Hacking DefenseWall, GeSWall etc in 60 seconds

Discussion in 'other anti-malware software' started by ssj100, Aug 18, 2009.

Thread Status:
Not open for further replies.
  1. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Officially- no.
     
  2. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Ok thanks Ilya, i will keep watching. I have a strong suspicion i will be compelled to buy a copy when it's released. :)
     
  3. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Whats the downside of having CD/USB/LANSources ticked to run as untrusted as default? If there is no downside - why dont DW install with those boxes set ticked.

    I have had them ticked as long as the option has been around, but I am not computer savvy. I just try to stay protected.

    Best Regards
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    USB are protected by default, CD/DVD and LAN are not because:
    1. usually, CD/DVD is not a source of infection, but movies/games. :D
    2. usually, within corporate environment, internal LAN resources area is secured.
     
  5. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    back to bluepoint

    Going back to bluepoint :)

    This is their promo video


    http://www.youtube.com/watch?v=yuJoXPYpcB4

    +
    Would be interested in how it monitors the install in the video
    Simple


    -
    some misleading advertising about other anti-malware companies.

    and this is matts review


    http://www.youtube.com/watch?v=mg1_vcLzfSU&feature=channel_page



    Thing is , for all the other apps, Matt will just block , if he gets an alert browsing the internet.
    So I think I think the review is a little unfair to focus on the Allow/Block so much.
    Also it allowed CCleaner by signature which I think other products would have
    just given an allow/block for !

    And I would have been really interested to see if/how it monitored the PC after he clicked allow.

    Has anyone tested BP ?

    I don't like their tactics but think the product itself could have potential to be a one-stop-shop for me.
     
    Last edited by a moderator: Aug 22, 2009
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    Re: back to bluepoint

    Ur second link not working.
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,701
    Re: back to bluepoint

    I believe this is the review Joeythedude was referring to.
    http://remove-malware.com/
     
  8. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Re: back to bluepoint

    Yes but all other applications Matt tested did give warnings as to what the threat is, file name, location and other warnings enabling you to determine whether it is malware or not.
     
  9. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    I have been a fan and follower of Wilder's Forums for many years and thought I would introduce myself finally. I am the CTO and one of the founders of BluePoint Security and would be happy to answer any questions regarding our product. I noticed a few posters asking how things work and since BluePoint Security is a relatively new product I thought it would be nice to get answers directly from us.

    Ask away!
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,110
    Location:
    Europe, UE citizen
    Hi, I wish to understand: is BluePoint Securit an IDS, a Behaviour Blocking, an on the cloud program, what ? Thanks. ;)
     
  11. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Thanks for the question blacknight,

    BluePoint Security combines application whitelisting, in the cloud scanning and heuristics.

    As it's primary protection mechanism BluePoint Security relies upon whitelisting, meaning if a publisher or application is not known to us as trusted you will be asked for permission. We base our core security model on whitelisting as it's impossible to truly determine if a new application is safe or not unless they are a trusted publisher. When a new virus is released, products relying on signatures and definitions will fail to prevent or remove the threat. With heuristics, the behavior may or may not appear to be suspicious to your security product and you may end up infected.

    When we refer to "scanning in the cloud" what we mean by that is we do not release definitions or signatures as updates. Instead, BluePoint Security communicates directly with our servers at the time you scan to determine in real-time which items should be removed. There are many benefits of the "cloud" versus constant definition updates, one of which is that we are able to help our customers more quickly remove malware that they may have been infected with before installing BluePoint.

    Finally, we use heuristics to remove files that appear to be suspicious. Keep in mind, we don't use heuristics to determine whether or not to allow an executable to run on your system (highly dangerous imho), only to remove files already on your system.
     
  12. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    I noticed another question we are frequently asked which is: Why do you have an AV engine?

    There are two reasons why we have integrated AV technology into BluePoint Security. Keep in mind, when customers install BluePoint Security they may already be infected before hand. Many security products that utilize whitelisting are not capable of removing previous infections. It's essential that your computer is cleaned up and locked down. Locking a computer down with infections is a bit like locking the door to your home with thieves hiding upstairs.

    The second reason we include antivirus capabilities is to inform you, the user, when running applications whether they "appear" to be safe or not. Meaning, when you attempt to run an in the wild virus, BluePoint Security will intervene and prevent the virus from executing even one line of code and the threat will be deleted.
     
  13. Phenom

    Phenom Registered Member

    Joined:
    Sep 23, 2008
    Posts:
    61
    Location:
    United States
    Can BluePoint Security run with security like antivirus?
     
  14. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Phenom:

    BluePoint Security has no known issues with other security products, we have tested BluePoint alongside of most other AV products to make sure there aren't any issues. We can't control how other security products will respond to the installation so you may need to temporarily disable them when installing BluePoint then re-enable them after, if they block the install. Many of our enterprise customers run BluePoint alongside of another AV products until they are comfortable with it or the other products subscription runs out.
     
