BluePoint Security 2010 Review

February 27th, 2010

We first came across BluePoint Security about six months ago and thought at the time it seemed an innovative product. We have included it in our tests and it performs very well, in fact, it is an exceptional product, as is demonstrated by its performance in our last official test where it was the only full antimalware product to pass.

We have mentioned before about the increasing amount of malware being produced and the efforts of security vendors to keep up with this. One popular means employed by vendors is cloud technology which allows vendors to react to new malware faster and protect their customers against these threats more quickly. Whilst cloud technology helps increase detection efficiency, it still fails to solve the problem of protecting users from zero day threats.

The fundamental problem with traditional antivirus / antimalware applications is that they use black listing. This approach is somewhat like the law, which states you are innocent until proven guilty. This philosophy may be great for use in Human law, where it is rightly argued it is better to let ten guilty men go free than execute one innocent man, but not so good when applied to computers.

BluePoint Security 2010 takes a different approach in that it assumes all files are guilty – it intercepts the execution of every file on the system (on the premise that no file should be trusted) and checks it against a list of files it knows to be good. If the file is on its known good list, it allows it to execute, if it is not on the list, with default settings, it is then analysed using its cloud AM engine. If it is found to be malicious, it is blocked, if it is not found to be malicious, the user is given the option to allow the file to be run, with the caveat that the file is unknown. If the user chooses to execute the file, BPS will continue to analyse the file to detect malicious behaviour.

If BluePoint is set to not show alerts, the user is not given the opportunity to execute a file if it is unknown or found to be malicious. This approach ensures zero day or unique / custom malware is always blocked.

BluePoint Security 2010 was reviewed on a system running Microsoft Windows 7 (32 bit).

As BluePoint Security 2010 requires active internet connection to function properly because of their cloud based technology, internet connection was active during the review process.

We reviewed the latest version of BluePoint Security, version 1.0.7.99

Our reviewing process had three stages:

1. System Protection Test: we used live URL’s to download 50 Zero-Day malware samples and attempt to infect the system with them.

2. System Protection Static Test: in this test we used 50 samples of malware which were downloaded before, all files are being executed in real time.

3. Infected System Rescue Test: we used BluePoint Security 2010 on a system containing 10 active infections (Buzus, Hupigon, Inject, Koobface, Zbot, Bifrose, Pincav, Mudrop, Renos, Sasfis).

Result of our reviewing process:

System Protection Test: BluePoint Security 2010 successfully blocked all 50 Zero-Day samples from installing in real time.

System Protection Static Test: Blue BluePoint Security 2010 successfully blocked all 50 samples of malware from installing on the host system.

Infected System Rescue Test: BluePoint Security 2010 successfully remove all 10 active infections from the host system leaving no malicious/harmful traces behind.

Conclusion:

BluePoint Security 2010 showed some remarkable protection capabilities scoring 100% in all three stages of our reviewing process.

From the moment you install BluePoint Security 2010 it’s a smooth ride, it makes you feel like you have no Anti-Malware program at all, but make no mistake as soon as the real threat comes it is blocked instantly.

In using their “Bluecore” white list technology and complementing this with the best cloud antivirus engine we have seen to date, Bluepoint offers exactly the kind of protection users need these days.

The user interface is very clear and intuitive, the setting are also very simple. The product comes set with high settings by default so there is no need for any additional configuration. Upon detection BluePoint Security will show you the risk level (low, medium, high, severe) and if malicious the files will ether be deleted or quarantined.

BluePoint Security 2010 looks like a perfect choice for home and corporate users, Malware Research Group recommends this product.

Posted in Malware Alerts | No Comments »

Malwarebytes’s Anti-Malware vs. SUPERAntispyware

February 22nd, 2010

Part 1

On Demand Scan test, 1000 samples used.

Malwarebytes’s Anti-Malware

SUPERAntispyware

Posted in MRG Product Comparison | No Comments »

MRG News

February 19th, 2010

You can now follow our activities on some of the most popular social networking sites.

Check us out on:

Posted in News | No Comments »

CIS 4 Beta VS. Top Guns!

February 19th, 2010

Welcome to our first test of the new decade!

In 2010, MRG will be conducting and publishing an increased number of product reviews, group tests and security articles. We hope our tests will allow readers to make more informed decisions concerning the choice and implementation of security products and that our articles will enlighten and spark interest in new areas of technology

To kick off our first new series of tests, we thought we would put Comodo Internet Security V4 Beta in the spotlight.

CIS 4 s one of the most talked about and eagerly anticipated applications of its type for some time. Because of the keen interest shown in CIS 4, we thought we would really put it to the test and pitch it against three apps that performed best in our labs during the past 12 months – these being A-SQUARED, Avira and G Data.

All four applications were tested against 10.000 of mixed samples in an On Demand test and also on a system with 15 live infections, to assess their effectiveness in cleaning a compromised PC.

