Tips and Tricks

downloading big update

jaiamma — Sun, 25 Oct 2009 06:51:41 GMT

Hi,

I've got Blink Pro 4.4.2 with a current license. I'm overseas and the net connection here is very slow. I try to download the 55MB update using TOOLS - CHECK FOR UPDATES but the download always fails. Any other way to download this 55MB update for Blink Pro 4.4.2?

Thanks,

Tom

Useful Registry Protection Rules #1 - Run Key

Blue1978 — Wed, 13 Aug 2008 19:08:28 GMT

Here are 2 rules that are useful that I have created under the "Registry Protection" tab located in the System Protection section.

NOTE: These rules do have a few minor setbacks if you choose to use them which I will explain later. These setbacks are easily overcome though.

Most of the Malware out there will attempt to create a registry key of its own that allows it to run itself at system startup. Here are two rules that you can use to prevent this from happening.

Create rules with the following in the fields:

1. Registry Key Tab -

Specifiy the Registry key that this rule will protect: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Match Type: Partial

Caller Tab -

Specify the call that this rule will filter against: *

Match Type: Wildcard

Do not use the caller MD5 is selected

Action Tab -

Write box is checked, Deny is selected, and the Log box is checked.

2. Registry Key Tab -

Specifiy the Registry key that this rule will protect: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Match Type: Partial

Caller Tab -

Specify the call that this rule will filter against: *

Match Type: Wildcard

Do not use the caller MD5 is selected

Action Tab -

Write box is checked, Deny is selected, and the Log box is checked.

Rule Results:

The PROS: You will be notified, it will be logged, and the attempt will be blocked, anytime a program or malware attempts to create a registry key

in the two locations above. This will keep most anything from starting itself with your system each time that you did not allow in the first place.

The CONS:

- If you install a program that you want to start each time when your system starts, then temporarily disable these rules before you begin the installation process.

- You may also want to disable these rules too when your uninstalling a program that you want to remove. I have noticed instances of the program trying to remove the registry keys in placed in these locations during the uninstall process.

I have learned both of these the hard way by myself. :)

- WHEN your doing Microsoft Update or installing a program (that you want to start with your system each time you log on), you will need to temporarily disable these rules to accomodate these situations.

------------------------------------------------------------------------------

Recommended Custom IPS Signatures

Blue1978 — Thu, 05 Feb 2009 22:15:28 GMT

I have created this forum post for anyone that wishes to post any useful Intrustion Prevention Signatures that they may have added to Blink that might benefit others.

Here is one rule I have created myself (that I add to periodically) that has the purpose of blocking my system from making any contact with particular domains that are known for tracking users and for delivering flash banners ads which lead to a lot of the malware deliering sites out there.

Under the "Website Blocking" section of the IPS Signatures tab, I made a duplicate of the MySpace Web Request signature and then renamed it to "Additional Web Requests". I then deleted Myspace.com out from under the Search Pattern section of the rule. I then added in the followng terms:

.doubleclick.

.fastclick.

.yieldmanager.

.atdmt.

.ad.

.webtrends.

.webtrendslive.

.google-analytics.

.googlesyndication.

.quantserve.

.2mdn.net

- none of the boxes at the bottom (of each of these entries) were checked.

(LAST UPDATED: 08OCT09)

How to Create a Memory Dump File for a Blink Kevlar Alert

Blue1978 — Sat, 05 Sep 2009 13:32:04 GMT

Recently with the release of Blink version 4.4.1, eEye has incorporated a very useful function that creates a memory dump file when anything sets off Blink's Application Protection Engine (aka "Kevlar"). This is useful, because these dump files can be sent to eEye to be examined allowing them to determine if an alert was a false-positive or an actual attack that was stopped.

To give you an example:

Recently, when I try to play a DVD movie in Windows Media Player, Blink will halt Windows Media Player and show me the following Kevlar alert:

Event ID: BLINK-APP-100
Severity: High
Description: Blink detected a suspicious system call.
Alert: Yes
Application: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Reason: KERNEL32.DLL!GetModuleHandleA
Action: Restart process
Application Arguments: "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1

Well, to eEye this is not enough information to determine whether or not this is something malicious, or a piece of code that when it runs (looks malcious to Blink, but is not) upon the attempt to run a video file. I know this particular alert is not malicious. In my attempt to troubleshoot, eEye advised me of a simple registry key that you import into your system, that forces Blink to create a memory dump anytime Kevlar alerts on something. Once you have imported this registry key, a Kevlar alert will now show the following:

NOTE: At the end of the alert, it now shows you the path where the dump file is located at so you can go and retrieve it.

