BluePoint Security product Q&A

Agreed, many techie's systems change on a daily basis, whitelisting may be an issue at that point. But the average casual user is checking email, facebook etc it's perfect for that type of user.

Whitelisting is definitely a challenge to implement but I would far rather work towards a smooth whitelisting solution than working with any other security model, there's just too many ways around them/flaws.

Also, we really try to stray away from being the decision maker when it comes to "trusted" software. I wouldn't trust a vendor that decides to be the whitelisting czar. If and when they start making mistakes whitelisting apps, it would defeat the benefits of whitelisting in the first place. Just my opinion.

 

ako

I can't replicate the same issue in a clean vm, not seeing any problems. Can you tell me what service pack and language your vm is running? Also, what version of the .net framework is installed?

 

Code:

--------------------------------------------------------------------------------
 
  The license associated with the Belarc Advisor product allows for free personal use only.  Use on multiple computers in a corporate, educational, military or government installation is prohibited.  See the license agreement for details.  The information on this page was created locally on your computer by the Belarc Advisor.  Your computer profile was not sent to a web server.  Click here for more info.  
 

--------------------------------------------------------------------------------
 

About Belarc

System Management Products

Your Privacy



In page Links:

Network Map new

Software Licenses

Software Versions & Usage new

Missing Hotfixes

Installed Hotfixes
 

    
 
 
   
 
 
 
System Security Status  CIS Benchmark Score
 

 1,88 of 10 (details...)
 
  
 
 
  Virus Protection
 

 Unknown 
 
  
 
 
  Microsoft Security Updates
 

 1 missing 
 
  
 
 
 
  

--------------------------------------------------------------------------------
  
Computer Profile Summary 
Computer Name:  Bb-2654cddbcdb5 (in TYÖRYHMÄ) 
Profile Date:  5. syyskuuta 2009 23:41:00 
Advisor Version:  8.1b 
Windows Logon:  admin 
 
  
Plan for your next computer refresh...
click for Belarc's System Management products  
  
Operating System   System Model 
Windows XP Professional Service Pack 2 (build 2600)
Install Language: suomi
System Locale: suomi   VMware, Inc. VMware Virtual Platform 
System Serial Number: VMware-56 
Enclosure Type: Other 
Processor a   Main Circuit Board b 
2,40 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
512 kilobyte secondary memory cache
Not hyper-threaded   Board: Intel Corporation 440BX Desktop Reference Platform 
BIOS: Phoenix Technologies LTD 6.00 12/03/2005 
Drives   Memory Modules c,d 
6,43 Gigabytes Usable Hard Drive Capacity
2,72 Gigabytes Hard Drive Free Space

BENQ DVD DD DW1640 [CD-ROM drive]
Levykeasema [Floppy drive]

VMware Virtual IDE Hard Drive [Hard drive] (6,44 GB) -- drive 0, s/n 00000000000000000001, rev 00000001, Not SMART   456 Megabytes Usable Installed Memory

Slot 'RAM slot #0' has 256 MB
Slot 'RAM slot #1' has 128 MB
Slot 'RAM slot #2' has 64 MB
Slot 'RAM slot #3' has 8 MB 
  Local Drive Volumes 
     
c: (NTFS on drive 0) 6,43 GB 2,72 GB free 
 
  Network Drives 
  None detected 
Users (mouse over user name for details)   Printers 
local user accounts last logon 
 admin 5.9.2009 21:37:56 (admin) 
local system accounts 
 HelpAssistant never  
 Järjestelmänvalvoja never (admin) 
 SUPPORT_388945a0 never  
 Vieras never  


 Marks a disabled account;    Marks a locked account    None detected   
Controllers   Display 
Standardi levykeasemaohjain [Controller]
Ensisijainen IDE-kanava [Controller]
Intel(R) 82371AB/EB PCI Bus Master IDE Controller
Toissijainen IDE-kanava [Controller]   VMware SVGA II [Display adapter] 
Bus Adapters   Multimedia 
VMware SCSI Controller
Intel(r) 82371AB/EB PCI to USB Universal Host Controller   Creative AudioPCI (ES1371,ES1373) (WDM)
Game Port for Creative 
Virus Protection [Back to Top]   new Group Policies 
No details available   None discovered 
Communications   Other Devices 
   
VMware Accelerated AMD PCNet Adapter 
 primary   Auto IP Address:  192.168.0.104 / 24 
 Gateway:  192.168.0.1 
 Dhcp Server:  192.168.0.1 
 Physical Address:  00:0C:29:9B:E7:84 
  
Networking Dns Server:  192.168.0.1 
   Microsoft AC Adapter
Standardi 101/102-näppäiminen tai Microsoft Natural PS/2 Keyboard
VMware Pointing Device [Mouse]
USB Root Hub 
  
See your entire network map...
click for Belarc's System Management products  
  
new Network Map (mouse over IP address for physical address) [Back to Top]  
IP Device Type Device Details Device Roles 
192.168.0.1  Router D-Link DHCP Server, Gateway, Domain Name Server, Web Server 
192.168.0.100   Muumilaakso (in MSHOME) Browse Master 
192.168.0.104  Windows XP Workstation Bb-2654cddbcdb5 (in TYRYHMŽ), VMware  
 
  
Find your security vulnerabilities...
click for Belarc's System Management products  
  
Missing Microsoft Security Hotfixes [Back to Top]  
        These required security hotfixes (using the 08/11/2009 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed.   
Q928365 - Critical  (details...)  
 
  
Manage all your software licenses...
click for Belarc's System Management products  
  
Software Licenses [Back to Top]  
  
Belarc - Advisor adeca0bd  
Microsoft - Internet Explorer 55697 
Microsoft - Windows XP Professional 55697-649-6478953-23529 (Key: RH) 
 
  
Find unused software and reduce licensing costs...
click for Belarc's System Management products  
  
new Software Versions & Usage (mouse over i for details, click i for location) [Back to Top]  
   ı i  Belarc, Inc. - Advisor Version 8.1b
   ı i  BluePoint Personal Edition Version 1.0.0.66
     i  Cinematronics - 3D Pinball Version 5.1.2600.2180
     i  Igor Pavlov - 7-Zip Version 4.29 beta
     i  Microsoft (r) Windows Script Host Version 5.6.0.8820
   ı i  Microsoft Corporation - Internet Explorer Version 6.00.2900.2180
ıııı i  Microsoft Corporation - Messenger Version 4.7.3001
   ı i  Microsoft Corporation - Windows Installer - Unicode Version 3.1.4000.1823
     i  Microsoft Corporation - Windows Movie Maker Version 2.1.4026.0      i  Microsoft Corporation - Windows® NetMeeting® Version 3.01
     i  Microsoft Corporation - Zone.com Version 1.2.626.1
     i  Microsoft Data Access Components Version 3.525.1117.0
ıııı i  Microsoft(R) Windows Media Player Version 9.00.00.3250
     i  Microsoft® .NET Framework Version 2.0.50727.42
   ı i  VMware Tools Service Version 5.0.0 build-13124
   ı i  VMware Tools Tray Version 5.0.0 build-13124
   ı i  VMware User Process Version 5.0.0 build-13124 


i  Mouse over to see details, click to see where software is installed. 
   ı  Marks software last used within the past 7 days. 
  ıı  Marks software last used within the past 90 days, but over 7 days ago. 
 ııı  Marks software last used within the past year, but over 90 days ago. 
ıııı  Marks software last used over 1 year ago. 
  Unmarked software lacks the data to determine last use. 

  
Audit your security posture...
click for Belarc's System Management products  
  
Installed Microsoft Hotfixes [Back to Top]  
Internet Explorer 
    SP2    (SP2) 
WGA 
    SP0 
        KB892130  on 3.1.2008  (details...) 
Windows Media Player 6.4 
    SP0 
        KB925398_WMP64  on 4.1.2008  (details...) 
Windows Media Player 9 
    SP2 
        KB936782_WMP9  on 4.1.2008  (details...) 
Windows Media Player 
    SP0 
        KB911564  on 4.1.2008  (details...) 
        KB952069_WM9  on 30.3.2009  (details...) 
        KB973540_WM9L  on 5.9.2009  (details...) 
Windows XP 
    SP0 
        KB941569  on 4.1.2008  (details...) 
    SP3 
        KB873339  on 4.1.2008  (details...) 
        KB885835  on 4.1.2008  (details...) 
        KB885836  on 4.1.2008  (details...) 
        KB886185  on 4.1.2008  (details...) 
        KB887472  on 4.1.2008  (details...) 
        KB888302  on 4.1.2008  (details...) 
        KB890046  on 4.1.2008  (details...) 
        KB890859  on 4.1.2008  (details...) 
        KB891781  on 4.1.2008  (details...) 
        KB893756  on 4.1.2008  (details...) 
        KB893803V2  on 1.1.2008  (details...) 
        KB894391  on 4.1.2008  (details...) 
        KB896358  on 4.1.2008  (details...) 
        KB896423  on 4.1.2008  (details...) 
        KB896428  on 4.1.2008  (details...) 
        KB898461  on 1.1.2008  (details...) 
        KB899587  on 4.1.2008  (details...) 
        KB899591  on 4.1.2008  (details...) 
        KB900485  on 4.1.2008  (details...) 
        KB900725  on 4.1.2008  (details...) 
        KB901017  on 4.1.2008  (details...) 
        KB901214  on 4.1.2008  (details...) 
        KB902400  on 4.1.2008  (details...) 
        KB905414  on 4.1.2008  (details...) 
        KB905749  on 4.1.2008  (details...) 
        KB908519  on 4.1.2008  (details...) 
        KB908531  on 4.1.2008  (details...) 
        KB910437  on 4.1.2008  (details...) 
        KB911280  on 4.1.2008  (details...) 
        KB911562  on 4.1.2008  (details...) 
        KB911927  on 4.1.2008  (details...) 
        KB913580  on 4.1.2008  (details...) 
        KB914388  on 4.1.2008  (details...) 
        KB914389  on 4.1.2008  (details...) 
        KB916595  on 4.1.2008  (details...) 
        KB917953  on 4.1.2008  (details...) 
        KB918118  on 4.1.2008  (details...) 
        KB918439  on 4.1.2008  (details...) 
        KB919007  on 4.1.2008  (details...) 
        KB920213  on 4.1.2008  (details...) 
        KB920670  on 4.1.2008  (details...) 
        KB920683  on 4.1.2008  (details...) 
        KB920685  on 4.1.2008  (details...) 
        KB920872  on 4.1.2008  (details...) 
        KB921503  on 4.1.2008  (details...) 
        KB922582  on 4.1.2008  (details...) 
        KB922819  on 4.1.2008  (details...) 
        KB923191  on 4.1.2008  (details...) 
        KB923414  on 4.1.2008  (details...) 
        KB923980  on 4.1.2008  (details...) 
        KB924270  on 4.1.2008  (details...) 
        KB924496  on 4.1.2008  (details...) 
        KB924667  on 4.1.2008  (details...) 
        KB925902  on 4.1.2008  (details...) 
        KB926255  on 4.1.2008  (details...) 
        KB926436  on 4.1.2008  (details...) 
        KB927779  on 4.1.2008  (details...) 
        KB927802  on 4.1.2008  (details...) 
        KB927891  on 4.1.2008  (details...) 
        KB928255  on 4.1.2008  (details...) 
        KB928843  on 4.1.2008  (details...) 
   Windows XP 
    SP3 (continued) 
        KB929123  on 4.1.2008  (details...) 
        KB930178  on 4.1.2008  (details...) 
        KB930916  on 4.1.2008  (details...) 
        KB931261  on 4.1.2008  (details...) 
        KB931784  on 4.1.2008  (details...) 
        KB932168  on 4.1.2008  (details...) 
        KB933729  on 4.1.2008  (details...) 
        KB935839  on 4.1.2008  (details...) 
        KB935840  on 4.1.2008  (details...) 
        KB936021  on 4.1.2008  (details...) 
        KB936357  on 4.1.2008  (details...) 
        KB937894  on 4.1.2008  (details...) 
        KB938127  on 4.1.2008  (details...) 
        KB938828  on 4.1.2008  (details...) 
        KB938829  on 4.1.2008  (details...) 
        KB941202  on 4.1.2008  (details...) 
        KB941568  on 4.1.2008  (details...) 
        KB942615  on 4.1.2008  (details...) 
        KB942763  on 4.1.2008  (details...) 
        KB942840  on 4.1.2008  (details...) 
        KB943055  on 5.9.2009  (details...) 
        KB943460  on 4.1.2008  (details...) 
        KB944338-V2  on 30.3.2009  (details...) 
        KB944653  on 4.1.2008  (details...) 
        KB945553  on 5.9.2009  (details...) 
        KB946026  on 5.9.2009  (details...) 
        KB946627  on 30.3.2009  (details...) 
        KB950749  on 5.9.2009  (details...) 
        KB958470  on 5.9.2009  (details...) 
        KB971032  on 5.9.2009  (details...) 
    SP4 
        KB923561  on 5.9.2009  (details...) 
        KB938464-V2  on 30.3.2009  (details...) 
        KB946648  on 30.3.2009  (details...) 
        KB950760  on 30.3.2009  (details...) 
        KB950762  on 30.3.2009  (details...) 
        KB950974  on 30.3.2009  (details...) 
        KB951066  on 30.3.2009  (details...) 
        KB951376-V2  on 30.3.2009  (details...) 
        KB951698  on 30.3.2009  (details...) 
        KB951748  on 30.3.2009  (details...) 
        KB952004  on 5.9.2009  (details...) 
        KB952287  on 30.3.2009  (details...) 
        KB952954  on 30.3.2009  (details...) 
        KB954600  on 30.3.2009  (details...) 
        KB955069  on 30.3.2009  (details...) 
        KB955839  on 30.3.2009  (details...) 
        KB956572  on 5.9.2009  (details...) 
        KB956802  on 30.3.2009  (details...) 
        KB956803  on 30.3.2009  (details...) 
        KB956841  on 30.3.2009  (details...) 
        KB957097  on 30.3.2009  (details...) 
        KB958215  on 30.3.2009  (details...) 
        KB958644  on 30.3.2009  (details...) 
        KB958687  on 30.3.2009  (details...) 
        KB958690  on 30.3.2009  (details...) 
        KB959426  on 5.9.2009  (details...) 
        KB960225  on 30.3.2009  (details...) 
        KB960714  on 30.3.2009  (details...) 
        KB960715  on 30.3.2009  (details...) 
        KB960803  on 5.9.2009  (details...) 
        KB960859  on 5.9.2009  (details...) 
        KB961371-V2  on 5.9.2009  (details...) 
        KB961501  on 5.9.2009  (details...) 
        KB967715  on 30.3.2009  (details...) 
        KB968537  on 5.9.2009  (details...) 
        KB970238  on 5.9.2009  (details...) 
        KB970653-V3  on 5.9.2009  (details...) 
        KB971557  on 5.9.2009  (details...) 
        KB971633  on 5.9.2009  (details...) 
        KB971657  on 5.9.2009  (details...) 
        KB972260  on 5.9.2009  (details...) 
        KB973346  on 5.9.2009  (details...) 
        KB973354  on 5.9.2009  (details...) 
        KB973507  on 5.9.2009  (details...) 
        KB973815  on 5.9.2009  (details...) 
        KB973869  on 5.9.2009  (details...) 
 


Click here to see all available Microsoft security hotfixes for this computer. 

     Marks a security hotfix (using the 08/11/2009 Microsoft Security Bulletin Summary) 
     Marks a security hotFix that fails verification (a security vulnerability) 
 Marks a hotfix that verifies correctly 
 Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled) 
  Unmarked hotfixes lack the data to allow verification 
 

--------------------------------------------------------------------------------
 

a. Processor clock speed is measured at computer start-up, and on laptops may be impacted by power option settings.
b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
e. This is the manufacturer's factory installed product key rather than yours. You can change it to your product key here [url]http://go.microsoft.com/fwlink/?LinkId=45668[/url] for Windows, or here [url]http://support.microsoft.com/?kbid=895456[/url] for Office.  
Copyright 2000-9, Belarc, Inc. All rights reserved. 
Legal notice. U.S. Patents 5665951, 6085229 and Patents pending.  

--------------------------------------------------------------------------------

 

Your opinion on ThreatFire? I consider it using a white-list (and black-list) approach, but detection instead based on behavior.

 

Haven't tested/checked out ThreatFire lately, I'll give it a look.

 

Just performed a small amount of testing with several products installed on the same vm. We'll continue more shortly, just wanted to take a quick look at things.




WinPatrol v 16.1.2009.1
Prevx v3.0.1.65
Online Armor Personal Firewall ++ v3.5.0.32


WinPatrol doesn't appear to cause any issues when combined with BluePoint.

Online Armor seems to work fairly well with BluePoint, although I wasn't able to update BluePoint even after allowing the outbound in the firewall. I suspect that it's just a setting (didn't have time to dig through it). I disabled it and was able to update BluePoint without issues.

Prevx and BluePoint seemed to be the most incompatible together in the same vm. The vm was very very sluggish (and this server is a dual quad core xeon!). I would not recommend running these two products on the same machine. The slowdown from Prevx alone in the vm seemed quite considerable. Prevx and BluePoint perform similar duties, I would suggest testing threats against them in a lab environment (attempt to infect) and make your own conclusions. Go with what you feel most comfortable with.

As I've stated before I would strongly discourage running 3+ security programs at the same time especially if they are performing real-time monitoring capabilities. The result of 3+ real-time monitoring programs hooking into the same areas of your os will cause performance issues at the very least, instability is also quite likely. As a general rule of thumb, having more than one product hooked into the same areas is a dangerous proposition. Non real-time protection programs are far less likely to cause compatibility issues with BluePoint.

Keep in mind, disabling security products doesn't necessarily remove the os hooks and these hooks are usual the causes of compatibility problems. So try to install BluePoint as a true standalone.

Personally, instead of running 3 or 4 programs to remain protected, I would seek out 1 that can do the job alone. There are less than a handful of them I would consider up to that job. As always, choose what makes you comfortable.

This isn't definitive and we'll continue cross testing.

 

ako,

Thanks for the detailed information. Nothing jumps out at me as being the problem. My strong suspicions are either a corrupt .net framework or a language issue. It doesn't like something about that vm for some reason. I can tell you if clean machines wouldn't installed we'd be flooded with support calls, so it must be something specific to that machine. I'm checking into the language your using to see if that causes any issues.

 

I'm always happy to share my opinion as you all know!

I checked out ThreatFire with my usual quick test method which is:

1. Install on clean vm
2. Update
3. Reboot
4. Attempt infection with a few common in the wild threats
5. Attempt infection with newer less known threats
6. Attempt to execute keylogger (we created)
7. Attempt to destroy vm with threat that deletes key windows dll's within about 5 seconds after execution (we created)


I rate products by how far along this list they are able to survive as threats higher in this list are more difficult to prevent, especially since they are not on defs and we created them! Most of them fail at step 4-5.

this one made it to step 6, which while not perfect is quite good actually.

I tend to be a security purist, meaning I look for as close to 100% prevention out of a product as possible. I look to solve the malware problem, not to cleanup their messes after the fact, I'm tired of cleaning them up. At this point I believe in technologies based upon sandboxing or whitelisting, I've personally seen all other technologies fail time after time in real world tests. I'd love to post reviews as I've seen far too many reviews performed by unqualified people (names withheld). Many of these reviewers are doing a massive disservice to users as they are "passing" products that have clearly failed at prevention, even in their own video reviews.

Since you are aware of the technology BluePoint is based upon, you can probably guess how far down the list it survives

 

Thanks for the kind invitation. when I understand well, BluePoint Security approach is: "deny the unknown".

IMHO a direct download link to an exe file in your sig don't fit in that approach..

<S>

 

This thread can turn into an interesting one. Please provide us with names and facts to back up your statements.

<S>

 

I am a GrandPa (& then some) & I understand Malware Defender (MD) pretty good, including your screenie. So also does my great-granddaughter Amy (age 9). She is adept with several classic HIPS, including D+ & MD.

Classic HIPS enable power-users & tweak-freaks to have control-to-the-max. However, a neophyte can use MD easily by putting it in "Learn Mode" for a while, & then "rig for silent running" (Silent mode). A neophyte user of MD need never mess with (or even see) the MD screen you showed unless s/he wants to learn.

 

This thread is starting to go in the wrong direction again . Us vs Them seems to be getting thrown back into it. Whether the product is beneficial to the user, how and why, that is what is important folks (I think ). Independent test results are good as well!

Just my thoughts.

ds

 

for me own personal test is the best cause you prove it your self,you know some test reviewers dont tell the truth it is better if we as users be the judge,well after testing

 

Interesting... in other words, running things under a LUA, which most users normally should - but don't - ThreatFire would have been "good enough" in theory. Thanks for your testing and insight on my query.

 

At least I definitely respect your opinion, but just as I thought, my query led to better understanding, both of the effectiveness of one of my products of choice and the philosophy, insight and professionalism of BluePoint as a company.

 

I installed BPS inside VM with english XP. Now it worked. Small test:

Allowed: FS blacklight, Processexplorer, Hitman pro, Adobe reader, a2, CIS-installer, MBAM, Unhackme

Blocked: IE (sic!, pic 1), Realplayer (pic 2), GMER (high risk), Quicktime, AVZ

The analysis never allowed execution and took too much time - minute or so.

Allowed execution of malware when installation was inside Defencewall (pic 3). (Blocked this one as unknown outside of DW.)

Did not block a pdf-exploit (pic 4). Allowed even registry modification before seeing something! (pic 5)

I am not convinced.

 

Two more pictures: HOSTS-changed, Hitman pro scan after the exloit. (3 dead files from another test, not related to BPS.)

 

Final picture. Scanning finds all malware files (Hitman pro scan after BPS cleaning clean.) Why real-time failed?

 

Good to hear it's running in the new vm.

Are you clicking allow to test infecting the machine? Once you click override or allow you may very well end up infected and have to resort to a scan to clean things up.

All security apps have settings or alerts you can override, it doesn't really prove anything to override all of the alerts to show infection, it's also a bit misleading.

A better test would be to click deny on everything during the test and then determine if anything was modified. As a side note it looks like your a few versions back, check for updates.

The analysis will never allow execution no matter what risk rating/result we give the item. That's more prevx's style. We never allow anything that's not known to us to be safe, allowing items after analysis would be heuristics/defs and that's not how BluePoint works, whitelisting only. Allowing items that appear to be "safe" can result in failure to prevent. That's up to you the user to determine if you want to allow execution. If your browsing around and you see the notification popup, it's quite likely it needs to be denied. The latest version is also more informative with the alerts.

 

Also good to hear, a few have done testing and have reported nothing was detected when malware was present . Without seeing their setup it's tough to tell why that happened (settings possibly?). Either way our detection rates are very very good (a few sites are testing as we speak). I think you'll be pleasantly surprised when our detection rate percentages are released here in the next few weeks

 

Blue Point Shield didnt fail,bet if you test BPS alone it will block all those malware you tested i recognize all those malware that you use and even more i tested againts blue point and blue point clean the house very easilly,you may have a conflic in between security software did you tried BPS alone like i did?try that

 

I "think" he clicked allow on the items to see how it responds/deals with that type of situation. I would find a hard time understanding how that many executables were allowed to execute without permission.

ako, let us know on this one.

Thanks!

 

ofcourse if i click allow it will go and even like that the scaner will remove them after all what i do is i wait few second after running malware and for sure it will be auto-block

 

A few test setup recommendations:

Setup a clean vm
Install BluePoint
Update BluePoint
Check settings if testing scanning detection rates

Begin testing


Make sure you clearly state whether you have clicked allow on any malware related items, this sort of makes the test a bit pointless as every security app I've seen has ways to override and allow malware if you really want to.

Try to explain screenshots so everyone understands what your showing.

We have a few groups officially testing things now, we don't mind everyone testing, just make sure your clear on how you tested. Most security vendors would probably not encourage this type of "unofficial" testing. We stand behind our prevention methods and as long as you explain your methods we don't mind.

 

Of course not. I got no warnings before the one seen in fig. 5. maybe a confict, I don't know. If Jmonge told it blocked everything I believe him.

The version was downloaded just before testing,but seemed to be indeed old with one version number.