BluePoint Security product Q&A

Discussion in 'other anti-malware software' started by BluePointSecurity, Aug 31, 2009.

Thread Status:
Not open for further replies.
  1. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    BluePointSecurity

    Could you tell me how secure are BPS processes with regard to self protection? Maybe it is self evident; however, I just want to double check.
     
  2. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    755
    Location:
    RUNCORN UK.
    Hello Forum,
    Had BPS running for 24hrs, the only problem is when running a complete scan it freezes on 11%.No problems with my security programs ( See Signature.) and no computer slow downs, nice.
    Badcompany.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Is BluePointSecurity compatible with Prevx 3.0, and Online Armor? I'm running XP Pro. How exactly does BluePointSecurity detect malware? I remember reading something about denying anything unknown from running on their website. I thought it was kinda of vague. Does it work like anti-executables or does it use in the cloud analysis? I'm very interested in learning more?
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    with prevx yes;)
    http://www.youtube.com/watch?v=RlV-XyM3Hg8
    http://www.youtube.com/watch?v=USPLHrCm-sE

    very detail information
     
  5. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    BluePoint is based upon deny the unknown, meaning if we don't know the publisher as a known trusted reputable source we ask your permission. The cloud av engine is there to help inform the user when they are notified about unknown code whether it appears to be safe or not. Meaning, even if new malware is released 5 minutes from now and we don't yet know about it, you're still protected and won't be infected (unless you override the ominous alerts that is!).

    Sure, it's a little dry but it explains in detail how BluePoint works.
    http://www.youtube.com/watch?v=yuJoXPYpcB4

    There are no known compatibility issues between Prevx/Online Armor/BluePoint Security, however I would strongly recommend against running 3 real-time apps on the same machine. You may end up with a very very slow machine or possible system instability issues.

    Hope this helps!
     
    Last edited: Sep 12, 2009
  6. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    A few people have mentioned that the scanning has frozen or won't complete. Keep in mind we utilize the cloud to analyze files, it may take quite a while to completely scan you computer the first time. The scan will complete, just be patient. After the first scan, you'll notice successive scans are much faster. We utilize a few caching methods to improve speed after the first scan.

    Hopefully that clears up a bit of confusion.
     
  7. darthsideous666

    darthsideous666 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    202
    Location:
    Secret Hideout on Coruscant
    Just to add to one of your questions that was not answered. Yes, it appears to work fine with Online Armor.

    ds
     
  8. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    755
    Location:
    RUNCORN UK.
    The scan stayed on 11% for over 1hr before I stopped it.
    Badcompany.
     
  9. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    755
    Location:
    RUNCORN UK.
    Second full scan took 7 mins.
    Badcompany.
     
  10. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    I just downloaded BPS and when I rebooted I found that Defensewall, which was disabled, did not show up in my Taskbar.
    The only program that did start right away was Prevx.
    When I started DW I got your pop up about whether to allow it or not. I'm surprised that it isn't recognized as safe.
    Also, I lost all of my other Taskbar residents.
    That's not going to kill me but I'm surprised to see it happen.
    Will BPS work with DW as well as Prevx or is there a problem with this.
    For the duration of my own trial I've removed DW, but I damn well feel naked without it.
    Hugger
     
  11. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Hugger,

    Glad to hear you're kicking the tires. We haven't received any reports of interaction problems with Prevx or DefenseWall. As always, my normal caution, I wouldn't recommend running more than 1 real-time protection product permanently on the same machine due to the potential of stability/slowdown issues. I completely understand you wanting to get familiar with things while still running DefenseWall and Prevx. I'll be happy to help out if you do find any conflicting issues between them.
     
  12. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I’m curious and want to learn more: please elaborate upon the differences in the security model of BluePoint Security and Norton Internet Security 2010. In addition, do you have a white paper that provides insight into the security model of BluePoint Security?

    It doesn’t surprise me that a non-malicious executable created on your own PC runs without any warning by Norton Internet Security 2010. However, if you repeat the same test, but download another newly created executable from a public website using a different PC, I suspect that the result will be different.
     
  13. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Simply put, NIS 2010 is not based upon an AE/Whitelisting security model, BluePoint is. Very different methodologies, Symantec appears to be betting on advanced heuristics and file reputation (Quorum). We have many reasons for choosing the security model we have as opposed to heuristics and reputation. While heuristics and file reputation have come a long way in recent years, we believe these models have limitations as far as approaching 100% prevention no matter how advanced they become. In the end files have to "appear" to be suspicious, which is a designers interpretation as to what is in fact a suspicious behavior. What if a malicious file doesn't appear malicious but is? What if a file has no reputation but is malicious and is missed by heuristics? In order to earn a reputation in the first place, a certain amount of infections must occur in the user base, why use your customers as a net for malware? Why depend on heuristics which again are simply "definitions" of suspicious activities, when history tells us definitions are inadequate?

    In the end, our model is very well thought out right from the beginning. Our security model was designed from the ground up to achieve as near to 100% prevention as possible. While it's easy to find gaping holes in other security models with simple obvious questions, that's not the case with ours. Sometimes I wonder if they've even thought out the direction they are moving in when such simple ways to bypass their security model exist. It seems many have come to accept a certain amount of infections, chalking it up to "nothing is perfect". Internally, our thinking is that no amount of infection is acceptable and I think it shows when our product is put to the test.