This particular dump file turned out to be a little over 300mbs in size.

-----------------------------------------------------------------------------------------------------

Now, if your interested in setting this up so your system will do the same (so you can submit these helpful files to eEye) the following registry key must be imported to your system:

For 32bit Operating Systems:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\eEye\Blink]
"CreateDumps"=dword:00000001

For 64bit Operating Systems:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\eEye\Blink]
"CreateDumps"=dword:00000001

-----------------------------------------------------------------------------------------------------

To create the key, copy the text above (which ever applies to your type of system) and paste it into notepad. Finally, name it anything you want, but change the file extension to; .reg when you go to save it. To import it to your system, simply double left click on it as if you were attempting to run an executable (.exe) file. It will prompt and ask if you want to add it to your system and so forth.

I have also uploaded both registry keys (for both 32bit and 64bit systems) in a zip file named "KevlarDumps.zip" to this post for anyone that does not know how to complete the above process that I have explained. They can simply download the zip file and use the one that fits your needs and you should be good!

Finally, I am not sure how eEye would like these files to be sent to them (since they usually end up being too large for email), but you can email lnicula@eeye.com OR bpatten@eeye.com and ask them for further instructions on what to do if you happen to gather some of these dump files for alerts that you feel are false-positives. Always be sure to include information on what Operating System your using, etc when you email them.

eEye Auto-Update Feature

Blue1978 — Fri, 17 Jul 2009 00:14:41 GMT

Here is an interesting feature that has existed in Blink. For anyone that did not know, AFTER you do an manual update of Blink and it completes, you are left with the "Update Summary" window showing the final status of the updates. If you select one of them and then click on the Details button in the lower right of the screen, you will see information regarding what the update included in it. Not a lot is shown for the Antivirus Engine when it updates, but if you receive an update for the Blink portion, the output is quite interesting.

After doing an manual update on my Blink Server Edition, I noted the following bit of information for the Blink module after clicking on the Details button:

--------------------------------------------------------------------------------------------------
                RELEASE NOTES FOR APPLICATION: BlinkServer VERSION: 4.3.2
--------------------------------------------------------------------------------------------------

SECTION: Rules        VERSION: 1533

--------------------------------------------------------------------------------------------------
Removed a false positive.

SECTION: Audits        VERSION: 2108

--------------------------------------------------------------------------------------------------
add       9070 - Mozilla Firefox 3.5.0 Multiple Vulnerabilities (Zero-Day) - Windows
add       9071 - Mozilla Firefox 3.5.0 Multiple Vulnerabilities (Zero-Day) - UNIX/Linux
add       9072 - Mozilla Firefox 3.5.0 Multiple Vulnerabilities (Zero-Day) - Mac OS X
add       9073 - Sun Java JDK/JRE XML Signature HMAC Truncation Bypass (Zero-Day) - Windows
add       9074 - Sun Java JDK/JRE XML Signature HMAC Truncation Bypass (Zero-Day) - Linux
add       9075 - Sun Java JDK/JRE XML Signature HMAC Truncation Bypass (Zero-Day) - Solaris

I have noticed a lot of times you will find out about new Zero Days (that you did not know existed) from eEye. Pretty neat simple trick. Keep in mind though, you must do this right after you update Blink. If you close the window and come back in again and attempt to use the Details button, nothing will be available to look at anymore.

Tips for Un-installing/Re-installing Blink Successfully

Blue1978 — Fri, 12 Sep 2008 01:30:53 GMT

If you currently have Blink installed on your system and you want to remove it completely from your system and install it fresh from scratch please read below:

Blink can be picky at times and it will sometimes give you problems if you do not completely remove its old registry keys and program files folder before attempting to install it again. Here is what I would recommend doing to avoid such difficulties to begin with.

I have had problems in the past with a lot of the programs out there that claim to clean your registry. Some either seem to corupt things when you use them or cause other problems you notice later. I have found one program that does work and that I can vouch for that I use on a regular basis. It is called Ccleaner. It is free program and is kept updated regularly (so check for updates from time to time). It can be found here (I took you straight to its download link instead):

http://www.filehippo.com/download_ccleaner/

Its actual website is: http://www.ccleaner.com/

1. First install this program. I will go over a basic setup of the program now with you for the heck of it.

Here is what I have set in the program for my choices.

On the main window of the CCleaner program you will see 2 tabs: Windows and Applications. Applications is the items it detects that are installed on your system and what it senses it can clean from these programs (if anything). Under the Windows Tab I have everything checked (except the wipe free space function at the very bottom). If you care about how things are grouped in your start menu area (where the Windows Update shortcut is) uncheck the "Start Menu Shortcuts" choice under the System Section. If you go to the Options section (on the left side) select Settings. I have everything unchecked under that section and at the bottom I have the NSA overwrite method for when it destroys and deletes things. The include area of this section is where you can include extra folders and things you wanted deleted (if you wish). Under the Advanced portion of the Options section I have only one thing checked, it is the Hide warning messages.

