eEye Blink Personal Edition Anti-Virus Anti-Spyware: Windows 2000/XP Only

Well folks, I have been using Blink Professional for quite a while now (almost 2 years now). I am completely satisfied with it. I am also very "anal" when it comes to my computer system and what I run on it. With this being said, I don't have a lot of software installed on my system either that I do not use on a daily basis. The more junk you have installed on your system, the more things you have to keep updated and in the end the more possible avenues of attack (because of vulnerabilities) your system is now exposed to.
I think quite honestly, most of the folks that have issues with Blink are probably running a lot of stuff on their systems (i.e. other security applications). The concept of Defense in Depth (by running multiple security applications at once) really does not protect you anymore if you apply the concept to one system. Reason being with the complexity of today's security applications, it ends up causing issues, system slowdown, lockup and many other situations.
eEye Digital Security's Blink was intended to be an all-in-one endpoint security suite. It has multiple layers in it that have their own unique function and purpose. Trying to install other security applications alongside it will normally cause issues for a lot of users.
With the all-in-one concept in mind, here is what makes Blink special, or in my opinion different from the rest of the crowd. There are five areas that makes Blink better than its competition.

1. Vulnerability Assessment - With each installation of Blink (or node) you have eEye's full fledged "Retina" vulnerability solution built in and already configured to scan your local system. Most security suites do not have such a thing in them.

- Quite frankly, today, vulnerabilities in software are becoming the number one vector used to penetrate or infiltrate a system with malicious code.

2. Application Protection - A lot of systems have "Application Protection" (i.e. protection from buffer overflows, etc) in them, BUT you have to configure them and tell them what you want protected. In Blink this feature is enabled for everything running on your system. Granted you may have a few false-positives because of this, but eEye gives you the option of "Opting Out" of protection for any given application, processes, and so forth if you need to based on your particular system or configuration need.

3. Intrusion Prevention - Blink's IPS is very unique. Yes it does have the typical list of attack signatures loaded into it, BUT eEye has coded into it some very unique filters. Blink's IPS also uses Protocol Analysis to detect attacks and exploits. I don't mean Protocol Analysis as in it sits and watches only the ports for a particular protocol, (i.e. 23 for Telnet, 80 for HTTP, ect). It actually analyzes the protocol itself for misuse and code that may be fed down through that particular protocol. In essence a lot of security suites will ask if you want to allow Internet Explorer to access the internet via port 80. You say yes and allow this. At this point they just know what you allowed this traffic and whatever is going through it is allowed. Blink on the other hand continues to watch the HTTP (port 80) protocol and analyzes it for inbound or outbound attacks (via HTML and so forth).

- Protocol Analysis (which a lot of your enterprise level and above IDS systems use to detect attacks) is the second biggest difference in Blink that separates it apart from other security suites available now.

4. System Protection - Blink has a very unique System Level protection built it. It monitors a lot of the API calls that are made internally in your system looking for malicious calls and such. This level of protection also contains two sub-sections covering the Registry and Execution protection arenas.

- Blink's Registry and Execution protection categories allow you create custom rules to detect almost anything that could take place in the system's registry or to detect something that is maliciously "executing" (i.e. Adobe Acrobat attempts to run a .pdf file that has malicious code in it which when it executes it attempts to start a buffer overflow or attempts to initiate a Command Prompt (cmd.exe) session).

5. ActiveX Protection Engine - Blink has a patent pending ActiveX protection engine built in that protects from ActiveX attacks and vulnerabilities in Internet Explorer.

Finally, Blink is designed to do one main thing, protect you from Client Side vulnerabilities and Zero Day Exploits. In other wards, Blink is protecting you anything attempting to use an known or unknown vulnerability that exists in a piece of software installed on your system or within the Operating System itself. Other security applications are still more concerned with "detection" rates (signature based approach). Blink has signature based detection in it also, hence why it also has your typical AV component, but that is not Blink's main strength or aim in defending your system. Signature based products still have their place in protecting you, but they are becoming more and more a last resort technique used to detect attacks today. Blink is trying to proactively protect you from the vulnerability that is being exploited in attempts to prevent malicious code from executing and trying to install itself to begin with. Most security applications are focused on the "containment" of these items after they have already executed, but not necessarily trying to block the source of the problem to begin with. With the type of Malware that is out there now, once you become infected, you might as well re-image your system and start fresh.
Blink is not the fix to all problems, but it is a step closer to today's threats more so than its competition is. I would honestly NOT recommend Blink to a non-computer savvy person (unless they have someone they can call all the time with questions). Blink can be best used by individuals that understand computers, protocols, and how they interact with one another to secure things. For a knowledgeable user that knows how to configure Intrusion Detection systems, Blink's IPS will be wonderful. It is highly configurable and provides easy rule creation capabilities that they can use to fit their needs.
The biggest thing you will notice about Blink is, it is VERY quiet. Blink will not be bombarded you over and over asking "Are you sure you want to allow this or run this? every time you attempt to run or access something. The thing that will alert you the most with pop-ups requiring your action is Blink's Application Firewall component. After you have initially configure things to meet your needs, it no longer bothers you as much. Speaking of which, Blink's Firewall has a "Passive Mode" feature in which you can enable. This mode allows all inbound and outbound traffic and creates a log entry for anything that does not have a rule for it (to allow it). This makes creating rules easy for anything application or process that is not functioning or is being blocked by the firewall.

To finalize things, Blink is a wonderful tool for those that want to secure their system. It does have its learning curve, because it is different. If you are curious to see some of the alerts that Bink shows when something malicious attempts to run take a look at this post I made in eEye's forum:

http://forums.eeye.com/forums/p/948/4176.aspx#4176

I have compiled a bunch of past reviews done on prior versions of Blink. Links to these reviews have been posted in this forum post:

http://forums.eeye.com/forums/t/774.aspx

Below are some articles that eEye has written that give a lot of good information. A lot of this was taken into consideration when creating Blink and also provides some information on Blink’s ActiveX protection module.

"Understanding ActiveX":

http://www.eeye.com/html/resources/newsletters/versa/VE200903.html#techtalk

"Malware Obfuscation":

http://www.eeye.com/html/resources/newsletters/versa/VE200806.html#techtalk

"How Browser Add-on vulnerabilities are becoming an attacker’s best friend":

http://www.eeye.com/html/resources/newsletters/versa/VE20071017.html#techtalk

"Client Side Vulnerabilities":

- This is what Blink focuses on protecting from.

http://www.eeye.com/html/resources/newsletters/versa/VE20070516.html#techtalk

More supportive arcticles can be found here:

http://www.eeye.com/html/resources/newsletters/versa/index.html

===============================================================
You can download Blink Personal Edition (free for one whole year) from the following location:

http://free-antivirus.eeye.com/

Information on the latest version of Blink can be found in this forum post:

http://forums.eeye.com/forums/13.aspx