Archive for the 'Eeye - BLINK Evaluation' Category
Marc Maiffret Leaves Eeye?
Maiffret’s exit raises questions about eEye by ZDNet’s Ryan Naraine — The co-founder’s exit comes just seven months after eEye dismissed CEO Ross Brown and went through a small round of layoffs to cut costs to cope in a super-competitive vulnerability assessment and intrusion prevention software market. The company has had two CEOs in less than a year.
See his personal site for more information: http://www.marcmaiffret.com
No commentsBLINK Review - From: searchsecurity.techtarget.com
Color Me Complex
Click here for the full Article……………….
by: Ed Skoudis & Matt Carpenter
Issue: Nov 2007
Funneling integrated endpoint security features into one product makes for a murky mix of complexity and immaturity.
Today’s desktop and laptop computers are a complex melange of software: office applications, specialized business programs, homegrown client apps, and ever more complex browsers and operating systems. As an enterprise security pro, you’re lucky if you can get at least two agent-based security tools included in this zoo of your standard builds to protect all of that software. Some of us get only one.
Yet desktop security technology is rapidly advancing, with host-based intrusion prevention systems (HIPS), personal firewalls and other defenses augmenting traditional antivirus and antispyware tools. Because of the severe constraints on the number of host security products our enterprises can deploy and manage, major security vendors have responded with integrated endpoint security suites, rolling a bunch of desktop defenses into a single package.
These endpoint security products have introduced a new dynamism into our industry, as antivirus vendors augment their wares with fresh features to compete against each other and hungry challengers. To help sort out all of this, Information Security evaluated seven enterprise endpoint security solutions. We graded each on its management capabilities, reporting, ability to detect and block malware, detecting and thwarting exploit attempts, and integration of the various desktop security capabilities in one package.
Specifically, we tested CA Threat Man-ager 8.1 and Host-Based Intrusion Pre-vention System 8; eEye Digital Security Blink Enterprise Edition; IBM ISS Pro-ventia Desktop Endpoint Security 9.0; McAfee Total Protection for Enterprise; Sophos Endpoint Security and Control 7.0; Symantec Endpoint Protection 11.0; and Trend Micro OfficeScan 8.0.
Bearing witness to the rapidly evolving nature of the endpoint security space, the three giants of the information security industry–McAfee, Symantec and Trend Micro–responded with beta versions of their suites that were nearly finalized for shipping. (We requested every product we analyzed be available for general purchase by our publication date.)
Many of the problems we encountered with testing and, in some cases, retesting updated versions of these products reflected the difficulties in dealing with beta builds of highly complex packages. But, further, our testing suggests this class of integrated endpoint security products is, for the most part, far from mature.
MANAGEMENT
The immense complexity of these tools can be overwhelming, with more features than almost any distributed system in today’s enterprise. If a given product provides really good security, but cannot be managed across an enterprise in a coherent fashion, it just isn’t useful.
Eeye and BLINK - Protecting Virtualized Environments
eEye’s Blink Endpoint Security Protects Virtualized Environments
Blink® Endpoint Security product protects end users and networks from malware threats and virtualized environments including VMWare sessions and Windows Virtual Machine sessions.
(ALISO VIEJO, CA) August 20, 2007 — eEye Digital Security®, a leading developer of unified client security and vulnerability management tools, today announced that its Blink® Endpoint Security product protects end users and networks from malware threats to virtualized environments including VMWare sessions and Windows Virtual Machine sessions.
Blink additionally provides virus and spyware protection, intrusion prevention and firewalls that protect desktops from zero-day attacks, phishing, ID theft, keylogging, worms, viruses and variants of malware such as hijacking by botnets.
“For clients that have decided to virtualize their Windows environments within VMWare or Microsoft Virtual Server, eEye’s Blink solution can actively protect those sessions just as if they were loaded on physical hardware,” said Morey Haber, eEye VP of Product Management.