2. Go to the Tools section of this program. Select the Startup option. Select Blink's startup item and delete it. (This takes Blink's startup registry key and deletes it keeping Blink from starting the next time you reboot your system).

3. Set what you want in this section and then restart your system. Blink should not restart with your system now and you should be able to uninstall it completely this way.

4. Once your system is restarted, uninstall Blink from the "Add or Remove Programs" section in Windows Control Panel. After you un-install Blink, restart your system again.

5. After your reboot (after the un-install) run Ccleaner. First select the "Cleaner" function button on the left and then click on the "Run Cleaner" button in the lower left and it will start its process. After it is done, it will show you what it has removed.

6. Next, select the Registry button on the left of Ccleaner's main window. Select Scan for issues at the bottom. If it finds anything, allow it to fix them. Keep doing this until it does not show anything after you select the "scan for issues" button.

7. Next go to your C:\Program Files folder (for Windows XP) or C:\Program Files (x86) (for Windows Vista) and make sure the "eEye Digital Security" folder is not there. Also check under the C:\Program Files\Common Files and see if anything is left related to eEye or Blink. If anything is found in any of these folders, delete it, and then rerun your Ccleaner's "Cleaner" and "Registry" cleaners one more time after your done (sometimes it will find more items that are no longer needed that were associated with that file folder you just deleted).

8. Download the latest version of Blink. Before you install Blink, I would recommend going into CCleaner and then to the "Tools" section on the left side, and then to the Startup section. Temporarily disable anything from starting with your system by selecting the item and then clicking on the Disable button at the bottom of CCleaner's window.

9. After you are done installing Blink, I would recommend restarting your system again (after you go back into the Startup Tab, under "msconfig" again, and re-enable everything that was checked before. After your system reboots itself, run CCleaner one last time to tidy up any loose ends that it may find.

10. In CCleaner, make sure you have re-enabled any programs that you wish to start with your system once again and reboot your system to ensure they start properly.

To download the current version of Blink Personal Edition (free for one year) go to this page: http://free-antivirus.eeye.com/

Blink command-line

masvmasv — Wed, 15 Jul 2009 16:52:38 GMT

Hi!

I'm working in a project and I want use Blink anvitirus in a command-line.

Blink have command-line support ?

I need scan a specific path and make .log file, like:

BlinkAVScan.exe c:\windows /report:c:\blink.log

Thank you

Which Version of Blink Should I Buy?

Winifred — Sat, 27 Jun 2009 03:22:32 GMT

Hi, all. I am doing a bit of research before buying Blink. I've been using the free version and my time is nearly up. Any suggestions, anyone? I'm a single user (not a business, etc.) if that matters. Thanks!

"Security/Privacy" Related Programs That Work Well With Blink

Blue1978 — Thu, 30 Oct 2008 21:53:51 GMT

After personally trying and testing numerous programs (Security or Privacy related) I have found that the following programs behave well when ran with either the Blink Personal or Professional Editions of Blink. Little to no changes were required to make these programs function. IF any changes were required to be made, I have made note of them.

I have used these on Windows XP Professional SP3

Virtual Machine Related Applications Tried:

1. VMWare Workstation - http://vmware.com/products/ws/

2. VirtualBox - http://www.virtualbox.org/ (Completely Free)

3. Parallels - http://www.parallels.com/

Security Related Applications Tried:

- These items work great alongside Blink as standalone scanners (i.e. you start them up to scan your system and then shut them down when your done)

1. Prevx CSI - http://www.prevx.com/freescan.asp

2. SuperAntispyware Free Edition - http://www.superantispyware.com/download.html

3. ClamWin Portable - http://portableapps.com/apps/utilities/clamwin_portable

- This is nice because you can either run it from a USB flashdrive or you can move the single folder that it runs from somewhere else (like on another partition of your hard drive as I have done)

Privacy Related "Cleaning" Applications Tried:

1. CCleaner - http://www.ccleaner.com/

How to Properly Lock Down Windows XP Professional

Blue1978 — Mon, 23 Feb 2009 20:39:57 GMT

This is a brief description of how to configure Windows XP Professional, which if completed properly, will increase your online security dramatically. The following setup will work for about 95% of the folks out there.

IF you choose to go through with this setup and configuration, it is at your own risk. I will however attempt to provide you with as many pointers as I can to make it go as smoothly as possible.

