eEye Blink free anti-malware and firewall

holymakeral · Joined: Sep 27, 2004 Posts: 21

Anyone know anything about this? I can't find any reviews, but it looks very good, if it is works.

http://www.eeye.com/html/products/blink/personal/index.html

Quote:

Blink® Personal Edition

eEye Digital Security is offering Blink Personal Internet security with Antivirus for free as a 1-year subscription for personal and home office use in North America1. This offer is only available for a limited time, so you must act now!

While many vendors have offered free trial versions of their security products to address single security pain points (such as antivirus or antispyware), Blink Personal is the only free integrated Internet security solution to completely protect users’ systems and their personal information.

Blink Personal is the first Internet security solution to build all of the necessary protection layers into a small package that breaks the ‘bloatware’ mold of other Internet security products. Click the link to see how Blink stacks up to other Internet security offerings - at any price.

sec_researcher · Joined: Apr 12, 2007 Posts: 1

holymakeral wrote:

Anyone know anything about this? I can't find any reviews, but it looks very good, if it is works.

http://www.eeye.com/html/products/blink/personal/index.html

Quote:

Blink® Personal Edition

eEye Digital Security is offering Blink Personal Internet security with Antivirus for free as a 1-year subscription for personal and home office use in North America1. This offer is only available for a limited time, so you must act now!

While many vendors have offered free trial versions of their security products to address single security pain points (such as antivirus or antispyware), Blink Personal is the only free integrated Internet security solution to completely protect users’ systems and their personal information.

Blink Personal is the first Internet security solution to build all of the necessary protection layers into a small package that breaks the ‘bloatware’ mold of other Internet security products. Click the link to see how Blink stacks up to other Internet security offerings - at any price.

Aye, I work there. Smile

(Hope this is not considered a "commercial soclicitation", as it is a free product... and this is hand written for this forum...)

C|Net has just posted a review on it the other day:
http://reviews.cnet.com/Blink_Personal_Edition/4514-3667_7-32401509.ht...part=cn

We have some usability issues as we enter into the home market, but I am honestly excited about being able to get it out there and with free AV.

Our clients have been mostly enterprise, middle size, and governmental networks previous to this.

We are listening to all feature suggestions on our forums and really appreciate any suggestions or bug reports.

We are famous within the security industry, for finding security issues, and for Retina, which is a vulnerability assessment tool a lot of people use.

We are looking to get wider coverage by offering it for free for a year. Only the AV component will not remain free after that. Everything else we plan to keep free as "Blink Network Neighborhood". (Though there will remain a Blink Personal with AV for a very inexpensive price and we have other offferings for more demanding networks such as a full management system.)

Personally, I have been pushing for this for quite sometime. So, I am glad to see that we can finally do it.

We protect against most exploits, historically, even before they came out. This is not your average firewall.

For instance, here is our list of security bugs we have found in various products:
http://research.eeye.com/html/advisories/published/

In a sense, this is a tool designed by vulnerability experts as the perfect solution.

These things said, we have a number of usability issues to make it more user friendly for the home user in the works. Thankfully, a lot of generous new users have been helping with this.

Our forums are getting pretty active and we are trying to reply to everything on there.

Thanks!

Drew Copley
Senior Research Engineer
eEye Digital Security

wguru · Joined: Oct 05, 2008 Posts: 6

Like the ease of install, well planned main window and adequate GUI, but nothing says how to send virus files when Blink Personal fails to detect it (it only affords sending it in if it catches it and quarantines it!).

Nowhere can I find so much as a link to an eEye forum, not in the main window or even at eEye's website. Worse, BP' missed my co-worker's pen drive infected w/bar311.exe (aka some 30 different names, Mal_Otorun, hides as an Autorun.inf when in fact it's bar311,exe, also known as a Winzip123 varient).

Problem is, once I detected it's side effects, and neither SpyBot or BP' was detecting it even when I unmasked it using File Unlocker, nothing in Blink told me how to send it to their lab for analysis. Even pointing the file out to those two usually reliable progs, also failed to detect the virus.

Long of the short, I then went to TrendMicro's Housecall, supposedly it cleaned it, still saw it in registry (before re-booting), then not sure if me and/or TM is the culprit, but after I followed some regedit instructions from two different forums (fixes for some varients of bar311 that closely resembled mine), after re-booting (w/system restore off, big mistake number 2), now the laptop logs on and immediately back off.