Malware categories and amount of samples in each category (10.000 samples):

Trojans/Backdoors- 8.134

Worms- 795

Windows Viruses- 314

Other Malware- 757

(Adware/Spyware, Rogues, Rootkits)

List of malware samples used in Infected System Rescue test (names according to Kaspersky’s malware database):

Backdoor.Win32.Hupigon.dsx

Backdoor.Win32.Inject.dbw

Backdoor.Win32.NewRest.bc

Backdoor.Win32.Rbot.ahjq

Email.Worm.Win32.Gibon.bj

Trojan.Downloader.Win32.Adload.mhg

Trojan.Downloader.Win32.Agent.ctpc

Trojan.Downloader.Win32.Delf.wwk

Trojan.Downloader.Win32.FraudLoad.fip

Trojan.Dropper.Win32.Agent.bjbn

Trojan.Spy.Win32.Zbot.adhp

Trojan.Win32.Buzus.cqmk

Trojan.Win32.FraudPack.achf

Trojan.Win32.Refroso.xio

Trojan.Win32.Sasfis.uak

Both tests were performed using Windows XP Professional Service Pack 3

Program versions:

A-SQUARED Anti-Malware 4.5.0.29

Avira AntiVir Premium 9.0.0.452

COMODO Internet Security 4.0.664.127486 Beta

G DATA Antivirus 2010 20.2.3.6

Results for the 10.000 samples On Demand scan test:

Program Samples missed Detection ratio
A-SQUARED 63 99.37%
G DATA 92 99.08%
AVIRA 97 99.03%
COMODO 101 98.99%

Results for Infected System Rescue test:

A-SQUARED Anti-Malware

Successfully removed all 15 infections , only 1 harmless trace found in the registry.

Avira AntiVir Premium

Failed to remove the folowing samples, malicious traces found:

Backdoor.Win32.Inject.dbw

COMODO Internet Security

Failed to remove the folowing samples, malicious traces found:

Trojan.Win32.FraudPack.achf
Backdoor.Win32.Inject.dbw

G DATA Antivirus

Failed to remove the folowing samples, malicious traces found:

Backdoor.Win32.Hupigon.dsx
Backdoor.Win32.Inject.dbw

Conclusion:

COMODO Internet Security is still in Beta Phase but is already showing that it is able to compete with the Top Guns, we only hope that they improve the cleaning capabilities, we are plainning to test CIS V4 Beta in Real Time very soon.

Keep up the good work!

Malware Research Group

Posted in MRG Product Comparison | No Comments »

Malwarebytes’ Anti-Malware review

December 26th, 2009

Malwarebytes’ Amti-Malware is a very popular security application, in the past few months MRG has received many requests to review this application and we have decided to do it.

We want to start by saying a few words about this product, Malwarebytes’ Anti-Malware ,or as commonly referred to as MBAM, is a product specially designed to give out extra level of protection as it works right next to your primary Anti-Malware application.

As this product is a complementary Anti-Malware application, the reviewing process is slightly changed to show full potential of this program.

We used Malwarebytes’ Anti-Malware 1.42 Professional with the signature database number 3425

The reviewing process had 5 stages:

  1. We will attempt to download and run 15 malware samples using 15 malicious URL’s with Malwarebytes’ Anti-Malware running in the background.
  2. We will attempt to download and install 15 rogues applications using 15 URL’s which are used to distribute rogue applications with Malwarebytes’ Anti-Malware running in the background..
  3. We will run an On Demand scan on 10 samples of malware, these samples come from our Infected System Rescue test and are the ones that were missed by most Anti-Malware applications. These samples are missed, malicious, traces from the system (failed removal), EXE’s and .DLL’s form the system folder.
  4. Real Time Protection test where we will execute 15 samples of malware.
  5. Infected System Rescue test where we will infect the system with 10 samples of malware and will use Malwarebytes’ Anti-Malware to clean the system.

Result of our reviewing process:

  1. 15 malicious URL’sMalwarebytes’ Anti-Malware successfully blocked all 15 malicious URL’s (download nor installation was not possible).
  2. 15 rogue URL’sMalwarebytes’ Anti-Malware successfully blocked all 15 rogue URL’s (download nor installation was not possible).
  3. Malwarebytes’ Anti-Malware detected 8/10 samples missed by other Anti-Malware applications.
  4. Malwarebytes’ Anti-Malware blocked 13/15 samples when we executed them in real time.
  5. Malwarebytes’ Anti-Malware removed all 10 samples of malware from the infected system, no harmful traces were found in active processes, system folder, temporary files, windows registry…

Conclusion:

Malwarebytes’ Anti-Malware is an extremely effective security application, it has many useful features one of which is IP blocking which works perfectly, real time protection is able to block samples which are not recognized by signature based detection (heuristic and IP). It showed us that it was more than capable of detecting, removing and blocking samples that are not being recognized by other security applications.  The program is very simple to install and configure and we believe that even the lesser experienced users will not have any problems with configuration.

