Looking For A Tiny Alternative

Discussion in 'other firewalls' started by bvagnoni, Apr 7, 2006.

Thread Status:
Not open for further replies.
  1. bvagnoni

    bvagnoni Registered Member

    Joined:
    Oct 15, 2003
    Posts:
    16
    Hi Everyone;

    I'm looking for a Tiny alternative because I'm tired of waiting. I posted this a long time ago on the Tiny site but it's gone now. I don't expect to get everything I want in one product, but what about multiple products.

    I'm aware of pretty much all the well known commerical stuff so no need there. I'm looking for excellent but not well known products that could give me the grandular control of Tiny.

    Process control:

    Familar with Process Guard, and Ghost Security any others out there? I remember someone telling me about a product that looked promiseing though I can think of the name, ssm, ssi something like that maybe.

    Firewall:

    First has anyone tried Eeye's Blink? I know about CHX-1 anything else cool out there with lots of tweaks.

    Any help would be welcome. I looked around here for awhile but didn't see anything new.

    Brian
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    although its currently just a beta, Core Force seems the closest thing to Tiny.
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    You'd be thinking of SSM. Here's a link:

    http://syssafety.com/
     
  4. bvagnoni

    bvagnoni Registered Member

    Joined:
    Oct 15, 2003
    Posts:
    16
    what about ids rule sets, can you import snort ids rules set?

    Brian

    wsfuser what is your affiliation with core if any?
     
  5. bvagnoni

    bvagnoni Registered Member

    Joined:
    Oct 15, 2003
    Posts:
    16

    thanks
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    none, i just suggested it as an alternative to tiny.
     
  7. bvagnoni

    bvagnoni Registered Member

    Joined:
    Oct 15, 2003
    Posts:
    16
    what about ids rulesets?

    brian
     
  8. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    I'm trialing Blink. Really good impression.
    Modules: system firewall, application firewall, intrusion prevention, identity theft, anti spyware, application protection; vulnerability assessment (system scanner).

    Pros:
    application firewall (not tested with leaktests)
    IDS with ability to customise rules ( Snort? rules included )
    not needed modules can be easily disabled

    Cons:
    high memory usage (all modules enabled (tot. 4 processes)) ~48MB + virt.mem. ~58MB
     
  9. Khaine

    Khaine Registered Member

    Joined:
    Oct 2, 2002
    Posts:
    127
    Can you post some screenshots of blink in action ?
     
  10. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    Hmm, lets try...

    Main window
    [​IMG]
     

    Attached Files:

  11. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    Options:
    [​IMG]
     

    Attached Files:

  12. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    Application firewall:
    [​IMG]
     

    Attached Files:

  13. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    Intrusion prevention:
    [​IMG]
     

    Attached Files:

  14. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    Looks pretty interesting!
     
  15. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Looks interesting how is the testin going. How does it compare with Tiny or have you not tried that?
     
  16. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    Blink is Zone Alarm like program ( user friendly ), IMHO only much better ( IPS, vulnerability scan ) - don't like ZA for fooling peoples too.

    Blink is more concentrated on internet security:
    http://www.eeye.com/html/products/blink/features.html

    Tiny is never ending beta, so you must accept beta's features ( read BUGS ).
     
  17. herbalist

    herbalist Guest

    If you're willing to use 2 separate applications as opposed to one suite, System Safety Monitor and Kerio 2.1.5 make a formidable combination. Both are rule based applications. The most recent version of System Safety Monitor has a very effective "learning mode". I've been testing it for a while now, letting it run its own course instead of importing my normal "paranoid" ruleset. It's done very well, unlike many apps with versions of automatic rule creation.
    While much has been made of the fragmented packet vulnerability in Kerio 2.1.5, if used in combination with SSM, fragmented packets would not be able to execute any commands or start processes without being intercepted by SSM. They complement each other very well. Unlike competing HIPS, SSM runs great on the older systems, win98 and ME as well as XP. Neither loads down or slows my system.
    Rick
     
  18. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Blink looks interesting. Would you mind posting some ScreenShots of the Application Protection? They seem to have left that part out of their flash demo...
     
