Bluepoint Security

I just tested Bluepoint Security Personal Edition against some Zero day links and it did very well. It actually didn't let any of those malware pieces through. I Kind of like the way the program works because it's not like any of those Basic antivirus/antimalware solution out there that are basically all about blacklists and known bad files. With Bluepoint Security whenever you run an executable the file will be analyzed and based on Reputation the file will be either blocked , allowed of left unrecognized (user dependant). Well this mechanic is nothing new basically. However this program offers a ruleset Chart where you can put in all your programs that are allowed to run, also when it detects a malicious file it automatically puts the file into the ruleset Chart and sets it to "deny". Besides cloud Service if offers heuristics and Monitoring behavior as well.

I don't want to Hype this specific program too much but I was surprised a Little bit that this program handled all those new Zero day malware pieces with ease and blocked them all basically. Also I don't think this program is updated a lot because the Version says "2011" but that doesn't make any difference for the test results. As I said it caught all samples because it simply uses a clever security Approach which is whitelisting.

As I mentioned I like the way how this program works in General because I think it's not too common.

I have to say I noticed some downsides of bluepoint security as well. Analyzing files took Ages. It was crawling. Also although I prevented the Zero day samples from launching it didn't delete the actual files from the temporary Internet files Folder. It prevents execution but leaves the files in place.

Does anyone have some more in depth experience with These Kind of programs? Are there any other similar programs out there that work like bluepoint security? Actually I don't even think webroot is similar because it blocks many threats with it's webfilter most of the time. Testing Bluepoint Security felt like a mixture of hips/cloud analyze/whitelist Kind of program.

I kinda liked it. Too sad that it was so slow when analyzing files.

 

I am not sure right now. But I guess I tested something called "Bluepoint" maybe 2 years ago and it had an ridiculous amount of false positives back then!?

However, I don't see why you wouldn't use Webroot Secure Anywhere which is probably much "lighter" and "faster". - But as I said: my experience was long ago and of course I uninstalled that Bluepoint thing on the same day because of all those fp's.

p.s.: And it is no magic to detect all malware links if anything and all is detected anyways (fp's)!

 

well it's not something like an AE that detects and prevents everything just like you said. It's supposed to be something in between. It's supposed to block "the unknown" but it's not meant to block simply everything. It uses Reputation from the cloud to make a decision...

During my test I threw some legit installers against it like ccleaner and Firefox and it blocked those from launching however it gave me the choice to run it or not.

I don't know maybe they don't have the best cloud Reputation and simply not enough Reputation so that it behaves more like an AE....

 

EXACTLY

 

That should make you thinking if this is what you want. - I can tell you: if you fear all the time for false positives then you will let some day through real malware because in 99 % of all cases it was a fp! - Same like with those UAC questions .. people get annoyed by them and are clicking automatically on "allow".

Don't use an AV that has many false positives! - It makes you nervous, uninstalling things that are perfectly legit and you get used to have only fp's with this product. - And then the bad malware arrives and they got you.

If nobody (relatively) is using a cloud product it is not working very good. - Even WSA had in the past fp's against new (beta) FF versions. But lately I don't get them anymore.

 

i just got a fp with webroot yestarday it said that my printer was a rootkit
no way bye bye webroot i am more secure without an antivirus now lol

 

I don't really get why there are so few programs out there that work this way. I think this is the right way to go for antivirus programs in General. Comodo as another example is on the right track as well I think because they use cloud Reputation as well and based on the results they block, allow or sandbox the file. Where is all the rest. All you Need to have is a decent cloud...

 

And? Was it?

Well .. if you think that ONE (?) false positive is reason for dumping an AV solution you probably won't find anything to your taste! - I have so many products tested in the past, they found all stuff that was harmless.

Dr. Web CureIt found nothing, yes.

And Webroot Secure Anywhere had much, much more fp's in the past and I was almost crucified when making this a topic! - That problem is gone on my computer, just now and then fp's happen with WSA ... and it's no big deal if you know what to do.

The average Joe (0815 user) is always scared by those false alarms and helpless. Therefore I hope fp's will get even more seldom in the future.

 

just looked at Xyvos Whitelist AV. Not impressed because this one indeed behaves just like any AE. Also the application Looks ugly just like a rogue or something...Also it allowed execution of signed executables and Microsoft signed executables by Default.