  15. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Can I ask whether the AV engine in BPS is in house or another vendor's?
     
  16. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Blackcat:

    The AV engine was developed in house. While our primary goal is prevention, our detection rates are quite good as well.
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Interesting. My first overall impression is somewhat negative. The website says "Revolutionary". So what's revolutionary about it. Candidly my very first reaction was a Prevx knockoff. Seeing more about how it works still leaves me feeling that way.

    Saying one hacked Defensewall in 60 seconds, leaves me cold on several scores. First I've tested Defensewall, and if used properly does just fine. Second, if indeed you truly have found a hole, the responsible thing is to quietly report it to the developer, not make a You Tube video. This aspect leaves me very cold on these folks.

    Finally like Matt said leaving the final decision up to the user is pointless. My standard of a good product is can I as a users make mistakes, and still be protected. That was the standard I applied against Defensewall and it did fine.

    Pete
     
  18. danny9

    danny9 Departed Friend

    Joined:
    Feb 18, 2004
    Posts:
    678
    Location:
    Clinton Twp. Mi
    Point very well made! :thumb:
     
  19. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Thanks Peter2150:

    Sorry to hear that your overall impression was negative although I appreciate the feedback. I would considering Prevx to be one of the best security apps around (my own real world testing), however their security model is based upon heuristics rather than white listing. In my experience Prevx does an excellent job. The only problem I see with Prevx and most other products is they allow unknown code to execute without even user permission. Any malware writer can setup these security apps in a lab and simply code/design malware that isn't detected even by the heuristics as I've done so myself. It's not that there is a hole in DefenseWall per se or any of the other products, what we demonstrated was methodology failure. What I mean by that is I can install any given security product (not based upon whitelisting) and in about 30 minutes compile a malicious piece of software that will not be prevented or detected. That's the root cause of the malware problem imho from the enterprise to the consumer. The philosophy behind BluePoint was to create a security solution that prevents as near to 100% of threats as possible while still being relatively easy to use. I realize It's definitely not an app for everyone. Most of our success has been in the enterprise so far as many enterprises are throughly tired of AV failure at this point. I don't feel Matt's video was an informed or accurate portrayal of our product and I'll leave that one alone. As far as the allow/deny's, I know of many users that would rather deal with them then risk infection if they've been infected previously while running another product. If a user attempts to execute a known in the wild virus you will not recieve the allow/deny popup, the threat will be prevented and removed automatically. Everyone's entitled to their own opinion and I'm more than happy to hear any feedback from the forum!

    Thanks guys!
     
  20. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Well, I wouldn't expect many fans here given your sales approach. But, as you say...we'll leave that alone.
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    How exactly do you test Prevx without internet connection?

    And regarding DefenseWall, your "methodology failure" is complete. Testing it against a program downloaded before installing DefenseWall - which is the whole point behind DW - is dishonest to say the least..
     
  22. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Pedro:

    Prevx can only be tested with a live internet connection which is how I've always tested it. The keylogger was copied from a network drive which are treated as trusted by default as far as I'm aware. About six months ago I was part of a malware cleanup (for a local county) that began due to a users home directory being located on their server. The virus (mario forever) then spread from that home directory on the server to the entire LAN. One of the many reasons not to automatically trust files from network drives/servers or any other source/attack vector.

    As a side note, the video series has been taken down.
     
    Last edited: Aug 30, 2009
  23. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    Excellent thread here:

    https://www.wilderssecurity.com/showthread.php?t=251629

    I noticed that a few members pointed out that .vbs or .bat files weren't being blocked and instead wscript.exe (scripting host) was being blocked. BluePoint handles .vbs and .bat files individually instead of dealing with the scripting host. This allows you to allow/deny individual scripts.
     
  24. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I don't actually own a license to confirm what you're saying, but i'll take your word for it.
    It then becomes a problem of configuration/ user problem/ criticism on the default configuration, not some vulnerability with DW.

    The word hacking, command line in green Hollywood style on top, gives me a really bad picture of your company, and distrust the product.
    Seeing as you did remove the videos on Youtube, means you at least acknowledged the feedback and that you're that much intelligent. Some would keep doing it regardless.

    PS: http://www.in.com/videos/watchvideo-hacking-defensewall-in-60-seconds-4087641.html
     
  25. BluePointSecurity

    BluePointSecurity Registered Member

    Joined:
    Aug 1, 2009
    Posts:
    134
    You're correct about the configuration/settings issue. A few of the products would have been perfectly capable of stopping this particular threat/keylogger with settings adjustments or other modifications (from the out of box settings). The problem is, when installing a security product many users have no idea how to adjust those settings or test to ensure proper protection and they shouldn't have to become security experts to do so imho. Thanks for the link, a few other networks picked up the vids, I'll see what I can do.
     
    Last edited: Aug 30, 2009
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.