  19. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    In Application Protection are anly two options :

    O Monitor and log only ( OR )
    O Terminate process and restart on malicious API calls

    And all controll is in ..\Blink\Config\apiex.ini :
    -------------------------------------------------------------------------
    #process;MD5;Protection method;action

    #process
    #it can be:
    #-the process name (usually the name of the exe)
    #-full path to the file - which can eventually contain environment variables -
    #-can be a star (*) meaning all files

    #MD5
    #If present, the process field will be ignored
    #This field is optional

    #Protection method
    #Can be one of the folowing:

    ###############
    #API Protection class
    #-SetWindowsHookEx, TerminateProcess, WriteProcessMemory
    #For all these, the next field ,action can be 0 (disabled) or 1 (enabled)

    #example
    #disable SetWindowHookEx for all proceses
    *;;SetWindowsHookEx;0

    ################
    #Application protection class
    #-Kevlar

    #Kevlar supports the following actions
    #0 - Application Protection is disabled for the specified process
    #1 - Reserved - do not use
    #2 - Kill the thread where suspicious calls where detected
    #3 - Kill the process where suspicious calls where detected
    #4 - Deny the suspicious call
    #5 - Kill the process and then restart it

    #Examples
    #;CFED2D28F5B8A24127E9E06043070643;SetWindowsHookEx;0
    #Services.exe;;SetWindowsHookEx;0
    #%SystemRoot%\system32\services.exe;;SetWindowsHookEx;0
    #Services.exe;CFED2D28F5B8A24127E9E06043070643;SetWindowsHookEx;0

    ##################################################
    #Rules
    ##################################################

    #default Application Protection rules
    %SystemRoot%\system32\lsass.exe;;Kevlar;4
    %SystemRoot%\system32\svchost.exe;;Kevlar;4
    %SystemRoot%\system32\csrss.exe;;Kevlar;4
    %SystemRoot%\system32\services.exe;;Kevlar;4
    inetinfo.exe;;Kevlar;2

    #protect Blink processes
    blinksvc.exe;;TerminateProcess;1
    blinkrm.exe;;TerminateProcess;1
    eeyeevnt.exe;;TerminateProcess;1

    eeyeevnt.exe;;Kevlar;0

    %ProgramFiles%\Eeye Digital Security\Console\shell.exe;;WriteProcessMemory;0
    Iexplore.exe;;Kevlar;2
    ------------------------------------------------------------------------
    Changes comes into force after system restart.
     
  20. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    How did it all go - did you buy or try something else?
     
  21. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    After trialing dropped. First impression was really good, but after some time found it working strange way - some rules worked, some not, IDS identified me attacking servers ( only browsing with IE ).
     
  22. SecDev

    SecDev Registered Member

    Joined:
    May 14, 2006
    Posts:
    6
    With Tiny Firewall bought out by CA does this leave nobody really truly left to stand up to the plate and do all of what Tiny actually did?
     
  23. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Thank for the update - cross Blink off my list for now.
     
  24. SecDev

    SecDev Registered Member

    Joined:
    May 14, 2006
    Posts:
    6
    I tried CoreSecurity and after installation it BSODed. Upon rebooting it BSODed when Windows loaded. I could not get the machine back up until I reverted back to prior configuration. It's the only piece of software that has bsoded this machine in about 6 months and the 2nd or 3rd piece of software to bsod the machine in about 1 1/2 years.
     
  25. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    So? It's a beta, and it's a heavily intrusive software, so you should have known the risks of installing it on an "important" system. It most certainly had a conflict with something in your configuration; it doesn't BSOD at all on my machine. In this cases to complain is not helping anybody. You could have sent them the memory dump and they most probably would have looked into it.
     
Thread Status:
Not open for further replies.