eEye Digital Security released an updated endpoint protection, Blink Personal 4.8. I have used eEye security programs for years and appreciate the attention to making a system actually secure. The program provides a series of protections including full virus and spyware protection, an intrusion prevention system (IPS), vulnerability scans, system protection (registry and application), firewall, and a lot of customizable settings for the advanced user. Therefore, the program is really more of an internet security program than a simple endpoint antivirus. All of these protection come in an easy to use package that kind of resembles the Sophos interface.
The installation of eEye was problem free on the test system. The installer is quite large at 179 megabytes, but this seems reasonable considering it has both the 32 and 64 bit versions inside. The installer prompts one to uninstall potentially conflicting software but doesn’t do it automatically. Once the installer finished the program immediately started and didn’t require a reboot to finish. Unfortunately, even though this version is supposedly the latest, the updater had to download several new components including a new updater and antivirus engine, in addition to the definitions (rules). About 30 megabytes of updates needed to be downloaded before initial operation.
Blink Personal 4.8 has three different types of scanning the quick, full, and custom. For each scan one can customize the decompression depth (how far to unzip archived files; speed vs. security trade off), a sandbox scan mode, heuristics, boot sector scanning, and also the scan priority among others. With the scanning priority set to high, scanning is quite slow at an average of 10 files per second. Disk access remained at about 5.3 megabytes per second making it about the same speed as the average free antivirus. The scanner did detect a VNC server on the test system and the quick scan took about 20 minutes to finish. One feature I liked was the option to defer the current scan for a later time period. The virus and spyware management acts like a quarantine and clearly detected all traces of the VNC server including registry entries. One has the option to restore a detected file, add it to a trusted list, or even rescan the file. Quarantine files are also rescanned after every update to mitigate the false positive risk. As far as updating goes there is the option to retry an update if it failed within the last 2 hours.
The most unique thing about Blink Personal 4.8 is its Intrusion Prevention System or IPS and eEye’s specialty. The default set is broken down with analyzers (Http, IP rules that check host headers, upnp, malformed POST requests and 1000’s more) and signatures specific attacks such as a LinkedIN IE Toolbar Buffer overflow. Each rule can be further customized via protocol, whether its local or not, excluded IP’s, and descriptions (has bugtraq and CVE classifications). The best part is that one can create their own rules (very advanced) for very specific situations. This powerful functionality is perfect to lock down a windows server. The system can also capture the specific IP packet involved, has phishing identity protection, and can be set as passive or an IDS.
The firewall also has a comprehensive rule based system. Unfortunately, there isn’t an auto learn mode except for Microsoft signed executables. One will be prompted but on an application level not on a port level so, only initial configuration is required. The vulnerability scanner scans on a schedule basis and can be set according to a user defined time frame. Finally, the System protection has the option to allow or enable removable drives and also has API protection or a self defense for Blink Personal 4.8 items. One can also set an admin password and ban certain IP addresses.
The applications resource usage is average While idle, the program uses approximately 100 megabytes of RAM. When scanning, the RAM usage doesn’t increase (nice) and uses 7 to 10 percent CPU power depending on the scan priority.