1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

BlackIce and other firewalls

Discussion in 'Virus & Other Malware Removal' started by 0tbyn8r, Feb 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. 0tbyn8r

    0tbyn8r Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    40
    Hi

    Just wondering if anyone uses BlackIce Protection. I'm accustomed to other firewalls like TPF/Kerio and Outpost. I've loaded an evaluation copy of BlackIce on a spare machine to try out. Doesn't seem bad but wanted to know, when creating rules is there any way in BlackIce to change the order in which the rules are set. In Kerio I can govern the order in which rules apply. Furthermore, is it possible to create a rule for individual applications? For example the ports through which they connect. Although i'm happy with the firewalls I use it's good to try other products now and again.
     
  2. Javacool

    Javacool

    Joined:
    Jan 17, 2003
    Messages:
    27
    I have tested BlackICE PC Protection (latest version).

    My results:

    -The added outbound/application control configuration is on the more complex side (i.e. not as easy for the novice user as, say, ZoneAlarm) but it works fairly well, although it does not seem to allow as much configuration as the outbound control on other applications.
    -The IDS has always been one of BlackICE's strong features (it started with JUST the IDS) and is also improved in this version.
    -BlackICE passes most tests you throw at it - and those that it doesn't stealth, it should at least block.

    Opinions:
    -A good firewall, VERY low on resources and CPU usage.
    -I find it runs well alongside other firewalls as a dedicated IDS, if you disable the Application Control (which I have no need for - again, I find other firewalls perform better at this task).
    -Does it catch things the other firewalls don't? Yes, which is why I keep it running with just its IDS functions.

    To answer your questions:
    -I'm not sure if the order of firewall rules matters.
    -I don't see any way of configuring settings per program except for "terminate" and, in terms of Internet access, "allow" or "block".

    Best regards,

    -Javacool
     
  3. 0tbyn8r

    0tbyn8r Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    40
    Thanks for the feedback Javacool.
    I guess it was the IDS aspect of BlackIce that interested me along with the plugins like VisualIce. I've tried a couple of other IDS's and had mixed opinions.
    The machine on which I loaded it also had Tiny Personal Firewall installed. BlackIce promptly shut it down. Didn't play around with it too much because it was already too late into the evening but I hope to get home tonight and delve into it more.
    You actually answered a question I had thought of asking but omitted and that was whether it operated alongside other firewalls.
    I guess i'm paranoid (having enjoyed the company of a virus and a trojan) but I've configured a set of firewall rules for my configuration; and, as rules read from the top down, I'd like to be certain a preceding rule doesn't negate a following one.
    Your comments have certainly whet my appetite.
    Thanks again
     
  4. mtbird

    mtbird

    Joined:
    Dec 10, 2001
    Messages:
    3,687
    I've used BI for many years now. It has run practically flawless the whole time. I had one problem when I didn't uninstall the old version to install the new.....just did an update.
    I run the new application protection and have found no problems with any part of it. Once you establish a baseline, it will recognize all your legitimate programs. I do a new baseline with each download of virus dats.
    I have not set any rules and run it at the nervous level and can say that I have never had anything get past it. I've never had a trojan, etc....even on my cable connection.
    I believe it's the best program even for newbies. There is nothing complicated about it......just set it up and go.

    Debe
     
  5. 0tbyn8r

    0tbyn8r Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    40
    Thanks for the input mtbird.
    Two positive comments so far...I guess you can't go wrong with that. My machine was compromised quite some time ago when I had Zone Alarm as my firewall (although popular, I'm not a big fan for obvious reasons). That's why I switched to more rule based firewalls; that way, I had a pretty good idea of which ports were open or closed and what applications accessed the big bad world and through which ports. Also, I learned to give warez sites a miss; methinks that was my source of infection. Sometimes the best defence is avoidance, if you know what I mean.
    Thanks again.
     
  6. GreenIs

    GreenIs

    Joined:
    Feb 17, 2001
    Messages:
    3,245
    If you'd like to read up on how some firewalls have tested and test your own while you're at it go here:

    http://grc.com/lt/leaktest.htm

    "NetworkICE's BlackICE Defender Update
    Apparently Designed to Mislead its Users

    Eleven Months after the release of our first, simple, but effective and popular (3,783,673 downloads) LeakTest firewall testing utility, BlackICE Defender (BID) continues to "leak" — as defined by LeakTest. But a recent update to BID (version 2.9cai) was hiding this fact from its users by effectively cheating the LeakTest.

    Rather than enhancing BlackICE Defender by adding the sort of application-level controls that are available even from many completely free personal firewalls, BID's publisher, NetworkICE, apparently chose to prevent LeakTest's intended operation by adding specific awareness to BID of LeakTest's remote testing IP."
     
  7. 0tbyn8r

    0tbyn8r Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    40
    Thanks for the update GreenIs...and congrats; just noticed you've been promoted to DM.
    I've still been deliberating over this issue and will probably work with Kerio for a while yet. I like it's granularity. I think i'll have to send a comment to the company to look at incorporating plugins and the like as some other firewall manufacturers do.
    I've used GRC previously, among a mulititude of others, and have had pretty good results. Nice to try other products though.
     