First off, before you continue with all of this, I recommend you do three things. 1. If you don't already have one, buy yourself an external hard drive (at least 100GB in size). 2. Find yourself an easy to use backup program that will allow you to image your system's hard drive and will easily enable you to save the images you create to the external hard drive you have. I personally use and recommend the program Acronis True Image Home 2009 for imaging my system. You can though; use whatever works best for you. The point of this is, once you are able to make images of your system, you will no longer have to go through all of the heartache and pain that I am about to briefly take you through ever again. You will simply restore your system from an image you made with your backup program. It will make it a snap to recover from a system crash and or any other security related reason you may encounter. 3. Make sure you have ALL of the drivers for your computer system and any other devices you wish to install before you continue! Save ANYTHING that is important to you that currently resides on your computer system to a folder, on the external hard drive that I was speaking of earlier, so you can access it later.

Throughout this post, I will refer to clicking on a particular button or I will explain where to navigate to a location in Windows. This will be partially explain by using ">>" between the button (and or location/link) that you need to interface with.

Complete the following steps:

PRE-INSTALLTION NOTE: Make sure you do not have ANY devices attached to your system before installing Windows XP (unless you need a floppy disk drive or something to install RAID drivers for example).

1. Boot your system from your Windows XP Professional disk. When it comes to the part about installing XP, I would first recommend DELETING the existing partition on your hard drive and creating a new one. Me Personally, I would create a partition no smaller than about 30GB (30000 MBs) or about half of your hard drive for Windows XP. The reason for this is it makes it easier to image your computer when it comes time and the other partition you can later on create into a separate area on your computer (as a separate drive letter) for storing things that are isolated from your main OS file system. Either way, you choose what you want to do. Continue on with installing Windows XP.

2. After you have finished installing Windows XP and it boots up to your desktop for the very first time STOP. The account that you are currently logged on with is your user account, however, you have full administrative privileges with this account. You don't want this and currently you do not want to do anything else at the moment with this account.

- Make sure your system is not connected to the internet at this point.

- Any prompts to automatically install drivers for anything that Windows XP detects on your system, ignore at this point and simply CANCEL out of the prompts.

Continue the following steps:

1. Right Click on Start >> Properties Select the "Classic Start Menu", Select Apply and then OK. You should now see some more useful common icons on your desktop.

2. Start >> Settings >> Control Panel >> User Accounts >> "Change the way users log on or off".

- Make sure the two options are NOT checked under this page. Select "Apply Options".

3. Close the "User Accounts" window.

4. Restart your system. You should not be prompted with what is known as the "Classic

Log On" screen which shows only a window with a Username and Password field.

5. Enter "Administrator" in the username field and leave the Password field blank.

- Hit Enter to log on. This is the built in Administrator account in Windows XP Professional.

- From this point on, the majority of the configuration changes will be made from this account.

Complete the following steps from the Administrator account:

1. Right Click on Start >> Properties Select the "Classic Start Menu", Select Apply and then OK. You should now see some more useful common icons on your desktop.

2. Start >> Settings >> Control Panel >> Performance and Maintenance.

- Under this menu, right click on the "Administrative Tools" at the bottom and select Create Shortcut. Allow it to place the shortcut on your desktop. This will give you a shortcut now to one of the most accessed areas in Windows XP as an Admin (other than Group Policy) that you will be using. At this point, when I refer to "Administrative Tools" it will be going to it via this shortcut that was created. You can name this shortcut anything that you want to.

3. Administrative Tools >> Computer Management >> Local Users and Groups (on the left) >> double click Users folder (on the right).

- Right click and select delete for the following users in this section.

"HelpAssistant" and "SUPPORT_ ..."

- You should only have left the Administrator, Guest, and any other account names that you created when you installed Windows XP.

4. Groups folder (on the left) >> double left click on Administrators (on the right).

- Delete out any names that are in here EXCEPT Administrator. Select OK when you are done.

5. Double left click Users (on the right side).

- Select Add. In the bottom of this window add in the name(s) of the other account(s) and select OK. Do this for any other accounts you have created. This places these accounts in the normal User's group.

- Click OK on the Users Properties window when you are done here.

6. Right click Start >> Explore >> Tools (at the top) >> Folder Options >> View tab.

- Under this tab make sure ALL boxes under the "Files and Folder" section at the bottom except "Display the contents of system folders" are checked.

- Under Hidden files and folders make sure the "Show hidden files and folders" is selected. The only other boxes below this that should be checked are:

"Hide protected operating system files (Recommended)"

"Remember each folder's view settings"

"Show encrypted or compressed NTFS files in color"

"Show pop-up description for folder and desktop items"

- YES, uncheck the "Use simple file sharing (Recommended)" This is the biggest change here that must be made.

