Blink Personal - 4.5.1

Well folks, I have been using Blink for quite a while now (almost 2 years). I have made this same posts in a lot of locations on the net, but I feel it is one of the few ways I can explain why I like Blink so much. Hopefully others will understand and agree at some point. I am completely satisfied with Blink. I am also very "anal" when it comes to my computer system and what I run on it. With this being said, I don't have a lot of software installed on my system either that I do not use on a daily basis. The more junk you have installed on your system, the more things you have to keep updated and in the end the more possible avenues of attack (because of vulnerabilities) your system is now exposed to. I think quite honestly, most of the folks that have issues with Blink are probably running a lot of stuff on their systems (i.e. other security applications). The concept of Defense in Depth (by running multiple security applications at once) really does not protect you anymore if you apply the concept to one system. Reason being with the complexity of today's security applications, it ends up causing issues, system slowdown, lockup and many other situations. eEye Digital Security's Blink was intended to be an all-in-one endpoint security suite. It has multiple layers in it that have their own unique function and purpose. Trying to install other security applications alongside it will normally cause issues for a lot of users. With the all-in-one concept in mind, here is what makes Blink special, or in my opinion different from the rest of the crowd. There are five areas that makes Blink better than its competition. 1. Vulnerability Assessment - With each installation of Blink (or node) you have eEye's full fledged "Retina" vulnerability solution built in and already configured to scan your local system. Most security suites do not have such a thing in them. - Quite frankly, today, vulnerabilities in software are becoming the number one vector used to penetrate or infiltrate a system with malicious code. 2. Application Protection - A lot of systems have "Application Protection" (i.e. protection from buffer overflows, etc) in them, BUT you have to configure them and tell them what you want protected. In Blink this feature is enabled for everything running on your system. Granted you may have a few false-positives because of this, but eEye gives you the option of "Opting Out" of protection for any given application, processes, and so forth if you need to based on your particular system or configuration need. 3. IPS - Blink's IPS is very unique. Yes it does have the typical list of attack signatures loaded into it, BUT eEye has coded into it some very unique filters. Blink's IPS also uses Protocol Analysis to detect attacks and exploits. I don't mean Protocol Analysis as in it sits and watches only the ports for a particular protocol, (i.e. 23 for Telnet, 80 for HTTP, ect). It actually analyzes the protocol itself for misuse and code that may be fed down through that particular protocol. In essence a lot of security suites will ask if you want to allow Internet Explorer to access the internet via port 80. You say yes and allow this. At this point they just know what you allowed this traffic and whatever is going through it is allowed. Blink on the other hand continues to watch the HTTP (port 80) protocol and analyzes it for inbound or outbound attacks (via HTML and so forth). - Protocol Analysis (which a lot of your enterprise level and above IDS systems use to detect attacks) is the second biggest difference in Blink that separates it apart from other security suites available now. 4. System Protection - Blink has a very unique System Level protection built it. It monitors a lot of the API calls that are made internally in your system looking for malicious calls and such. This level of protection also contains two sub-sections covering the Registry and Execution protection arenas. - Blink's Registry and Execution protection sections allow you create custom rules to detect almost anything that could take place in the system's registry or to detect something that is maliciously "executing" (i.e. Adobe Acrobat attempts to run a .pdf file that has malicious code in it which when it executes it attempts to start a buffer overflow or attempts to initiate a Command Prompt (cmd.exe) session). 5. ActiveX Protection Engine - Blink has a patent pending ActiveX protection engine built in that protects from such attacks in Internet Explorer. Finally, Blink is designed to do one main thing, protect you from Zero Day Exploits. In other wards, Blink is protecting you from someone or something attempting to use an known or unknown vulnerability that exists in a piece of third party software or the Operating System. Other security applications are aimed at "detection" rates, which are still based on signatures. Yes Blink has signature based detection in it, hence why it has your typical AV component in it too, but that is not Blink's main purpose. Signature products still have their place in protecting you, but they are not the best way of detecting anything anymore. Blink is trying to proactively protect you from the vulnerability that is being exploited, to keep the malicious code from installing itself, running, and then pulling more code down to your local system. Most security applications still seemed focused on "containment" and such. not actually blocking the source of the problem. This is good and all, but if you’re infected, game over, you might as well re-image your system and start fresh. Blink is not the fix to all problems, but it is a step closer to today's threats more so than its competition is. I would honestly NOT recommend Blink to a non-computer savvy person (unless they have someone they can call all the time with questions). Blink can be best used by individuals that understand computers, protocols, and how they interact with one another to secure things. For a knowledgeable user that knows how to configure Intrusion Detection systems, Blink's IPS will be wonderful. It is highly configurable and provides easy rule creation capabilities that they can use to fit their needs. The biggest thing you will notice about Blink is, it is VERY quite. You will not be bombarded over and over with "Are you sure you want to allow this or run this??? Are you, are you sure!!??". The thing that will do the most prompting is the Firewall component. After you have initially configured things to meet your needs, it no longer bothers you as much. Speaking of which, Blink's Firewall component has a "Passive Mode" in which you can enable. This mode allows all inbound and outbound traffic and creates a log entry for anything that does not have a rule for it (to allow it). This makes creating rules easy for anything that you’re not sure how to configure rules for. To finalize things, Blink is a wonderful tool for those that want to secure their system. It does have its learning curve, because it is different. If you are curious to see some of the alerts that Bink shows when something malicious attempts to run take a look at this post I made in eEye's forum: http://forums.eeye.com/forums/t/948.aspx For those wanting to learn more of what Blink focuses on protecting you from, here are some of eEye Digital's Newsletters: ActiveX: Understanding the Threat Spectrum: http://www.eeye.com/html/resources/newsletters/versa/VE200903.html#techtalk Malware Obfuscation: http://www.eeye.com/html/resources/newsletters/versa/VE200806.html#techtalk How Browser Add-On Vulnerabilities Are Becoming an Attackers Best Friend: http://www.eeye.com/html/resources/newsletters/versa/VE20071017.html#techtalk Attackers Are Shifting Their Focus To Client-Side Vulnerabilities, Are You?: http://www.eeye.com/html/resources/newsletters/versa/VE20070516.html#techtalk Other Newsletters: http://www.eeye.com/html/resources/newsletters/versa/index.html You can always download the latest version of Blink Personal Edition (free for one year) from: http://free-antivirus.eeye.com/