blackice defender

Is the program Black Ice a good firewall program to use?? Just for home use?
Thanks a lot

 

matt28: I'm using it in my home computer and am pleased with it. According to the tests in PC magazines, it's one of the two best. The other one is ZoneAlarm. I'm sure other people will be chipping in with their two cents worth soon, too. After you've read several replies, let us know what you decide and, after you've gotten one, how you like it.

 

If I understand correctly from another post BID only stops INCOMING attempts. So you would have to run ZA or something else also to block outgoing access.

I also believe there are two versions of ZA. one free and one paid.

I will not even discuss BID as I have never used it.

I did not care for ZAP. But that by no means says that it is not good software.

I personaly like NIS as it is both AV & Firewall. They work together nicely and are both updated from the same place at the same time. And it seesm to be doing its job very well.

But with ZA, ZAP or Norton Internet Security the USER has to set it up properly in order for it to work properly.

I changed the Reporting section of NIS 2002 yesterday and I was AMAZED at the Stuff that was trying to get out of this machine. Said trash has since been removed. And I had run Ad-Aware just a couple of days ago. Thank you Ad-Aware.

And which one is best depends on Whether it works properly on YOUR machine and user preferences,

ZA does not behave well on all machines and neither does Norton.

You have to pick the one the does the job for you and the one you feel comfortable with.

Yesterday morning alone I had 18 atempts to get to me via port 80. My ISP ( cable ) is now working on that.

And I see now that there have been 8 attempts in the last 30 minutes.

BillyBob

 

OOPS !!!!

BID does NOT report any attempts by programs to access the Net

This clearly says it does not REPORT outgoing attempts.

It appears that I mis-read it.

BillyBob.

 

We got into this rather extensively in another thread on BID, but it bears repeating here, since the specific subject is the value of BID as a firewall.

First, BlackICE Defender is NOT a firewall in the manner of ZA. It's an "Intrusion Detection System ", which works on a different premise. The following web page describes this in detail.

FAQ: Network Intrusion Detection Systems

The purpose of a firewall is to to act as a barrier between a computer and the outside world. This it does by blocking all ports (of which there are 65,536) not specifically approved for access. There are rules that can be set for how this can be accomplished, what restrictions are to be in place, and so on. However, it's primarily a gatekeeper that either allows access to a port or doesn't.

A firewall does not care what traffic flows through an approved port. It's assumed to be okay. And, as Code Red/Nimda demonstrated, an open port (80 in this case) CAN be used for mischief.

Unlike a firewall, an IDS is NOT trusting. ALL traffic is assumed to be hostile until determined to be okay. An IDS also has approved ports for allowing incoming and outgoing traffic, but it examines the "packets" of data as they arrive and leave to determine if patterns exist in them that indicate hostile intent. For example, "Trojans" such as Sub-Seven and Back Orifice have specific data patterns. An IDS has a catalog of these patterns and can recognize them "on the fly ". These are stopped dead even on approved ports.

In brief, a firewall creates a fence around a computer, with a few gates that can be used to get in or out. It may or may not notify the user if something tries to get through the fence from inside, but that's a frill, since anything that shouldn't be allowed to get out shouldn't be in there. The firewall's gates don't check the nature of what passes through its gates.

An IDS creates a fence with gates, but at each gate there's a guard checking credentials to be certain that nothing dangerous gets through the gate either way.

BID does NOT notify the user of an attempt by a program to access the outside world via the Net or direct dial-up. That's not it's purpose. And, as noted earlier, if a program should not be given access to the outside world, why is it on the computer in the first place?

BID DOES, however, monitor outgoing packets for the data patterns that indicate Trojan-like activity, and deals with them if they are suspicious.

If the questionable value of knowing that such and such a program is trying to get out is of importance, go with ZA, but be aware that any file with the same filename is granted access automatically. There are viruses that create files such as iexplore.exe in non-standard places, and do their evil deeds through the firewall, which has been told to accept traffic from iexplore.exe.

If having a system that looks for trouble, even through appoved ports, is of value, get BID. And, they can run together if the resource hit is acceptable.