- Select Apply at the bottom right and then the "Apply to All Folders" button at the top. Select OK to close this window.

7. Restart your computer

- After you system has restarted, log on once again with the Administrator account.

Complete the following steps to properly configure permissions on your systems hard drive properly.

1. My Computer >> right click on Local Disk (C:) >> Properties.

- Uncheck the "Allow Indexing Service to index this disk for fast file searching. Once you do this it will prompt you to apply the changes. Tell it to Apply to all folders and subfolders to start the process when it asks. Any files it stops on, simply tell it to ignore all and continue for anything it cannot complete this task on.

- This task will take a few minutes to complete. After it is done, continue on with the next step.

2. Security tab (at the top).

- Under this tab at the top select and remove all names that exist here EXCEPT the following:

Administrators and SYSTEM.

- Select Add and then type in "Users" and then select OK. At the bottom right select Apply.

3. In the same window select the Advanced button.

- Select the box that says "Replace permission entries on all child objects with entries shown here that apply to child objects".

- Select Apply to make this official. It may take ask you if your sure, select Yes. A Security window will pop up and you will see the action take place. After it is complete, select OK to close the Advanced Security Settings for Local Disk window.

- Select OK to close the Local Disk (C:) Properties window now.

At this point these permissions have been applied to your entire local disk drive. You now need to tweak the permission on the Administrative account itself and any other user accounts you may have on your system.

Complete the following steps to do this:

1. My Computer >> Documents and Settings >> right click on the Administrator folder >> Properties >> Security tab (at the top).

- For this folder we only need to remove the Users (everyone else) from having access to the Administrator's profile.

- Select the Advanced button at the bottom.

- Uncheck the "Inherit from parent the permission entries that apply ..." box. When prompted, select Copy from the screen that will pop up.

- Select the box next to the "Replace permission entries on all child objects with entries shown here that apply to child objects".

- Click Apply in the lower right to make the changes and select Yes to the prompt it asks you to confirm.

- Click OK to close this window.

- At the top, select the Users in the window and then select the Remove button.

- Select Apply at the bottom right again.

- Select the Advanced button at the bottom right again.

- Select the box next to the "Replace permission entries on all child objects with entries shown here that apply to child objects".

- Click Apply in the lower right to make the changes and select Yes to the prompt it asks you to confirm.

- Click OK to close this window.

- Click OK again on the Administrator Properties window to close it.

From the C:\Documents and Settings window that should still be open at this point, complete the following steps for all other users (except the "All Users" and "Default User" folders).

1. Right click the user's folder >> Properties >> Security tab (at the top).

- For this folder we only need to remove the Users (everyone else) from having access to the particular user's profile.

- Select the Advanced button at the bottom.

- Uncheck the "Inherit from parent the permission entries that apply ..." box. When prompted, select Copy from the screen that will pop up.

- Select the box next to the "Replace permission entries on all child objects with entries shown here that apply to child objects".

- Click Apply in the lower right to make the changes and select Yes to the prompt it asks you to confirm.

- Click OK to close this window.

- At the top, select the Users in the window and then select the Remove button.

- Select Apply at the bottom right again.

- Select the Advanced button at the bottom right again.

- Select the box next to the "Replace permission entries on all child objects with entries shown here that apply to child objects".

- Click Apply in the lower right to make the changes and select Yes to the prompt it asks you to confirm.

- Click OK to close this window.

- At the top select Add and then enter the name of this user profile.

- Select Apply at the bottom right.

- At the top select the user's name you just added. In the middle of the window, under the "Permissions for ..." make sure all of the boxes under the "Allow" column are checked, except the Full Control one at the top.

- Select the Apply at the bottom right.

- Select the Advanced button at the bottom right again.

- Select the box next to the "Replace permission entries on all child objects with entries shown here that apply to child objects".

- Click Apply in the lower right to make the changes and select Yes to the prompt it asks you to confirm.

- Click OK to close this window.

NOTE: At this point you should only see the Administrators, SYSTEM, and then the user name itself existing under each user's profile.

- Click OK to close the User's Properties window.

NOTE: At this time, plug back in your connection to the internet.

2. Restart your system again.

- After you system has restarted, log on once again with the Administrator account.

Using the Administrator account, you will now begin installing your system's driver software. Preferably, I would complete this in the following order:

1. Chipset

2. Graphics Card

3. Sound Card

4. NIC

5. Any other base system device driver or external device driver (that does not require an internet connection to setup).