  8. GreenIs

    GreenIs

    Joined:
    Feb 17, 2001
    Messages:
    3,245
    Hey NP :) And thanks to yourself as well :)
    I do hope that helped in giving you some pointers on Firewalls. I for one have always stood by Zone-Alarm until a recent update, (which i am reminded I should check on). I have also tried Black Ice and found at the time which was three years ago before it's updates, that is was extremely leaky, but I liked how it was easy to configure. The other one which I found good was Conseal which is no longer called that due to it's take over by Mcaffee(sp), and once taken over it was no longer (i found) as "nice". I have tried Norton's, very good - but pricey and seeing how ZA was just as good and free chose ZA.

    Anyway, best of luck with your decision. Always good to try each out and find the one that works best for you...but remember leaky is bad, stealth is good.:)
     
  9. Dark Star

    Dark Star

    Joined:
    Jun 8, 2001
    Messages:
    3,054
    I've been using BlackICE Defender for the past 6 months on my Win2K machine without as much as a hiccup, not one single incident or intrusion that BlackICE hasn't detected and stopped.

    Most firewalls do what they should do and arguably some are better than others ... it all comes down to what "flavor" firewall brand you like best and being connected 24/7 it would be really "asking for it" to be caught without a firewall ... some protection is better than none.

    I have a special like to Zone Alarm because I've used it in the past on other systems but here for me it just didn't get along with my Win2k setup.... sometimes Windows doesn't always like to play nice with "others". :rolleyes:

    There's more firewall test results out there to read than I have the time to look at much less read all of the nuts and bolts final outcome details, the graphs and charts and all the findings made.
    In the end it comes down to "Does this one work for you or not?"

    Greenie I'd read that bit about Black Ice Defender adding specific awareness to BID of LeakTest's remote testing IP.... I see that more like "according to what Steve said" and what he implies by saying it ... thing is I haven't found a single test anywhere that penetrates or compromises this Black Ice firewall ... not one and I've been to every test that I could find to see if it would leak. I'm not sure what the deal with Steve and Black Ice might or might not be but it works just fine for me.

    I think that TPF is a very good firewall but not easy for the average guy/gal to configure.... hard to beat the freebie Z/A as far as easy to configure and works very well.

    DS
     
  10. Dark Star

    Dark Star

    Joined:
    Jun 8, 2001
    Messages:
    3,054
    From my Black Ice log file while I was typing my previous reply....


    02/17/2003 09:02:02 PM, SOCKS port probe, 211.161.25.117
    02/17/2003 09:00:51 PM, HTTP port probe, VAIO
    02/17/2003 08:57:25 PM, NetBIOS port probe, 200MEG
    02/17/2003 08:53:06 PM, UDP port probe, NIGERIA-6FD5758
    02/17/2003 08:50:42 PM, SMTP port probe, 218.70.138.249
    02/17/2003 08:49:40 PM, UDP port probe, NIGERIA-6FD5758
    02/17/2003 08:48:37 PM, NetBIOS port probe, 200MEG
    02/17/2003 08:47:35 PM, HTTP port probe, VAIO, 2
    02/17/2003 08:44:06 PM, MSRPC UDP port probe, CLIENTE1
    02/17/2003 08:43:11 PM, MSRPC UDP port probe, TERM69, 7

    I guess it's very active out there on the internet :rolleyes:
     
  11. 0tbyn8r

    0tbyn8r Thread Starter

    Joined:
    Feb 14, 2003
    Messages:
    40
    Hi Darkstar

    I've tried TPF as well. The earlier versions of TPF and Kerio are pretty much the same (the developers for Kerio broke away from TPF and started to work on their own; a small tiff they had about the price of coffee in the staff cafeteria or something like that). Anyway, tried TPF4 because I wanted to see what the sandboxing feature was like. After much playing around I gave up because it's a mongrel to configure in comparison to the older version and the sandboxing throws up all sorts of popups asking if a certain action is permitted by you or not. That, let me tell you, can become aggravating after a while.
    As you say, go with what works for you.
     
  12. GreenIs

    GreenIs

    Joined:
    Feb 17, 2001
    Messages:
    3,245
    Hey DS :)

    I'm sure black ice is better now, I haven't used it, as I said in my last post, in I think three years, But when I did, I really liked how it ... well it was fun to play with.

    Like you said, some protection is better then none.
     
  13. Dark Star

    Dark Star

    Joined:
    Jun 8, 2001
    Messages:
    3,054
    Greenie,

    hey congrats and high fives you've been promoted to DM. :)
    I'm too late to start a new thread huh? ;)

    0tbyn8r,

    On the upside I've read TPF4 does provide a high level of detail and administrative capability.
    That said, the popups asking if a certain action is permitted by you or not that you mentioned sound like much more than I want to deal with and it also appears that the sanbox feature is somewhat resource intensive.
    Thanks for the info about TPF4, it's always nice to have someone elses prespective that has the "hands on" install, setup and use of any product.

    DS
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/118977

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice