customers more quickly remove malware that they may have been infected with before installing BluePoint.

Finally, we use heuristics to remove files that appear to be suspicious. Keep in mind, we don't use heuristics to determine whether or not to allow an executable to run on your system (highly dangerous imho), only to remove files already on your system.

 

I noticed another question we are frequently asked which is: Why do you have an AV engine?

There are two reasons why we have integrated AV technology into BluePoint Security. Keep in mind, when customers install BluePoint Security they may already be infected before hand. Many security products that utilize whitelisting are not capable of removing previous infections. It's essential that your computer is cleaned up and locked down. Locking a computer down with infections is a bit like locking the door to your home with thieves hiding upstairs.

The second reason we include antivirus capabilities is to inform you, the user, when running applications whether they "appear" to be safe or not. Meaning, when you attempt to run an in the wild virus, BluePoint Security will intervene and prevent the virus from executing even one line of code and the threat will be deleted.

 

Can BluePoint Security run with security like antivirus?

 

Phenom:

BluePoint Security has no known issues with other security products, we have tested BluePoint alongside of most other AV products to make sure there aren't any issues. We can't control how other security products will respond to the installation so you may need to temporarily disable them when installing BluePoint then re-enable them after, if they block the install. Many of our enterprise customers run BluePoint alongside of another AV products until they are comfortable with it or the other products subscription runs out.

 

Can I ask whether the AV engine in BPS is in house or another vendor's?

 

Blackcat:

The AV engine was developed in house. While our primary goal is prevention, our detection rates are quite good as well.

 

Point very well made!

 

Thanks Peter2150:

Sorry to hear that your overall impression was negative although I appreciate the feedback. I would considering Prevx to be one of the best security apps around (my own real world testing), however their security model is based upon heuristics rather than white listing. In my experience Prevx does an excellent job. The only problem I see with Prevx and most other products is they allow unknown code to execute without even user permission. Any malware writer can setup these security apps in a lab and simply code/design malware that isn't detected even by the heuristics as I've done so myself. It's not that there is a hole in DefenseWall per se or any of the other products, what we demonstrated was methodology failure. What I mean by that is I can install any given security product (not based upon whitelisting) and in about 30 minutes compile a malicious piece of software that will not be prevented or detected. That's the root cause of the malware problem imho from the enterprise to the consumer. The philosophy behind BluePoint was to create a security solution that prevents as near to 100% of threats as possible while still being relatively easy to use. I realize It's definitely not an app for everyone. Most of our success has been in the enterprise so far as many enterprises are throughly tired of AV failure at this point. I don't feel Matt's video was an informed or accurate portrayal of our product and I'll leave that one alone. As far as the allow/deny's, I know of many users that would rather deal with them then risk infection if they've been infected previously while running another product. If a user attempts to execute a known in the wild virus you will not recieve the allow/deny popup, the threat will be prevented and removed automatically. Everyone's entitled to their own opinion and I'm more than happy to hear any feedback from the forum!

Thanks guys!

 

Well, I wouldn't expect many fans here given your sales approach. But, as you say...we'll leave that alone.

 

How exactly do you test Prevx without internet connection?

And regarding DefenseWall, your "methodology failure" is complete. Testing it against a program downloaded before installing DefenseWall - which is the whole point behind DW - is dishonest to say the least..

 

Pedro:

Prevx can only be tested with a live internet connection which is how I've always tested it. The keylogger was copied from a network drive which are treated as trusted by default as far as I'm aware. About six months ago I was part of a malware cleanup (for a local county) that began due to a users home directory being located on their server. The virus (mario forever) then spread from that home directory on the server to the entire LAN. One of the many reasons not to automatically trust files from network drives/servers or any other source/attack vector.

As a side note, the video series has been taken down.

 

Excellent thread here:

https://www.wilderssecurity.com/showthread.php?t=251629

I noticed that a few members pointed out that .vbs or .bat files weren't being blocked and instead wscript.exe (scripting host) was being blocked. BluePoint handles .vbs and .bat files individually instead of dealing with the scripting host. This allows you to allow/deny individual scripts.

 

I don't actually own a license to confirm what you're saying, but i'll take your word for it.
It then becomes a problem of configuration/ user problem/ criticism on the default configuration, not some vulnerability with DW.

The word hacking, command line in green Hollywood style on top, gives me a really bad picture of your company, and distrust the product.
Seeing as you did remove the videos on Youtube, means you at least acknowledged the feedback and that you're that much intelligent. Some would keep doing it regardless.

PS: http://www.in.com/videos/watchvideo-hacking-defensewall-in-60-seconds-4087641.html

 

You're correct about the configuration/settings issue. A few of the products would have been perfectly capable of stopping this particular threat/keylogger with settings adjustments or other modifications (from the out of box settings). The problem is, when installing a security product many users have no idea how to adjust those settings or test to ensure proper protection and they shouldn't have to become security experts to do so imho. Thanks for the link, a few other networks picked up the vids, I'll see what I can do.