Depending on your type of driver software that you are installing, I would recommend restarting your system as it requests you to do or preferably after each one is completed. After you have installed all of them, restart your system one last time.

- After you system has restarted, log on once again with the Administrator account.

Begin downloading and installing your Window's updates at this point.

Use: http://update.microsoft.com/microsoftupdate instead of the Windows Update. Microsoft Update checks for all other MS products, which Windows Update does not.

When prompted, you can choose to update your system completely strictly using SP2 (unless you installed your XP originally from a disc that had SP3 on it already), or choose to install SP3 from the start when it prompts you too choose between the two.

Complete the installation of all of your Microsoft updates restarting your system as needed.

NOTE: At this point, it is the perfect moment to now make the first image of your system using your backup software. After you complete that, I would recommend installing your BASE programs (as I would call them). This includes your Microsoft Office products, CCleaner, HD Defragmentation programs, zip utilities, CD Burning Software, etc. But install the main ones only, not the programs that you normally update a lot (i.e. Acrobat, Flash Player, etc).

Run Microsoft Update again, this makes sure that you are not missing any updates for anything that you just installed that Microsoft may have available to you.

NOTE: At this point, you should probably defragment your HD, clean up any clutter (I use CCleaner for this) and then configure your system's services based on your needs. I would recommend using http://blackviper.com for recommendations on your system's services and how to set them to fit YOUR needs.

Before you do anything else, I would recommend setting the passwords to all of your computer's accounts.

Complete the following steps to do this:

1. Administrative Tools >> Computer Management >> Local Users and Groups (on the left) >> double left click on Users (on the right).

- Double left click on the Administrator, uncheck "Password never expires".

- Select Apply in the bottom right.

- Click OK to close this window.

- right click on the Administrator, select Set Password, and then the Proceed button when you’re prompted to. Set a decent password (preferably nothing less than 8 characters).

Next, set the Guest account settings.

- Double left click on the Guest, make sure all three of the items in this window are checked in the middle.

- Select Apply in the bottom right (if you can).

- Click OK to close this window.

- right click on the Guest, select Set Password, and then the Proceed button when you’re prompted to. Set a decent password (preferably nothing less than 8 characters and quite frankly your Administrator's password should be the longest of all of them).

NOTE: If you are on a Local Area Network and anyone attempts to connect to your system (to see if you have any files shared on the network etc), they should be prompted for a username and password in an attempt to authenticate to your system to view any resources that are available. By default they are attempting to connect using the Guest account's credentials. Even though the account is disabled, it is wise to set a strong password on it because of this and other security related reasons. If you want to share resources that reside on your system, it is best to create a specific folder for this task (or use the Shared Documents folder under My Computer) and either set the permissions on this for sharing. Creating a separate user name and password for someone to use if they wish to connect to your computer’s shares is also a wise idea.

Next, set each User's account with a basic default password, using the same steps I described above, however, I recommend that all of the boxes in the settings not be checked. The only box I recommend that you check (before they log on for the first time) is the "User must change password at next logon". This will force them to change their password after they logon with the basic default password you gave them. If they log on and they are not prompted to change their password, have them do an ALT + CTRL + DEL and then manually change it to what they want, otherwise the basic default password will still be in effect for them.

- Now Restart your system and log back in with your Administrative account and password this time to make sure it works properly.

After all this is done, I recommend creating another image of your computer's HD with your backup software.

After creating your image, log back in with the Administrative account. Now is the time to install Blink, run Retina, and fix the audits that Blink tells you that you need to fix. After this, I would create another image of my HD. This image can be used to revert back to now, when you want to do fresh installs of the programs that are a pain the most to you (i.e. Adobe Acrobat, Flash Player, Sun's JRE, other applications, etc).

The point of creating this image is, you have Blink installed and running before anything else touches your system. This provides you with a reliable foundation to run Blink on before you begin to add things to it. Now, you always have this image to resort too when something just does not go right.

=======================================================

Final Notes:

- DO NOT use the Administrative account to surf the internet!

You will find that limited user accounts are NOT THAT BAD! Some things may not work properly; therefore you would have to adjust the permissions for that one program for the user, etc via the Security tab permissions and so forth. This is the fine tweaking aspect of Windows that everyone gets use to.

On a final note, anyone that has kids that like to play games, unfortunately, a lot of the games nowadays are NOT happy with a limited user account and therefore will not work properly. Unfortunately, you may end up allowing them to use the Administrative account to do this. Quite frankly this defeats the purpose of a limited user account, therefore it may be better to have a system entirely dedicated to game playing because you are trusting that they will not fool with anything else on the system when they are using the Administrative account to play their games with.

