BluePoint Security product Q&A

Discussion in 'other anti-malware software' started by BluePointSecurity, Aug 31, 2009.

Thread Status:
Not open for further replies.
  1. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    I don't feel your attack is warranted, however, what questions have I ignored?
     
  2. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Folks,

    Let's keep the discussion technically focused. Leave speculation of motivations out of the thread.

    Thanks in advance.

    Blue
     
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Please don't entangle an ascertainment with an attack.

    <S>
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    well for me Blue Point Security is patching the hole that wasnt cover for long time:) i personally tested and i encourage others to tested for 14 days(trial)and will not be disapointed;)
     
  5. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    As mentioned, let's keep it to technical issues related to our product and the technology surrounding it. If you have a question there, I'd be happy to help.
     
  6. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    130
    Back to SRP topic for a second if we could.
    If it were configured as (http://www.mechbgon.com/srp/) suggests, then I feel you have most of your basis covered, as far as executing arbitrary code goes. This appears to be the nearly the same security strategy as BluePoint's product, except that BluePoint allows the user more granularity and an option to easily override default deny policy. Would this be an accurate description?
     
  7. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Removed the speculation of motivations part. ;)

    <S>
     
  8. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    It’s not at all clear to me how this example is different from what Norton Internet Security 2010 would do: namely, alert the user with a recommendation to deny the application based on its poor "reputation." Can you kindly elaborate?
     
  9. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Spiral123,

    Is SRP an effective layer if configured properly, certainly yes. Do I see problems with it, yes.

    Some of this is my opinion, but since you're asking I'll share;


    ● Allowing SRP rules that allow ANY folders to remain unrestricted and unchecked is dangerous in my opinion.

    ● It's unfeasible to import 1000's of hashes into SRP and lock your system down to them as it lacks any kind of real management interface. This would be the only way to configure SRP that I would consider it secure and that would stand up to threat testing.

    ● Running SRP in hash lockdown mode (the only which I consider truly secure) is most certainly unfeasible for a casual computer user. This is why BluePoint exists, we didn't feel that there was a product that achieved the level of prevention we have while still being very easy to use.

    From the SRP article:

    Again, BluePoint isn't vulnerable to this "window of vulnerability" that mainstream av products suffer from (sig based or heuristic), making SRP sort of a mute point, unless someone isn't willing to pay for a more polished solution.

    The entire philosophy behind our product is to stop the never ending cycle which is generally:

    Virus created
    Virus released
    Users infected
    Security vendors react to and attempt to clean up the mess
     
    Last edited: Sep 11, 2009
  10. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    NIS 2010 is simply not based upon the same security model as BluePoint, that would be the prime difference. As you mentioned, Quorum is based upon reputation combined with heuristics. While it does perform better than previous versions, I certainly wouldn't consider that a bulletproof security model by any means.

    We don't look at application behavior because we don't believe heuristics are the way to go when it comes to preventing threats nor is reputation. How many of their customers have to be infected before a bad reputation is earned? Using the user community's infections as a net for your definitions list seems a bit strange to me, that's the same community your charging to protect!

    Not product bashing but just to highlight the differences between BluePoint, I've installed NIS 2010 in a lab and noticed it does not flag brand new files just based upon the fact that they are "new". I compiled up a brand new exe and it ran without a peep. However, if your exe "looks" suspicious to NIS, it will then flag. Looks can be deceiving, these guys are pretty clever out there. I know if I were making money bypassing things like this, I would be working very very hard at it.


    Thanks for the great questions guys, you've made me think hard quite a few times ;)

    Have really enjoyed the discussions with everyone here, even though we may not always agree, I think we can learn from these type of discussions.
     
    Last edited: Sep 11, 2009
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
  12. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    I think the same should be true for Prevx also, if you read their threads objectively. To me I do not think this a promo thread at all. Anyway even if it were to be one what would have been wrong with that? To me BluePoint security is an excellent product and I tested it, and it performed well. I executed everything at it, and BPS handled all my malware samples with flying colors.

    My only criticism has to do with the GUI, black font on a blue background is not too attractive. A color pattern and design like Outpost for example is more appealing.

    If BPS enterprise is as good as its home product then McAfee has a lot to worry about. Right now McAfee VirusScan Enterprise 8.7 is the only enterprise product that I trust. The reason for that it is mostly based upon prevention first and detection section second with DAT release and Artemis.

    May God be with you BPS and you have nowhere to go but up. :)
     
  13. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    130
    Thank for your input BluePointSecurity.
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    In Vista with UAC on that is a non issue, because unspecified will be covered by UAC.

    With Vista reease Microsoft has overhauled the placement of user and work data storage of programs. A simpel deny execute of the user space C:\Users will do. No need for hashes or a white list. When you create a specific install directory in C:\Program Files, UAC will prompt you when you are moving something into it. Because of the install directory I do not need a white list with program hashes, so please explain.

    But there is now PGS and it comes with an ini file, some wilders members will be developing a default ini file with names of programs to run as limited, so the cath 20-20 situation will be enforced. Thanks for the tip to provide program hashes, not for a white list, but for the run as limited user list. :thumb:

    @Any other reasons why I should use your product? See how easy it is to bash a product, when you are using your set of validity arguments. Good you have removed all those stupid video's. Bashing competition is a 'me too' strategy which only allows for a lowest price USP, pretty horrible business scenario for blue point when there is a product PGS which cost no money and requires no extra code to run on your PC.
     
  15. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    I tried this about one hour ago on my vista, brought it to a crawl. Took it off and done with this. Not putting down the product just not for my pc. Sorry
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    it is running very smooth like a baby skin man,ofcourse only run 2 antimalwares at a time:) in all my pcs
     
  17. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    You compiled a new exe... and what did it do? What if you compile an exe that will trash the system or at least do some kind of harm? Maybe your "quick test"-method and results would do good here. :)
     
  18. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Unless your running on a very old machine, BluePoint will not cause any kind of noticeable slowdown. Without more info it's tough to tell why. How many other products did you have installed alongside BluePoint?
     
  19. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Kees1958

    As I've said before, personally I wouldn't bother with most of Microsoft's protection mechanisms when it comes to preventing threats/system damage, including SRP. I've seen UAC, low rights and SRP fail to do the job. Most people aren't sitting in a lab all day such as I am.

    I think in the end everyone should use what they are comfortable with. I think anyone testing out BluePoint in a lab should be able to easily see the difference as many already have. We don't expect everyone to switch to our product and that's fine.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    come on man this machine here is older than grandma:D and like the song says
    '' i believe i can fly '' :D
     
    Last edited: Sep 12, 2009
  21. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Hey Jmonge

    When I read your signature I told myself: "Man that's just one tough security apparatus." ;)
     
  22. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    I agree! He has AE, heuristics and removal pretty well covered there. That would be tough to bypass indeed.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    thanks,and fast:)
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    with the help of prevx,blue point and Mbam;) thank you guys:thumb:
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    but remember with just BPS it will be more than well covered;) it also removes tough malware like malware is a joke;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.