BlackICE Defender is now BI PC Protection

Internet Security Systems (formerly Network Ice), has released a MAJOR upgrade of what used to be called BlackICE Defender. The latest version is 3.5.cbq, and for the advanced user with the urge to take charge, this is a new ballgame for BI.

In addition to the familiar features, under Tools, there's a new option called Advanced Application Protection Settings that blows away the "argument" that BI is inferior to ZA because it doesn't monitor outbound traffic and unknown apps trying to connect to a network.

Now it does!

For security reasons, do a thorough virus scan before installing the upgrade. Once installed, it builds a database of application files installed on the computer. Initially it assumes that anything that is on the computer is authorized to be there, and that anything that tries to connect to a network should be allowed to do so.

However, the entire list is available for editing to establish permissions, and it can be set to alert the user when any new or altered application tries to connect.

From the help file:

A lot of power has been added to BlackICE. It's a free upgrade for licensed users with 2.9 or higher. Go to Tools > Download update and it will fetch the update file with no further input. It can be installed over the existing version.


One wonders what complaints GRC will have with this upgrade.

 

I'm sure that (the very impartial and unafilliated in any way with ZoneLABS) Mr Gibson will find some reason to continue his (completely unbiased) extremely zealous support of ZAF and ZAP.

Here's a rather interesting quote from GRC:-

What does this actually prove? That ZAF/ZAP users are relatively incautious in terms of what they allow onto their machines? That ZAF/ZAP users are, for some reason, unable to understand the alerts which their PF presents to them? (BTW, I wonder how many of those 5000 atually receive a timely response from ZL's famed technical support people?!?!?).

One of the things which I dislike about GRC is that site fails to deal with the basics and, instead, seems to suggest that all will be well so long as one installs a PF. What about telling people how to secure an e-mail client? Or to read privacy policies prior to installing any software (paricularly adware)? Or to secure a browser? Or not to download hacked and cracked applications from dubious sources? Once a person knows how to do these, and other, things, their PF should simply, for most of the time, be a "spectator" ... sitting idly and watching as the legitimate traffic passes it by. On the other hand, if a person installs a PF without first learning about the above, then the PF is really a waste of disk space and resources.

BTW, neither the fact that Mr Gibson appears to have access to statistical information relating to the volume of support requests received by ZL nor the fact that he gives several plugs to ZAF when replying to a letter relating to BID should be taken to imply that he has any assocation of any sort with ZoneLabs

 

DoctorDoom, brett

I will in no way try to say what BID did or now does

I will not even discuss ZA.

I will say that I may not completly understand about what BI PC now does. ( never used it it the first place ) And I may be speaking of something entirely different.

When an unauthorized application attempts to access the network

But in regards to the choices that are associated with the above , it looks very SIMILIAR to what Norton Internet Secrurity does for me now.

Everytime I run a program that wants to go the the Internet OR Network and I have not already done something with it I get a nice big Window that asks ( in effect ) "What the heck to you want to do here ? "

I can permit it once or permanently. I can block it once or permanently.

However NIS does not seem to shutdown a program but just keeps it off of the NET. Windows Media Player 7 was one that drove me right up the wall with this. ( BTW. I am now back to WMP 6.4 ) Which does not do that other than at my request.

Real Player is another pain about wanting to go to the Net also. That is only permited when I want it to have access.

Am I looking at the same * BASIC * idea as BID ?

brett

You are correct.

The software WILL NOT do it all

If not setup or used correctly and other precautions are not taken the software might just as well remain in the un-opened box.

BillyBob

 

It probably does, but until this new version, it previously didn't, which was no big fat hairy deal. If there's a program on a computer that the user doesn't want phoning home, WHY IS IT THERE?

A certain guy whose website is often referred to by its initials has nurtured a loathing for BI for a long time. He impartially goes out of his way to tear it down while impartially praising ZA as the best thing since sliced bread.

The difference between BlackIce and normal firewalls is that BI is an Intrusion Detection System, which picks up where a firewall leaves off.

These two threads go into it in greater detail.

Remote Denial of Service Vulnerability in BlackICE Products

BlackIce Defender

Now that BI includes his much beloved ability to trap unauthorized attempts to access the net by software that the person savvy enough to use a firewall wouldn't have on the box in the first place, I'm sure he'll find some other gripe, like the default colors of the BI window.

 

Good Morning TonyT

The above statemant by me comes very much into play with RP.

As you know I use NIS. Well I got IN A HURRY and CARELESS and let RP go to the Net and without realizing it signed up for something. Well I started getting charges on my Credit card for RealOne and other related items. ( Who says they do not keep you CC # on file ?? )

After some seacrhing I found a Phn # and called them and told them it was done accidently and MUCH TO MY SURPRISE they not only canceled the account but CREDITED me the amount charged for April. ( it has actually been done too ).

It was not the fault of the software that this got done It was strickly the fault of one in a hurry, careless BillyBob himself.

With all of the Spyware checkers that are available today and carefull checking by the user it is not really necessary for ANYTHING to call home.

I myself run Ad-Adware, Virus and Trojan checking IMMEDIAETLY after installing ANY software and BEFORE I even allow the program to run. I have been amazed at some of the stuff that has been found. Especially Spyware.

NIS is pretty good. But it can be gotten around if not used correctly.

BTW. I have purchased BI PC and am expecting to also purchase and install a LinkSys Router today. So if you do not see me on here for a day or two you can figure that I messed up

BillyBob

 

I have finally given BI a trial run and have a couple of observations:-

DoctorDoom wrote

This approach (of default application permissions being set during installation) seems somewhat flawed as it is (presumably) based on the premise that a system is "clean" at the time BI is installed. This cannot, however, be guaranteed to be the case - even after scanning with both an AV and an AT it is still *possible* for malware to have slipped through the net. Once BI's application gate functions have been so defeated, you're then left to rely on its IDS capabilities to detect and block whatever hostile traffic may be generated by that malware. Whilst this is by no means a big hole in BI's overall security, it does appear to have needlessly stripped away an additional layer of defense.

Furthermore, I found that BI, with its default settings, left a number of ports unstealthed. Whilst stealthing doesn't really serve any useful purpose, it *is* something which firewall users have come to expect and (for some reason) view as an important feature of any firewall. I would guess that the first thing which many people would do after installing a trial version of BI is to jump to GRC and run a scan; and, if BI shows as having failed to stealth ports, it is more than likely to be uninstalled. I suppose that this is more of a marketing matter than a security matter but nonetheless it's an issue which ISS would probably be well advised to address.

On the whole I thought BI was quite pleasant - it installed and uninstalled cleanly, resource usage was reasonable (falling somewhere between that of KPF and that of ZAF/ZAP), configuration was (extremely) easy and it appeared to perform effectively.

However, at the end of the day, I was left unconvinced that BI's IDS capabilities provided any significant degree of additional protection over and above that offered by KPF et al - and certainly not enough to lure me away from a free product to one for which I had to pay. It strikes me that running a standard (free) firewall, an AV and an AT AND disabling NetBIOS over TCP/IP provides almost watertight security. The only "hole" in such a setup which BI would maybe appear to be able to plug is the possibility of a user downloading malware which evades both the AV and the AT and then manages to punch a hole through the firewall. Whilst in this situation the standard firewall would be dead and buried, it's *possible* that BI's IDS capabilities would result in the hostile traffic being blocked. This scenario does, however, strike me as being *very* - especially if the user is careful about what (s)he downloads.

All in all BI seems like a perfectly good product - just not one that's worth paying for.

I do, however, stand to be corrected