    Keep in mind, downloads are not the only attack vector. There are many ways to become infected, while web based attacks are probably the most common, usb devices, network shares and email are also popular vectors. Malware writers don't play by the rules, they will utilize any method possible to achieve infection. If they find an unlocked door, they will exploit it to the fullest potential. Standing at one door, such as treating files differently that have been downloaded is a patch work approach and it won't solve the problem, they'll just begin knocking on another unprotected door. Ultimately, you need to prevent code from executing in the first place, no matter where it comes from unless it's from a trusted source. Allow unknown random code to execute and your allowing a foothold, once there's a foothold it'll be exploited one way or another. I believe you will begin to see most of our competition begin to switch to a model similar to ours, as in my opinion, it's the only real way to begin actually winning the battle. Trust me, they are very aware they are losing the battle, it's widely known and published, it's only a matter of time.

    I think people need to spend more time asking questions about security models and methodologies, brand names are unimportant. Analyze the model they are based upon, then determine if the model is sufficiently thought out enough to not be easily bypassed. This will lead you to products that are truly exceptional at prevention.
     
    Last edited: Sep 14, 2009
  14. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Pleonasm

    How do you know that the .exe was not malicious? :D
     
  15. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    One of them was a recompiled version of our test keylogger, simple modifications were made to evade heuristic detection.
     
    Last edited: Sep 14, 2009
  16. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    804
    I haven't read the whole thread, sorry if was asked/mentioned/answered before.
    Answer me one simple Q: can you guarantee that you will always recognize all legitimate programs as such, meaning can you truly differentiate between unknown good programs and unknown malicious programs? Keep the Users decision aside, please, since we can only predict their actions.

    You seem to be addressing just one side of the "big picture"-how to protect the user from malware. Everything that is unknown (to you) is not necessarily malicious. That means that you will inevitably get in the way of the user, interrupting his work, blocking legit applications which he/she needs for his/her work (since they're unknown to you).
    You seem to have a tone of superiority when you compare yourself to other products, which isn't something I like to see... especially having in mind that there is no "Ultimate answer" to malware problems. Preventing them is not a big issue but balancing between annoying the user or interrupting his work and protecting him is. :)
     
  17. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134

    No. This is just as impossible as guaranteeing that someone can maintain a 100% complete and accurate blacklist. Here's a quick breakdown of how BluePoint works:

    All of this happens before code execution, a very important point.

    When we are unaware of the safety of executable code, our cloud av attempts to determine if the item is a known in the wild virus

    If the item is a known virus, it's prevented from executing and deleted

    If the item appears safe but isn't from a trusted publisher we prompt the user with a risk rating and other info before any execution is allowed.


    Typical mainstream av generally works more like this (obv simplified):

    A. Is item known to be bad?

    B. Does item look suspicious?

    If a and b = false then execution is allowed.


    Again, trying to keep users protected by keeping up with threats and their behaviors is a backwards approach right from the beginning imho.


    You're correct, computer security has always been a balance between ease of use and being intrusive to the user. While users may occasionally be prompted to make decisions about code execution, they will be spared infection. Being infected not only gets in the users way, I know people personally that have had bank accounts drained by silent keylogger infections, that's quite an inconvenience!

    I've shared my opinion many times here about prevention and the state we're in as far as security products ability to effectively prevent threats so I'll leave that one alone. My opinions are formed from my experience not only in the testing lab, but through working with users as well as corporations in tough positions after being infected while they believed they were protected.

    As much as I enjoy a good debate, let's try to keep it to Q&A on the product itself, there's already quite a bit of information on the site as to how our product works and the reasons why we do things a little differently.
     
    Last edited: Sep 14, 2009
  18. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    isuninst.exe is rated as high risk by BPS.
    I think it's part of Installshield.
    I right click on it in history and it's removed.
    Can't find it.
    Earlier, BPS also nailed ctfmon.exe and something from process explorer as bad.
    I think perhaps the white list is not yet mature.
    Hugger
     
  19. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Hugger,

    Did it just block them or did it remove them?

    Sometimes it'll report high risk if the item appears suspicious but it shouldn't actually delete the item unless it's known to be infected.
     
  20. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    It removed them.
    Right click menu gets me nothing useful.
    Also, yesterday I ran Real temp and HDTune. Both are well known monitors and used by many. I had to allow them.
    Today I had to allow them again. BPS doesn't seem to remember permissions.
    Hugger
     
  21. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    I've removed BPS and installed DW again.
    Too many of my programs did not run properly.
    Upon removing BPS they all started and ran the way they used too.
    You have good ideas and a good product.
    But from where I stand I think it still needs work.
    I'll try it again in the future.
    Hugger
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    there is a trick here,listen first install your softwares and then install BPS no problem at all;)
     
  23. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    No problem Hugger, thanks for giving us a try! As jmonge mentioned, BluePoint runs best as a standalone (the only real-time protection product on the pc).

    Our official support forums are open!

    http://www.bluepointsecurity.com/forums/

    We've enjoyed Wilders!
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    look at my signiture no problems here and still fast in this old xp2 pc:thumb:
     
  25. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    same scheme as Wilders :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.