Spunner:Blink is watching for known and unknown malware, or programs that try to do stuff maliciously.
I am not trying to say you do not need WinPatrol. What I should have said originally was, if something was to attempt to exploit or use any protocol out of an abnormal way Blink will more than likely simply drop the process silently alert you. Blink obviously will not halt the installation of some known malicious programs, but it will alert you to its presence when it attempts to change a internal process or make external contact. This is also why I like to use a limited user account all the time, it stops a lot of day-to-day malware from even installing itself to begin with, changing startup processes, or further system changes.
Blink's main purpose is to prevent exploitation of your system from known and unknown "vulnerabilities", hence this is why it does protocol analysis mostly. I think a lot of people try to compare Blink to, lets say for example purposes, your normal application firewall like Outpost Pro. First off Outpost is just another firewall to me and yes I use to use it all the time along with SSM. Granted yes, it does have very nice self protection, passes a lot of the "Leak Tests", alerts you to a lot of things trying to make outbound connections, and process changes. That is fine and dandy and all, but what it will not do is necessarily protect your system being exploited from a vulnerability lets say in a piece of software or an exploit imbeded in HTML coding on a website, or from a Java flaw etc.
Another example that I can think of with Outpost and a majority of all other firewalls is this. Outpost will alert you to lets say IE, Mozilla, or another program wanting to connect to the internet, but once you tell it yes that program is allowed to use so and so port, all is said and done...Outpost goes about its business. What if something attempts to exploit you via the traffic you just said was allowed? It will not help you at that point. This is what Blink's purpose revolves around.
Quite frankly too, in my opinion, if something does get into my system yes it is nice to be alerted about it, but at that point can I really "trust" my system from then on? I can't. I mean you can remove the parasite and so forth, but there is some stuff out there that can hide itself and after you remove it you think all is good. Then 5 days down the road your saying, "Dang, I removed that, what the heck!??" So really once you have something, better safe then never, restore your system to a known good point. This is why I do not believe in the relying on signature based programs as much as I use to anymore, I just do not get the warm and fuzzy anymore from them. I think security has changed a lot from the build of your defenses and wait. Now days people with malicious intent are nolonger thinking, "Yeah I will hack into this or that." Instead they will use something to exploit a known vulnerability and wait for some poor unlucky person to come across it and all is good for them at that point. I am sure some folks will disagree with me, but I am not here to really argue, just talk about things and what not like you are. Maybe a eEye representative can elaborate on this also and take things further into detail.
Spunner: WinPatrol watches my Windows Startup, my BHOs, my File Associations, Scheduled Tasks, Internet start page and Services.
Blink would more than likely pick up on any malicious injection attempts of DLL modules in IE (in the case of BHO's). Anything attempting an outbound connection to a known malware site would also be brought to your attention. This is covered under some of Blink's IPS signatures.
Blink may not pick up on File Associations part true enough, but you can set Blink to warn you about Window's Startup changes in the registry if you wanted to. It was made note of in another post by Christopher.