“Virtualization provides an environment with many advantages and cost savings and Blink can proactively ensure that the investment is secured regardless how these sessions are deployed and managed,” added Haber.
Blink Professional, Blink Personal and Blink Enterprise editions immediately identify system and application flaws that currently go undetected and unpatched despite regular use by Microsoft Windows Update services.
Blink offers multiple protection layers built into a single lightweight agent, proactively protecting systems and confidential information with:
- Vulnerability Assessment — Defines, identifies and classifies the security risks or vulnerabilities in a computer’s operating system and applications.
- Intrusion Prevention — Analyzes the content of network traffic to block malicious data and allow legitimate traffic to be processed. This includes both intrusions, such as attacks from outside the organization, and misuse, such as attacks from within the organization.
- System and Application Firewalls — Controls the network activity of systems and installed applications.
- Virus, Spyware, Phishing, and Botnet Protection — Performs in-memory protection and disk scanning for computer viruses, worms, Trojan horses, spyware, botnets, and blended threats by checking each process and application before being loaded.
- System Protection — Provides proactive, host-based security against day zero attacks and offers protection against buffer overflow and memory-based attacks.
- Identity Theft Protection — Identifies and responds to attempts to deceive a user with misleading HTML and XML in web pages and email.
- Network-Aware Policies — Dynamically manage policies and configuration settings based on physical network location.
Blink most recently received a “Community Choice Awards” in the Host-Based Intrusion Prevention Systems category by Penton Media’s Windows IT Pro®.
About eEye Digital Security
eEye Digital Security® is the innovative leader in vulnerability and security research, providing security solutions that help businesses and users protect their systems and intellectual property from compromise. eEye enables secure computing through world-renowned research and innovative technology, supplying some of the world’s largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye protects the networks and digital assets of a growing network of more than 9,000 corporate and government deployments worldwide. Founded in 1998, eEye Digital Security is headquartered in Orange County, California. For more information, please visit www.eEye.com.
Primary Agency Contact
Victor Cruz
MediaPR
(508) 655-4397 eEye@mediapr.net
EMEA Agency Contact
Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de
Corporate Contact
Stacy Newman
eEye Digital Security
(949) 900-4131 press@eEye.com
Eeye - BLINK Beta 3.5 - Issues found today….
**********************************************************************
UPDATE: 10/20/07
This below issue has been solved with a work around posted on the Eeye - Forum and also will be permanently corrected with the release of the new 3.5 Stable Version in a few weeks.
**********************************************************************
So today I had major issues with Beta 3.5… so major in fact the only way to get net access again was to remove BLINK 3.5 - and reinstall 3.2 Stable - which of course I cannot find my license info for but will continue to look.. but at least it seems to have solved my connection issues…
So as I see it since I installed 3.5 I have had 3 instances of net connectivity loss….
This loss seems to occur when downloading emails with Outlook.
I will begin to download emails and then the loss will occur - Outlook will timeout then I will try to open IE or Firefox and it will give me the page cannot be displayed page.
Then I will need to restart and as soon as I get back up and running - I will have connectivity - then begin to re-download emails and bang offline again….
When it hangs in outlook and losses connection the following seems to be consistent. And please understand this was not just my Desktop - but also my laptop suffered from the same issues with the same results.. Thus I believe it to be directly related to Outlook or Email downloading or possibly even specific emails that I was happening to download today. One of these emails was a strange 26mb of what appears to be a Video sent from a friend - but the video was parsed into about 3 feet of code and was finally downloaded after I reinstalled Ver 3.2. This code parsing issue is a strange problem I have brought up on the forums with no real answers as of yet.
If this is a one time problem based on a 26mb file that somehow was converted to code by BLINK and locked it up or placed it in forever lock up - block out mode - then so be it but I know it cannot just be me that is having this type of issue.
EXAMPLE EMAIL CODE TO BE POSTED LATER TODAY AS AN EXAMPLE
Here are screenshots of errors received when the lockup occurred and also when I was trying to uninstall Beta 3.5 to revert to 3.2 to try to regain connectivity:
This happened when trying to restart BLINK 3.5 after disabling it to try to see if BLINK was blocking my net access.
