eeye Blink

hmmm,... first impressions,
I dont like the activation needed before the firewall will actually run,... no firewall running ~ not a good idea to be connecting to the internet,. this then downloads a registration page/window to be filled out and returned,.. again not something I like (I bet they dont like the details I entered), but after this, the firewall activated, which promptly executed IE to connect out,.. but I was, at least, given a popup to allow/deny this attempted connection.

Looking at the "system firewall rules" I was not happy to see rules to allow "AppBus" (I dont know what this is yet_ no actual application mentioned,.. just a rule to allow this), but this was allowed outbound connections to remote ports 2000 and 21690,.. but what I found worrying was this was also allowed inbound connections to local ports 2000 and 21690. There where also a number of other rules, which, well,.. I removed (IPSEC allow inbound etc), anyway,... moving on to the default application rules,....
Windows applications such as Svchost and rundll32 where given default rules to allow all outbound TCP,.... RPC mapper(port 135) was allowed both inbound and outbound connections,.. UPnP was allowed,.. RPCSS.exe(port 135) allowed,.. remote shares (ports 139/445) allowed, even windows explorer was given allow RPC(port135) and HTTP(port80) LSASS.exe allowed all,......... this is certainly not a ruleset I would connect directly to the internet with.

Anyway,.. I will change the rules, and check on how the firewall runs,... and then run some leaktests/portscans etc.

I will update later.

Edit/update
I was going to check if the firewall blocked internet access during boot, but it does not (svchost was allowed outbound~ blocked at my gateway),... I have also noticed that all default rules are again in place after re-boot (user rules gone),.. but this may/probably just be a bug,...

Applications showing:-
eEye app..........mem usage........VM size
BLINK.exe.........10,682k.............18,280k
blinkrm.exe........11,736k............12,284k
blinksvc.exe.......27,376k............25,740k
eeyeevnt.exe.....5,744k.............3.436k

Have just made some quick port scans,... port 2000 TCP is showing as open, I take it this is the "Appbus",.. I will check on what is bound to this port. All other ports showing as filtered(stealth).

Leaks: the firewall failed on most I tested:-
PCflank............Failed
DNS tester.......Failed
cpil.................Failed
Firehole...........Passed
Ghost 1.1........Failed
Jumper 1.0.......Failed
Surfer.............Failed
Thermite.........Passed
Tooleaky.........Failed
Wallbreaker:-
1................Failed
2................Failed
3................Failed
4................Failed

 

Very interesting Stem. So glad I did not try it out since I would have been totally lost and unaware of what was going on. Looks like best to pass on by on the other side of the road.

 

I think still a little too early to say,..
I know the default firewall rules are too open,.. but these can be changed/saved. My concern at the moment is the open TCP port, which I still need to check out.

The "system protection" which consists of first, "Registry protection": needs manual config, which would take some time to create a full ruleset, hopefully on full release rules will be included (as I see no way in save/load rules for this). Then there is the "Execution prevention", which again needs manual config,.. as with this, you need to enter the program you want to block from execution, including the parent app(wildcards can be used),.. which I think is strange, as I thought this would of been more like, for example PG,.. where a prompt is given for any started program,.. with user input to allow/deny.

The most interesring part, is by far the "Intrusion prevention", which I think is going to keep me interested for a while. This consistes of 2 main areas,.. "Analyzer" and "Signatures",.. there are many rules by default, and user rules can be put in place (IP/Application layer). The rules are similar to CHX 3, (examples: - IP options / frags / IP protocol no/ TTL:........ header pattern search / trigger / payload)


I will continue to play for a while..........

 

Belgamin: You didn't seem to agree with my previous statement that you only see my work in any of my posts, this is a very clear example.

