Discussion in 'other anti-malware software' started by BluePointSecurity, Aug 31, 2009.
I don't feel your attack is warranted, however, what questions have I ignored?
Let's keep the discussion technically focused. Leave speculation of motivations out of the thread.
Thanks in advance.
Please don't entangle an ascertainment with an attack.
well for me Blue Point Security is patching the hole that wasnt cover for long time i personally tested and i encourage others to tested for 14 days(trial)and will not be disapointed
As mentioned, let's keep it to technical issues related to our product and the technology surrounding it. If you have a question there, I'd be happy to help.
Back to SRP topic for a second if we could.
If it were configured as (http://www.mechbgon.com/srp/) suggests, then I feel you have most of your basis covered, as far as executing arbitrary code goes. This appears to be the nearly the same security strategy as BluePoint's product, except that BluePoint allows the user more granularity and an option to easily override default deny policy. Would this be an accurate description?
Removed the speculation of motivations part.
It’s not at all clear to me how this example is different from what Norton Internet Security 2010 would do: namely, alert the user with a recommendation to deny the application based on its poor "reputation." Can you kindly elaborate?
Is SRP an effective layer if configured properly, certainly yes. Do I see problems with it, yes.
Some of this is my opinion, but since you're asking I'll share;
● Allowing SRP rules that allow ANY folders to remain unrestricted and unchecked is dangerous in my opinion.
● It's unfeasible to import 1000's of hashes into SRP and lock your system down to them as it lacks any kind of real management interface. This would be the only way to configure SRP that I would consider it secure and that would stand up to threat testing.
● Running SRP in hash lockdown mode (the only which I consider truly secure) is most certainly unfeasible for a casual computer user. This is why BluePoint exists, we didn't feel that there was a product that achieved the level of prevention we have while still being very easy to use.
From the SRP article:
Again, BluePoint isn't vulnerable to this "window of vulnerability" that mainstream av products suffer from (sig based or heuristic), making SRP sort of a mute point, unless someone isn't willing to pay for a more polished solution.
The entire philosophy behind our product is to stop the never ending cycle which is generally:
Security vendors react to and attempt to clean up the mess
NIS 2010 is simply not based upon the same security model as BluePoint, that would be the prime difference. As you mentioned, Quorum is based upon reputation combined with heuristics. While it does perform better than previous versions, I certainly wouldn't consider that a bulletproof security model by any means.
We don't look at application behavior because we don't believe heuristics are the way to go when it comes to preventing threats nor is reputation. How many of their customers have to be infected before a bad reputation is earned? Using the user community's infections as a net for your definitions list seems a bit strange to me, that's the same community your charging to protect!
Not product bashing but just to highlight the differences between BluePoint, I've installed NIS 2010 in a lab and noticed it does not flag brand new files just based upon the fact that they are "new". I compiled up a brand new exe and it ran without a peep. However, if your exe "looks" suspicious to NIS, it will then flag. Looks can be deceiving, these guys are pretty clever out there. I know if I were making money bypassing things like this, I would be working very very hard at it.
Thanks for the great questions guys, you've made me think hard quite a few times
Have really enjoyed the discussions with everyone here, even though we may not always agree, I think we can learn from these type of discussions.
I just thought I would point out the correct usage.
ascertainment is not a word.
assertion is the correct word to use, see here > http://www.wordreference.com/definition/assertion
ascertain > http://www.wordreference.com/definition/ascertain
I think the same should be true for Prevx also, if you read their threads objectively. To me I do not think this a promo thread at all. Anyway even if it were to be one what would have been wrong with that? To me BluePoint security is an excellent product and I tested it, and it performed well. I executed everything at it, and BPS handled all my malware samples with flying colors.
My only criticism has to do with the GUI, black font on a blue background is not too attractive. A color pattern and design like Outpost for example is more appealing.
If BPS enterprise is as good as its home product then McAfee has a lot to worry about. Right now McAfee VirusScan Enterprise 8.7 is the only enterprise product that I trust. The reason for that it is mostly based upon prevention first and detection section second with DAT release and Artemis.
May God be with you BPS and you have nowhere to go but up.
Thank for your input BluePointSecurity.
In Vista with UAC on that is a non issue, because unspecified will be covered by UAC.
With Vista reease Microsoft has overhauled the placement of user and work data storage of programs. A simpel deny execute of the user space C:\Users will do. No need for hashes or a white list. When you create a specific install directory in C:\Program Files, UAC will prompt you when you are moving something into it. Because of the install directory I do not need a white list with program hashes, so please explain.
But there is now PGS and it comes with an ini file, some wilders members will be developing a default ini file with names of programs to run as limited, so the cath 20-20 situation will be enforced. Thanks for the tip to provide program hashes, not for a white list, but for the run as limited user list.
@Any other reasons why I should use your product? See how easy it is to bash a product, when you are using your set of validity arguments. Good you have removed all those stupid video's. Bashing competition is a 'me too' strategy which only allows for a lowest price USP, pretty horrible business scenario for blue point when there is a product PGS which cost no money and requires no extra code to run on your PC.
I tried this about one hour ago on my vista, brought it to a crawl. Took it off and done with this. Not putting down the product just not for my pc. Sorry
it is running very smooth like a baby skin man,ofcourse only run 2 antimalwares at a time in all my pcs
You compiled a new exe... and what did it do? What if you compile an exe that will trash the system or at least do some kind of harm? Maybe your "quick test"-method and results would do good here.
Unless your running on a very old machine, BluePoint will not cause any kind of noticeable slowdown. Without more info it's tough to tell why. How many other products did you have installed alongside BluePoint?
As I've said before, personally I wouldn't bother with most of Microsoft's protection mechanisms when it comes to preventing threats/system damage, including SRP. I've seen UAC, low rights and SRP fail to do the job. Most people aren't sitting in a lab all day such as I am.
I think in the end everyone should use what they are comfortable with. I think anyone testing out BluePoint in a lab should be able to easily see the difference as many already have. We don't expect everyone to switch to our product and that's fine.
come on man this machine here is older than grandma and like the song says
'' i believe i can fly ''
When I read your signature I told myself: "Man that's just one tough security apparatus."
I agree! He has AE, heuristics and removal pretty well covered there. That would be tough to bypass indeed.
with the help of prevx,blue point and Mbam thank you guys
but remember with just BPS it will be more than well covered it also removes tough malware like malware is a joke
Separate names with a comma.