A lot more can be done with this guide, however, I wanted to give everyone a BASIC setup that will increase security dramatically at a low cost to usability.

This same format and concept applies to Windows Vista and Windows 7 with the exception of different settings reside in different locations.

New to Blink, check out the post I have created for new users located here:

http://forums.eeye.com/forums/t/998.aspx?PageIndex=1

Free Audit Program to Use Alongside Retina

Blue1978 — Sun, 14 Dec 2008 15:42:22 GMT

Here is another awesome free program that you can run on your system that supplements Retina.

It is called Belarc Advisor: http://www.belarc.com/free_download.html

Starting Fresh

tomguck — Mon, 01 Dec 2008 16:57:59 GMT

How can I get rid of all my rules and start over without reinstalling?

I deleted my rules but Blink does not warn me when something tries to get on the internet now.

I just want to start over.

Vista Home Premium

Useful Websites and Articles for Tightening up Your Computer's Security.

Blue1978 — Wed, 15 Oct 2008 21:23:59 GMT

Here are some useful websites and articles I have come across that will assist anyone that is interested in locking down their system better:

============================================================================================================

I - Securing Your Web Browser(s):

1. http://www.us-cert.gov/reading_room/securing_browser/#Internet_Explorer

2. http://www.heise-online.co.uk/security/services/browsercheck/demos/ie/

II - Windows Services:

1. http://www.blackviper.com/

2. http://en.wikipedia.org/wiki/Windows_service

3. http://beemerworld.com/tips/servicesxp.htm

III - Tweak Guides:

1. http://www.tweakguides.com/TGTC.html

2. http://tweakhound.com/xp/xptweaks/supertweaks1.htm

IV - Information Straight from Microsoft:

1. http://technet.microsoft.com/en-us/default.aspx

Rule: Disables the MS-DOS command interpreter

RootSpy — Mon, 12 May 2008 20:42:10 GMT

MS-DOS command interpreter Disable Disables the MS-DOS command interpreter. Helps to mitigates command line attack vectors. Toggleunder Sytem Protection Rules, to enable when needed C:\WINDOWS\system32\cmd.exe path *.* path I wonder what the id field under creator represents, Blink users?

Times When Temporarily Disabling Blink's AV/Anti-Spyware Module Helps

Blue1978 — Sun, 23 Mar 2008 20:14:07 GMT

I have come across numerous instances when temporarily disabling Blink's Antivirus/Spyware protection module greatly increases system performance when you need it most.

1. When burning a CD or DVD.

- Every file that is being burned to the CD or DVD is scanned by when it is accessed by the burning software. This helps making your burning experience a but smoother.

2. When transferring a large amount of data.

- Anytime a file is accessed Blink scans it. I recommend you manually scan your files first before moving them, then disable Blink's AV component, and then transfer them.

3. When using another application or system ran process to manually scan or perform a maintenance related task on a computer.

- If you happen to be using another security software program alongside Blink then disabling Blink's AV component speeds up that program's scanning capabilities a bit. The reason being is because when that program accesses any file on your system, this causes Blink to scan it too as it's being accessed. It just makes things go smoother if you scan with another program for any reason.

- This applies to:

Hard Drive Defragmentation programs

Windows Clutter cleaning utilities (CCleaner)

Disk wiping programs (Cyber Scrub)

Formatting a new partition on a computer or external device

Encrypting an external hardware device or large volume (TrueCypt)

These are just general instances that I have experienced myself and thought I would pass them along. At the time when I noticed this performance loss, I was using Microsoft's Process Explorer program found at: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx .

I noticed Blink would take up a huge chunk of CPU usage at the same time the other program was scanning to scan things itself. After I temporarily disabled Blink's AV component I noticed a huge difference in the performance of the other program(s) I was trying to run.

Any reason for locking the following post?

Brent — Wed, 26 Mar 2008 04:28:31 GMT

Post:

"Times When Temporarily Disabling Blink's AV/Anti-Spyware Module Helps"

Just curious - as I have found the same issue but was told there is a fix coming for the large file transfer and copy issues..

Security Tip Recommendation #1 - Tightening up DNS Security in Blink.

Blue1978 — Tue, 29 Jan 2008 02:26:32 GMT

The following is purely a recommendation on how to tighten up the security of DNS on your sytem by modifying a few settings in Blink, creating one firewall rule, and by disabling the "DNS Client" Service in Windows.

The following are steps of how I have tightened up the security of DNS on my Windows XP Professional system:

1. First go into "Administrative Tools" and then into "Services". (Find the "DNS Client" Service)

2. Disable this service completely. To be sure either Stop the service first before disabling it, or disable it and then restart your system.