Desktop
Laptop when downloading email - 98% CPU Usage
When locked up with Outlook open these were the system usage numbers
This popped up when trying to uninstall 3.5 Beta.
I might have to place my evaluation on Beta 3.5 on hold for a bit till Tech can research this as I still require full use of my machine on a daily basis for work.
Hopefully someone here can shed some light on this and I can clear it up for readers of this review process ASAP.
I am sort of at a loss as to the specific issues but they are a major concern for me as a small business user…. thou I am totally aware it’s still a Beta release I would like to offer any assistance I can to help resolve it.
No commentsEeye.com - BLINK 3.5 Beta - Part 2 - Immediate Feedback…
First Impressions and Items that have changed….
Old Toolbar Above
See the simplified tool bar below:
Version 3.1 System Resource numbers:
Version 3.5 System Resource numbers:
Simplified User Interface….. with very nice pop open menus..
Vs. the old look:
Rule Window Changes - Simplified and allows more rule options…..
And one of the bigger additions - it now includes the ability to Right Click and Scan for Viruses:
And the Simplified user interface for the Quick Configuration Utility:
Items to be covered in the next sections:
What does BETA really mean?
Previous BETA software from Eeye
The GOOD the BAD and the UGLY… Well not so UGLY…
Apps that still work even with BLINK installed..
BLINK in Depth
Multi-Tier Security
Service and Support
Free vs. Paid
Virus and Malware Scanning
Event Logs
And many other topics….
Eeye Releases BLINK 3.5 Beta - Initial Overview
Friday marks the day of the release of the “new and Improved” BLINK 3.5 Beta.
This is going to be a multiple part review, explanation and pretty deep dive into BLINK and my experiences with it based on a more standard approach from most reviews I have read - That of a normal to moderate user vs. the power user IT professional.
I have found many reviews to tout how great the security is using big words and cool tech security terms but in the end we need to look at what Eeye and BLINK are trying to do……. What is that you ask? Well it is to take a product that has been successful in the Enterprise marketplace and release it to the most impossible market on the planet…. you and me, the average home and small business user.
Let me start with the upgrade to the BLINK 3.5 BETA from previous versions just to get it out of the way and let people understand a few things about what “BETA” actually means, my success with previous Eeye Beta versions of BLINK and how truly painless this particular upgrade was to perform and then I will delve into the deeper issues I have found both good and bad and also my entire past history of how BLINK and I have got along since the first major release of the original Beta not so long ago. If you have not figured it out by now, this is going to be a long multi-part in depth review of this product…. I will break it into sections for it to make more sense and allow those who only need to read certain parts to get the most from it…..
BLINK 3.5 BETA - The Install
I have installed and run just about every version of BLINK and BLINK pro since I first heard about the program when Marc from Eeye discussed it on Security Now with Steve Gibson and Leo Leporte. I was a new fan to the Security now podcast mainly because it came at a time where I needed to become a security expert in a week and did not have a week to do it…. Thus I crammed 80 podcasts into 4 days, my head exploded and now here I am reviewing security software. That said I believe I can offer a totally different incite into most aspects of BLINK and the issues that will be faced by the more non internet security expert users.
The upgrade from previous versions to 3.5 Beta is very painless at least in my case. I have to forewarn all that if you are running ANY security software on your machine and you are installing BLINK for the first time with no previous experience or have not taken the time to review the forum on the Eeye site then you just need to plain and simple remove all security related programs before the install.
You say “excuse me What? remove all my security programs to install a security program?” The answer is yes and here is where I will give some disclaimers…
#1 - If you are going to remove security programs, please take some precautions to secure yourself before removing them. Thus as you should already be behind a firewall equipped internet router you are half way there. You might even want to go the extra step and just unplug the internet from your machine. If it is not plugged in it cannot hurt you, well unless you are already infected and then you are just hosed anyway.
