BluePoint Security 2010 Review
We first came across BluePoint Security about six months ago and thought at the time it seemed an innovative product. We have included it in our tests and it performs very well, in fact, it is an exceptional product, as is demonstrated by its performance in our last official test where it was the only full antimalware product to pass.
We have mentioned before about the increasing amount of malware being produced and the efforts of security vendors to keep up with this. One popular means employed by vendors is cloud technology which allows vendors to react to new malware faster and protect their customers against these threats more quickly. Whilst cloud technology helps increase detection efficiency, it still fails to solve the problem of protecting users from zero day threats.
The fundamental problem with traditional antivirus / antimalware applications is that they use black listing. This approach is somewhat like the law, which states you are innocent until proven guilty. This philosophy may be great for use in Human law, where it is rightly argued it is better to let ten guilty men go free than execute one innocent man, but not so good when applied to computers.
BluePoint Security 2010 takes a different approach in that it assumes all files are guilty – it intercepts the execution of every file on the system (on the premise that no file should be trusted) and checks it against a list of files it knows to be good. If the file is on its known good list, it allows it to execute, if it is not on the list, with default settings, it is then analysed using its cloud AM engine. If it is found to be malicious, it is blocked, if it is not found to be malicious, the user is given the option to allow the file to be run, with the caveat that the file is unknown. If the user chooses to execute the file, BPS will continue to analyse the file to detect malicious behaviour.
If BluePoint is set to not show alerts, the user is not given the opportunity to execute a file if it is unknown or found to be malicious. This approach ensures zero day or unique / custom malware is always blocked.
BluePoint Security 2010 was reviewed on a system running Microsoft Windows 7 (32 bit).
As BluePoint Security 2010 requires active internet connection to function properly because of their cloud based technology, internet connection was active during the review process.
We reviewed the latest version of BluePoint Security, version 184.108.40.206
Our reviewing process had three stages:
1. System Protection Test: we used live URL’s to download 50 Zero-Day malware samples and attempt to infect the system with them.
2. System Protection Static Test: in this test we used 50 samples of malware which were downloaded before, all files are being executed in real time.
3. Infected System Rescue Test: we used BluePoint Security 2010 on a system containing 10 active infections (Buzus, Hupigon, Inject, Koobface, Zbot, Bifrose, Pincav, Mudrop, Renos, Sasfis).
Result of our reviewing process:
System Protection Test: BluePoint Security 2010 successfully blocked all 50 Zero-Day samples from installing in real time.
System Protection Static Test: Blue BluePoint Security 2010 successfully blocked all 50 samples of malware from installing on the host system.
Infected System Rescue Test: BluePoint Security 2010 successfully remove all 10 active infections from the host system leaving no malicious/harmful traces behind.
BluePoint Security 2010 showed some remarkable protection capabilities scoring 100% in all three stages of our reviewing process.
From the moment you install BluePoint Security 2010 it’s a smooth ride, it makes you feel like you have no Anti-Malware program at all, but make no mistake as soon as the real threat comes it is blocked instantly.
In using their “Bluecore” white list technology and complementing this with the best cloud antivirus engine we have seen to date, Bluepoint offers exactly the kind of protection users need these days.
The user interface is very clear and intuitive, the setting are also very simple. The product comes set with high settings by default so there is no need for any additional configuration. Upon detection BluePoint Security will show you the risk level (low, medium, high, severe) and if malicious the files will ether be deleted or quarantined.