I know, don;t truxt forum fixes, but they more or less worked as bar311 was cleansed until reboooting (w/syatem restore off no less). Only until I resorted to going elsewhere for a remedy, did Housecall (I feel, screwed me).

No resolution but to F10 and "try" using the onboard formatting function, as nothing I can figure out (even in safe modes) will gett me back to my desktop.

Wrote in to both SpyBot and eEye's feedback, but no real word got to me before I made mistake of using TrendMicro, etc.

I feel I'm so screwed and mostly because eEye Blink Personal let me down big time where it fails miserably at so much as divulging what I see as owed adequate support links, e.g.; at least to a forum, not to mention how to submit an infected file (when it fails to quarantine it).

Blue1978 · Joined: May 07, 2009 Posts: 2

I have joined this forum with hopes of increasing my knowledge and to try to spread the word about eEye's Blink security endpoint protection suite. I feel this is very much needed because the product itself, is not widely known. For those that may not know, the product that eEye is most known for, especially in the Department of Defense/corporate America arena, is the Vulnerability Assessment program called Retina. eEye, since day one, has focused on one
mission: Creating security applications that protect from vulnerabilities and attacks on Windows based server and client systems:

http://www.eeye.com/html/products/index.html

eEye has some very good articles on their website, which has great information that has been simplified for the everyday user to read. A lot of this information is part of the basis for why Blink was created to begin with.

"ActiveX: Understanding the Threat Spectrum"

http://www.eeye.com/html/resources/newsletters/versa/VE200903.html#techtalk

"Malware Obfuscation"

http://www.eeye.com/html/resources/newsletters/versa/VE200806.html#techtalk

"How Browser Add-On Vulnerabilities Are Becoming an Attackers Best Friend"

http://www.eeye.com/html/resources/newsletters/versa/VE20071017.html#techtalk

"Attackers Are Shifting Their Focus To Client-Side Vulnerabilities, Are You?"

http://www.eeye.com/html/resources/newsletters/versa/VE20070516.html#techtalk

Blink first started out as an enterprise level product, which provides the explanation to why so many people ask all the time why is Blink's interface and customization options so granular in nature.
The first thing I want to point out, that not a lot of people realize is, Blink is trying to do one thing that "most" all of the other security products out there are not doing, which is protecting from known and unknown vulnerabilities that exist in software and operating systems from being exploited. Quite frankly, this one of the hardest things to do in today's environment. This is why I feel, imo, you can not site here and compare Blink with the rest of the large company's products fairly. I am not trying to throw dirt on the other security products out there, but I always use one particular article from Computerworld that explains a lot of why I am sitting here defending and trying to promote Blink. You can see the article here:

http://www.computerworld.com/action/article.do?command=viewArticleBasi...mp;arti

The test referenced in this article, conducted by the company Secunia, is located in the following PDF:

http://secunia.com/gfx/Secunia_Exploit-vs-AV_test-Oct-2008.pdf

I tell a lot of people straight forward and in advance, unless you are a more advanced computer user, which understands the basics about protocols, how they work, and security principles in general, you will not get the most out of Blink and be able to appreciate it as much. I would honestly recommend to the everyday user that is NOT comfortable with running security applications and who rather be walked through everything like most security applications do, to not use Blink. If you like creating firewall, IPS, and other rules in general, you will learn to love Blink.

So, with this in mind, I wanted to point out a few unique areas of Blink that makes it special.

1. Vulnerability Assessment - This is one feature that most all of the competition out there does not have. Blink has included Retina for free, which is built in and already configured to run and scan your local machine for vulnerabilities.

NOTE: Today vulnerabilities, in software and the operating system, is becoming the number one
vector used to install malicious code on a system without a user realizing it is happening.

2. Application Protection - A lot of security applications have generic "Application Protection" (I.e. protection aimed at stopping buffer overflows, etc) built into them. Most of these systems are limited, or you have to manually configure them which leaves too much room to misconfigure a system leaving it open to compromise. Blink's Application Protection is enabled for the system and everything on it. Think of this as an intelligent form of Data Execution Prevention (DEP). Blink's form protects from Heap, Stack, and Integer based buffer overflows.