Blink is a firewall, not an anti-malware, it has almost nothing in common with Prevx1. I'm not posting as a "competitor" because they're NOT a competitor to Prevx1 any more than Look'n'Stop, Outpost, Kerio, or any other firewall. Blink's intrusion prevention is network intrusion prevention (albeit on the host). If you see my statements as negative, then my warnings may apply to you. My point was to give a heads up to pay attention to the privacy policy, they don't collect data the same way that Prevx1 does (and btw, once again, Kareldjag's review was on Prevx Pro, which works completely differently than Prevx1, even in the reporting). Some people have concerns about it, so I repeated the statements of at least one or two reviews out there already: "some won't like it" - read the privacy policy so that there are no surprises. It doesn't bother me personally (otherwise I wouldn't have installed it), but if it's something that concerns you, then it would behoove you to read up before using it. They are a legitimate company and not doing anything illegitimate, IMO, but some people will still be made uncomfortable by it.

I'm posting here as a user. I am using Blink along side Prevx1 on my personal computer (and without much trouble). I'm sorry if you feel I should not have the right to participate here, Belgamin, but that post was made on personal time (1:23am my time) and had nothing at all to do with my work. I am still first and foremost a security enthusiast, and I still play with security apps out of personal interest, even if I don't have as much time as I used to.

I would really encourage you to think hard about jobs that you've had, and how rediculous it would be for someone to accuse you of such things just because it bares some loose resemblance to your employer's product or service. I'm not the CEO or a sales person, I'm an employee that's about as low on the totem as it gets. If you have further remarks regarding my personal opinions, I would strongly encourage you to PM me (that goes for anyone, really) so we can come to some mutual agreement rather than continue with public jabs. If it was my job to have an opinion of Prevx1 I could see your point, but my job is to have technical knowledge of Prevx1 instead, and I would hope that I could be granted the same liberty as others with the same kind of affiliation with other products (ie, those that help people out with the product, not those that make the product and own the business). I still use other products, and still have personal opinions outside of work. To be fair you will not see me posting my opinion on anything that directly competes with Prevx1, or Prevx1 itself, but Blink is in no way similar... and that was a good portion of what I was actually saying.

IMO that's a big plus; different is good.

I actually like Blink, but it's different enough that some people will get frustrated if something goes wrong. I like it specifically because it uses more traditional security concepts used by businesses with real assets to protect. The downside of that is that it may not be suitable to those that want a simple security solution that anyone can pick up and use without much interaction. To be clear, it's not my intention to say that as a negative, it's the same kind of warning that any member here would/should give about any such app. If you need to unblock something in Blink you will need to edit a config file. If you're not comfortable with doing that kind of thing, then you probably don't want to get into it. If you're going to fully appreciate what Blink can do, you will want [to have or have a willingness to gain] some knowledge of technologies beyond the consumer security software market.

As far as it needing lots of work on particular areas.. well, yeah.. it's a beta. That's how betas go. The application protection is causing problems on my system, interfering with things like the media center, so I'm leaving that disabled for the time being.. since it only covers 3 APIs (and even just disabling those individually does not resolve the issues I'm seeing), I don't feel I'm missing much by doing so.

 

This is actually what piqued my interest as well.. and it's about the only feature I'm using (which is why I hope the memory usage goes down, although I'm using some of the other protection components but I feel that they go along with the IPS feature well enough to consider them one in the same). I personally prefer LnS for the firewall part (disabling Blink's firewall seems to leave it working perfectly well alongside LnS), but the intrusion prevention is something that I've really been wanting on the desktop.

 

I am a current user of Zone Alarm. If it had a product activation key that suddenly expired and then could not contact the company server or gets bought out, then I guess I would look elsewhere. I had to do that when the free internet access services started to drop like flies and disappear. I am sure that others will not put up with activation keys that no longer work.

As for the issue of data mining mentioned in earlier posts. I have hesitated to install software from companies that use and monitor the user's computer information. My company had a major project that used data mining that flopped big time earlier this year when the contractors could not produce workable programs. Big waste of money.

 

Does nobody has a clue why Blink gave me a strange warning, it´s in post nr 13.

And eventhough it has a couple of interesting and unique features, for the moment I will not install it on my real system, they really need to improve certain things first.

Btw, OT: I must say that I enjoy reading the posts from Notok, so please continue, and I agree with you (post nr 29). And besides even if you do promote Prevx sometimes it´s still up to the enduser to decide which app he/she likes, I for instance think Prevx sucks.