Why do I do this? - If you disable the DNS Client service it will force any application that wants to make a DNS lookup, make it itself vice having the service "svchost.ext" do it. "Svchost.exe" is a service that can be exploited in a few ways and taking one of the chances away from it that it may be used for malicious purposes, in my opinion, is wise.

3. Go into Blink's Options under the "Firewall" tab and uncheck the option Allow DNS Traffic.

- This will allow you to create your own rule for Blink to control DNS by more tightly.

4. Go into the Firewall section from the "Blink Home Page" on the left. Select View all Firewall rules.

5. Select the "System Wide Rules" section. (by default this should be showing anyways)

6. Create a new rule with the following parameters:

Action: Allow

Protocol: UDP

Direction: Any Direction

Local Address:

- "Rule applies to all IP adresses of this computer" should be selected at the top

- Specify local ports section at the bottom should have 1025-65535 in it.

Remote Address:

- "Specify remote IP address for this rule" should be selected. To the right of this click on the Add button and then selected the "Determine IP(s) at run-time" selection then from the drop down menu it has select "DNS Server". Click OK to close this window.

- Specify remote ports section at the bottom should have only 53 in it.

Description:

- Give it a description of your choice.

7. Click "Save" at the bottom of the System Wide Firewall Rule Wizard window.

(make this rule high up on your list. It is the 2nd one on mine after the Deny all ICMP Rule I have)

Your done, is is that simple.

NOTE: As long as you have "DENY" selected in the drop down menu under the "For System Wide Traffic" field under the Default Actions section of the Firewall tab in Blink's Options you will be good for this.

This rule should now govern all DNS traffic from your system. Any rule that you may have for DNS under the "Generic Host Process for Win32 Services" in the Application Firewall section I would say to go ahead and remove it now. This rule simply says anything wanting to do a DNS lookup will send its request to the pre-determined location at startup that is handling DNS. If it does not request a remote port of 53 it will drop it and if it is not a UDP request it will be dropped.

This rule is good for a few reasons:

1 . If you still had the DNS Client service running and allowed Blink to handle all DNS traffic without a specific rule the following "could" happen.

- There is a lot of Malware (DNS Trojans for one example) out there that will attempt to make its outbound connection via svchost.exe, using DNS, BUT it will not specifically ask that its request be sent to the remote Port of 53 (like a ligitament DNS request normally does). Depending on what Blink is watching for, this type of request may make it out to its destination since there is not anything that specifically states to allow DNS traffic only if it requests a DNS server IP and the correct remote port of 53. This rule should drop anything that attempts to do this. Keep in mind, if your gateway (router, etc) handles your LAN's DNS requests it may also be wise to create a specific rule also toallow DNS to go out to the remote port of 53 of your selected DNS provider's server IPs using only UDP too. This will also ensure your gateway enforces this policy the same way as Blink does as a extra layer of protection.

- Secondly, svchost.exe should nolonger be asking for DNS outbound requests like it was before.

- Finally, DNS will also use TCP if enough of its UDP requests fail out or time out shall I say...by design it will do this, but it is rare. With this said, malware once again will attempt to use DNS, except via a TCP connection. This rule should drop anything of this nature also by default.

There is only 1 downfall to my recommendation: Sometimes it may take a few extra seconds for a webpage to load here and there. It should not be a big impact on your surfing, but just be forwarned. This rule is basically dropping any DNS requests that do not exactly match it.

In my opinion this will tighten DNS security up some on your system, but some may disagree with me. I look forward to any ideas or input anyone may have on this setup.

Workaround to Firefox version problem

JayB — Tue, 04 Sep 2007 15:11:54 GMT

For some reason, some of my machines are still reporting in ARP (add remove programs) and the registry as having Firefox 2.0.0.4 rather than the 2.0.0.6 that is actually installed. Because of this Blink is reporting multiple critical vulnerabilities (which existed in 0.4) This might not be an issue but if you are maintaining records for PCI compliance or similar, it is important.

You can edit these values using regedit in HKLM/software/mozilla. Just edit all the values which say 2.0.0.4 This will now allow you to run the vuln assessment and avoid the critical warnings.

Standard disclaimer: messing about with the registry... dangerous... backup... yada yada

You must be logged as or using runas admin to edit these values.

Blink Internet Security and Anti-Virus

Betty — Mon, 24 Sep 2007 14:17:03 GMT

I have installed the Blink internet security, but it will not start up. I get a message error code 12002.

This will be a great section...

Brent — Tue, 19 Jun 2007 04:58:50 GMT

This will be a huge help once people start posting - Hopefully Staff will post their best inside user experience knowledge here also..