Overall, Malwarebytes’ Anti-Malware is doing exactly what it was designed to do, it is offering extra level of protection working right next to your primary Anti-Malware application of choice, we wish to highlight its real time blocking and malware removal capabilities.


Posted in MRG Product Comparison | No Comments »

MRG On Demand and System Rescue test

December 8th, 2009

We have just completed out latest project in preparations for our Project#22. We have combined 2 tests , On Demand Scan and Infected System Rescue, into one. In first part we used 1000 samples of malware and performed an On Demand scan test using seven Anti-Malware Applications:

a-squared Anti-Malware
AntiVir Premium
Bluepoint Security
Hitman Pro
Malwarebytes’ Anti-Malware
Prevx
SUPERAntiSpyware Professional

After we finished our On Demand scan test we performed another Infected System Rescue test, this time we infected the system with 15 samples of malware and attempted to clean all 15 infections with the same seven applications that were used in the On Demand Scan test. Each program had one attempt at cleaning the system.

The results are published in our Malware Tests section.

Feel free to make a comment or ask a question, a thread has been opened in our Forums.

Malware Research Group

Posted in MRG Product Comparison | No Comments »

Ultimate malware remover – Hitman Pro

November 27th, 2009

There is no such thing as the best/perfect malware remover, but the closest thing you can get is a product which is able to detect and remove more then the others, Surfright developed a product , Hitman Pro,  a Cloud based Malware Remover which is using multiple engines (Avira, A-SQUARED, G DATA , Nod32, Prevx) in their cloud to scan all suspicious files.

How does it work?

Hitman Pro will quickly scan your system (the scan takes from few seconds to few minutes) and identify suspicious files which will be compressed and uploaded to the cloud where they will be scanned by multiple engines and you will, in matter of seconds, know are the suspicious files indeed malicious or not. For each detected object you will be able to see which of the engines made the detection. Both detection and removal capabilities have been tested by the MRG team and we are pleased to say that this product is extremely effective when combating active infections as it is effective in detecting Zero-Day threats. There is no doubt about it, Hitman Pro is as close as it gets to malware removal perfection.

We will publish a fully detailed review of Hitman Pro soon.

One thing you need to pay attention to is that all Cloud based applications need active internet connection.

Hitman Pro is recommended by Malware Research Group

Posted in MRG Product Comparison | No Comments »

MRG Videos

November 27th, 2009

Hello everyone,

We would like to introduce the new section in our forums, MRG Videos.

In this section you will be able to see some of our tests, essentially zero day testing, so far we have completed 4 videos (IObit Security 360, BluePoint Security, A-SQUARED  Anti-Malware and Avira AntiVir Premium). Many more videos are being prepared and  will be added in upcoming days.

The videos are uploaded to youtube where you can make comments, you can also make suggestions for future videos both on our forums and youtube.

You can check out our existing videos in our forums , MRG Videos section.

Malware Research Group

Posted in News | No Comments »

Ongoing early life ptoject/Project #3

November 15th, 2009

Welcome to Project #3 of the MRG Ongoing Early Life Testing Project.

Project #3 uses 250 malware samples which we downloaded 24 hours before the test which was run on 14/11/09.

The applications tested are in three categories; cloud based Anti-Malware, traditional Anti-Malware and specialist complementary antimalware.

The cloud based Anti-Malware products were:

• Bluepoint Security 1.0.0.78
• Immunet Protect Beta 1.0.18
• Panda cloud 1.0
• Prevx 3.0.5.10

The traditional Anti-Malware products were:

• A-Squared Antimalware 4.5.0.27
• Avira AntiVir Premium 9.0.0.447
• GData 20.0.1.1
• Kaspersky Antivirus 9.0.0.736
• Microsoft Security Essentials 1.0.1611.0
• Nod32 4.0.468

The results of our Ongoing early life testing project#1 are published in our forums

Malware Research Group

Posted in MRG Product Comparison | No Comments »

Ongoing Early Life Testing Project/Project #2

November 11th, 2009

Welcome to Project #2 of the MRG Ongoing Early Life Testing Project.
Project #2 uses 100 malware samples which we downloaded 24 hours before the test which was run on 07/11/09.

The applications tested are in three categories; cloud based Anti-Malware, traditional Anti-Malware and specialist complementary antimalware.

The cloud based Anti-Malware products were:

• Bluepoint Security 1.0.0.75
• Immunet Protect Beta 1.0.18
• Panda cloud Beta 3
• Prevx 3.0.5.10

The traditional antimalware products were:

• A-Squared Antimalware 4.5.0.27
• Avira AntiVir Premium 9.0.0.447
• GData 20.0.1.1
• Kaspersky Antivirus 9.0.0.736
• Microsoft Security Essentials 1.0.1611.0
• Nod32 4.0.468

The complementary antimalware products were:

• IOBit Security 360 1.20.10
• Malwarebytes Antimalware 1.41


The results of our Ongoing early life testing project#1 are published in our forums

Malware Research Group

Posted in MRG Product Comparison | No Comments »

« Older Entries
Private