3. IPS - Blink's IPS is very unique. For one, it uses Protocol Analysis, which is mostly only offered in your higher end enterprise based IDS systems. When I say this, I don't mean it sits and watches the port the protocol uses, it actually analyzes into the protocol itself.
Second of all, Blink's IPS is not purely reactive, meaning; it reacts and BLOCKS things all the time (as most IPSs are defaulted to). Blink's IPS also allows you to simply configure rules to Alert on suspicious activity (as an IDS would do).
It does have the typical list of known attack signatures, but eEye has made it unique by hard coding into it their own unique Protocol Analyzers modules, referred to as "BAMs".

4. System Protection - This in a sense, is part of Blink Application protection capabilities, but is sub-sectioned into two categories (explained below). The System Protection monitors all of the API calls within the system looking for malicious calls and or process termination attempts (sometimes used by malicious code to disable a security system allowing it to install itself without resistance). The two subsections of System Protection are "Registry" and
"Execution" protection. These monitor the registry and detect when something is misusing an execution process (if you want to think of it that way). For example, a maliciously crafted PDF file may contain specially crafted shell code in it that is designed to execute with the user opens it and then afterwards, carry out an intended malicious function (i.e. Adobe Acrobat is used maliciously to run the code).

5. ActiveX Protection Engine - This is the newest added feature in Blink. eEye has a patent pending ActiveX protection engine built into the IPS. This now allows it to protect your system from one of the more abused aspects of Internet Explorer.

As I preached before, Blink is designed to do one main thing, protect a system from Zero Day Exploits/Attacks. Other security applications are more focused on "detection" rates, still based on signatures. Yes, these have their place in security don't get me wrong, but this type of defense will not protect from a Zero Day. Blink does have a signature based AV/Spyware module in it (provided by Norman's AV), but once again that is not Blink's main purpose. Blink is trying to proactively protect you from the vulnerability that is being exploited, which is then used most of the time to elevate system privileges or to download more malicious code to the system locally. Most security applications seemed focused on "containment" after the infection has installed and ran itself. This is not actually mitigating or blocking the source of the problem. Quite frankly, with some of the stuff out there, once it executes you might as well re-image your machine at that point.
Blink's AV component has, at times, been the source of some system slowdown for some users. I will not lie about this, but this is due to one main reason. Most AV products scan the file when it is touched (on access, read, write, etc) or manually when told to do so. The Norman AV solution used in Blink, has a Sandbox technology built into it. Through this Sandbox, eEye was able to create custom APIs that hook into the Sandbox allowing Blink to analyze a piece of code. This in numerous instances will detect a piece of malicious code without an AV signature being made for it. Normally when this occurs, it will be named W32/Malware or have some generic name that makes no sense. Example, a user clicks on an Excel spreadsheet document. Upon execution, the behavior of the process execution is monitored in the Sandbox of Norman's AV. If it is found to beacon out to the internet, or attempts are made to makes changes to critical system settings, it will be flagged by Blink and execution is prevented. So in essence, the AV component is doing a lot more processing than your typical AV products are, it is Sandboxing and monitoring execution commands.

In summary, Blink is not the fix to all problems, but it is a step closer to protecting from today's threats more so than its competition is. Some users will attempt to install other security applications alongside Blink, this is not advised and for the most part ends up creating a lot of headaches and users quit using Blink. Blink has many layers of protection and quite frankly you don't need a lot more.
I hope after reading this, it helps some people understand what Blink is all about. It frustrates me to all ends when I see users saying, "I see Blink only detected 5 out of 10 Malware samples. I recommend AVG, not Blink." Okay, once again, Blink is not trying to compete in this area of expertise, Blink is trying to stop things from happening to your system that are way more severe (and unnoticed by the user) than a simple Trojan installing itself.

If you are curious to see some of the types of alerts that Bink shows when something malicious is caught, take a look at this post I made in eEye's forum located here:

http://forums.eeye.com/forums/t/948.aspx

The latest version of Blink Personal Edition, which is free for one year, can be downloaded from:

http://free-antivirus.eeye.com/

eEye Digital Security's forums are located at:

http://forums.eeye.com/forums/

Blue1978 · Joined: May 07, 2009 Posts: 2

Blink Personal Edition 4.4.1 has been released!

For more information, you can view the release notes here:

http://forums.eeye.com/forums/p/1091/4710.aspx#4710

Anyone wanting more information (to include viewing screenshots) on Blink Personal Edition can visit the post I have created in eEye's forums located here:

http://forums.eeye.com/forums/t/998.aspx?PageIndex=1