Looking For A Tiny Alternative

Hi Everyone;

I'm looking for a Tiny alternative because I'm tired of waiting. I posted this a long time ago on the Tiny site but it's gone now. I don't expect to get everything I want in one product, but what about multiple products.

I'm aware of pretty much all the well known commerical stuff so no need there. I'm looking for excellent but not well known products that could give me the grandular control of Tiny.

Process control:

Familar with Process Guard, and Ghost Security any others out there? I remember someone telling me about a product that looked promiseing though I can think of the name, ssm, ssi something like that maybe.

Firewall:

First has anyone tried Eeye's Blink? I know about CHX-1 anything else cool out there with lots of tweaks.

Any help would be welcome. I looked around here for awhile but didn't see anything new.

Brian

 

although its currently just a beta, Core Force seems the closest thing to Tiny.

 

You'd be thinking of SSM. Here's a link:

http://syssafety.com/

 

what about ids rule sets, can you import snort ids rules set?

Brian

wsfuser what is your affiliation with core if any?

 

thanks

 

none, i just suggested it as an alternative to tiny.

 

what about ids rulesets?

brian

 

I'm trialing Blink. Really good impression.
Modules: system firewall, application firewall, intrusion prevention, identity theft, anti spyware, application protection; vulnerability assessment (system scanner).

Pros:
application firewall (not tested with leaktests)
IDS with ability to customise rules ( Snort? rules included )
not needed modules can be easily disabled

Cons:
high memory usage (all modules enabled (tot. 4 processes)) ~48MB + virt.mem. ~58MB

 

Can you post some screenshots of blink in action ?

 

Hmm, lets try...

Main window

 

Options:

 

Application firewall:

 

Intrusion prevention:

 

Looks pretty interesting!

 

Looks interesting how is the testin going. How does it compare with Tiny or have you not tried that?

 

Blink is Zone Alarm like program ( user friendly ), IMHO only much better ( IPS, vulnerability scan ) - don't like ZA for fooling peoples too.

Blink is more concentrated on internet security:
http://www.eeye.com/html/products/blink/features.html

Tiny is never ending beta, so you must accept beta's features ( read BUGS ).

 

If you're willing to use 2 separate applications as opposed to one suite, System Safety Monitor and Kerio 2.1.5 make a formidable combination. Both are rule based applications. The most recent version of System Safety Monitor has a very effective "learning mode". I've been testing it for a while now, letting it run its own course instead of importing my normal "paranoid" ruleset. It's done very well, unlike many apps with versions of automatic rule creation.
While much has been made of the fragmented packet vulnerability in Kerio 2.1.5, if used in combination with SSM, fragmented packets would not be able to execute any commands or start processes without being intercepted by SSM. They complement each other very well. Unlike competing HIPS, SSM runs great on the older systems, win98 and ME as well as XP. Neither loads down or slows my system.
Rick

 

Blink looks interesting. Would you mind posting some ScreenShots of the Application Protection? They seem to have left that part out of their flash demo...

 

In Application Protection are anly two options :

O Monitor and log only ( OR )
O Terminate process and restart on malicious API calls

And all controll is in ..\Blink\Config\apiex.ini :
-------------------------------------------------------------------------
#process;MD5;Protection method;action

#process
#it can be:
#-the process name (usually the name of the exe)
#-full path to the file - which can eventually contain environment variables -
#-can be a star (*) meaning all files

#MD5
#If present, the process field will be ignored
#This field is optional

#Protection method
#Can be one of the folowing:

###############
#API Protection class
#-SetWindowsHookEx, TerminateProcess, WriteProcessMemory
#For all these, the next field ,action can be 0 (disabled) or 1 (enabled)

#example
#disable SetWindowHookEx for all proceses
*;;SetWindowsHookEx;0

################
#Application protection class
#-Kevlar

#Kevlar supports the following actions
#0 - Application Protection is disabled for the specified process
#1 - Reserved - do not use
#2 - Kill the thread where suspicious calls where detected
#3 - Kill the process where suspicious calls where detected
#4 - Deny the suspicious call
#5 - Kill the process and then restart it

#Examples
#;CFED2D28F5B8A24127E9E06043070643;SetWindowsHookEx;0
#Services.exe;;SetWindowsHookEx;0
#%SystemRoot%\system32\services.exe;;SetWindowsHookEx;0
#Services.exe;CFED2D28F5B8A24127E9E06043070643;SetWindowsHookEx;0

##################################################
#Rules
##################################################

#default Application Protection rules
%SystemRoot%\system32\lsass.exe;;Kevlar;4
%SystemRoot%\system32\svchost.exe;;Kevlar;4
%SystemRoot%\system32\csrss.exe;;Kevlar;4
%SystemRoot%\system32\services.exe;;Kevlar;4
inetinfo.exe;;Kevlar;2

#protect Blink processes
blinksvc.exe;;TerminateProcess;1
blinkrm.exe;;TerminateProcess;1
eeyeevnt.exe;;TerminateProcess;1

eeyeevnt.exe;;Kevlar;0

%ProgramFiles%\Eeye Digital Security\Console\shell.exe;;WriteProcessMemory;0
Iexplore.exe;;Kevlar;2
------------------------------------------------------------------------
Changes comes into force after system restart.

 

How did it all go - did you buy or try something else?

 

After trialing dropped. First impression was really good, but after some time found it working strange way - some rules worked, some not, IDS identified me attacking servers ( only browsing with IE ).

 

With Tiny Firewall bought out by CA does this leave nobody really truly left to stand up to the plate and do all of what Tiny actually did?

 

Thank for the update - cross Blink off my list for now.

 

I tried CoreSecurity and after installation it BSODed. Upon rebooting it BSODed when Windows loaded. I could not get the machine back up until I reverted back to prior configuration. It's the only piece of software that has bsoded this machine in about 6 months and the 2nd or 3rd piece of software to bsod the machine in about 1 1/2 years.

 

So? It's a beta, and it's a heavily intrusive software, so you should have known the risks of installing it on an "important" system. It most certainly had a conflict with something in your configuration; it doesn't BSOD at all on my machine. In this cases to complain is not helping anybody. You could have sent them the memory dump and they most probably would have looked into it.