BluePoint Security 2010

BluePoint Security 2010

Do you have a comment about it?

Negative WOT comments:

ssj100 has found many security holes in bluepoint and I don’t know if they are about patching them. There used to be someone on his forum from bluepoint but not anymore.

When the site was launched I think they rather obviously made good comments themselves, which was discussed on the WOT forum. That is probably why the other comments were not supportive.

They were also making “tests” of other security products. But, as I recall, something was fishy about them.

Its very good simple program imo. They have a very good AV/cloud engine but they need to improve their white list and installation mode. Its seems to be quite steadily developed and the developers seem helpful from what I have read around various forums. I think if there wasn’t such good free programs I would consider using it.

they said they developed their own AV and I think that is BS. They came out of nowhere and have a decent AV. Also I know it is not their own AV engine/signatures becasue if it was, they would be part of VT. I can bet all of my money they are leasing it out from someone.

Their program is very simple. Not on white list not letting it run. With a AV engine attached to it. Basically the same thing if I turned comodo’s sandbox to blocked.

Where I think they are different form comodo is how they operate. They first check the file against the AV signatures, if it is there they block it. No matter if it has a digital signature or is on the white list (stolen signature). CIS does it backwards from what I can see. They first check the white list and then if on the white list it allows it without ever checking the AV signatures.

What I would do if I was a dev at comodo I would change the sequence. First I would check it against the cloud white list ( it uses sha1, so impossible to get around), then if found safe I would allow. If unknown I would check the file agaisnt the the current AV signatures, if still not detected I would submit it to DACS and wait for at least 50% of the engines to report before moving on. If reported clean I would lastly check the digital signature against the TVL.

Something was indeed ‘fishy’ about their live online test.I observed the Bluepoint feed showing a live infection (rogue AV) yet this never appeared in the results and they claimed to have no record of the infection. 88)

I think they actually use Ikarus or Emsisoft. Judging by how patterns emerge in the MRG between their detections and those of Emsisoft.