#2 - Remove those security programs. Take them all out - All the programs you feel kept you safe and cozy all these years need to go, Norton (do not even get me started), Mcafee, Firewall apps, Spybot, Adaware, all of them need to go. Do you need to really take them all out, well in my opinion the answer is yes, but here is why. BLINK works completely differently than any other applications on the market to secure your system, it works based on a multiple tier system that has layers of protection. This protection see threats that can possibly break the first tier or possibly the second but will be caught by a third or a fourth and so on. This multi tier approach does multiple things most of the benefits being decreased processor usage and resource overhead. (major reductions and I will talk about those later). That said most other applications try to use some of these tiers for their own use and as you might imagine too many chief’s trying to do the same thing equals a nightmare of nothing getting done and lots of toes stepped on…. BLINK needs to be the chief from this point forward.
#3 - Security programs gone? Let’s move on….
Fire up the Beta.exe file and you will see this…..
As you can see I am previously running 3.1.1.1631 (Them IT Security guys love their version numbers) and this is simply a warning to make sure I am wanting to upgrade to to Version 3.5. You pick - I selected Yes…
Now this is one of the most important screens if you have been previously using Blink… Configuration information is something with BLINK you will come to both LOVE and HATE all in the same day… If you have been using it you already know this and you will not remove it under penalty of death and unrelenting pop ups… if this is your first install you would not see this or the next screen.
Same as the above screen this is for previous users and if you are already licensed you will want to retain your previous license by clicking NO
Sure I will share - Yes or No is your choice I simply told them I was installing the BETA - Data is incredibly important for software development, I have no issues adding my diatribe to try to help the cause. Maybe I will get a “I survived the BLINK BETA” T-Shirt. If you disconnected from the internet you will not be able to fill out the survey and I find it a bit hard to swallow that after basically asking me remove security software from my computer it will then open a browser window to ask me questions… maybe not the best plan depending on how strictly the person installing the application follows rules… Just my opinion…
Got to love America and the “if you install this your computer might explode and we are not responsible message” but if I was Eeye I would do it also because people have tried to dry their dogs in the microwave because the user manual does not say you cannot…. welcome to our society, its just scary and Eeye has not bricked my system as of yet so I almost will throw out the trust word….
Second screen = more of the same - I would actually head the warnings when installing any kind of Security related software especially one like BLINK that is so deeply going to protect your system from intrusion. Security = Pain, You might as well just start getting used to it as it does get better you just have to understand it…
Yes - you heard it here first - Abide by the warning - Remove them before installing. I will go over what I have added back after install with no negative results in the last portions of this review.
License Agreement and Privacy Policy
Destination Folder…..
Time to Install…..
Install takes about 1-2 Minutes tops possibly less unless you need to uninstall applications.
Success and now the fun begins….
You will notice that BLINK will initialize and start the protection engines as part of this initial startup BETA 3.5 now pops open the Auto Update box…
Perform the Auto Update and you should see results like this:
Now you are running the latest and greatest updated version of the BETA 3.5 application.
Part two of this review will dive into BLINK - Some of the issues you will find and I have found that still bother me to this day and the overall impressions I have about the application and how it can both help and or hinder in the Home and Home Office / Small Business marketplace. Hopefully this will help users like myself to better understand where the future of internet security is heading and what we will all need to do to prepare for the future when involved as many of us have to be as the one guy or girl in the office that happens to know more than anyone else about how to keep the small network running or simply the fact you are the boss and your livelihood is connected to the cesspool we call the internet.
Items to be covered in the next section:
What does BETA really mean?
Previous BETA software from Eeye
Old Vs. New - The Changes…
The GOOD the BAD and the UGLY… Well not so UGLY…
Apps that still work even with BLINK installed..
BLINK in Depth
Multi-Tier Security
Service and Support
Free vs. Paid
Virus and Malware Scanning
Event Logs
And many other topics….
