Network ICE Hits Back Over Gibson Jibes

It's pretty well known that BlackIce won't check for outgoing scans, not sure what Gibson expected. But as far as incoming attacks it's as good as Zone Alarm and less cumbersome IMO.

What is also interesting is that even though they don't like Steve claiming BID is a firewall, NI does the same exact thing on their homepage. The article on this is developing here: »Network ICE hits back over Gibson jibes

1. It does not block anything outgoing... how can it even be considered a firewall?

2. it permits incoming traffic up 2 layers before detecting the intrusion... how can it even be considered a firewall?

3. it terrifies newbie users with its overzealous error reporting... hit a link on a web page and close the browser? Blackice reports the html response to your link request an attempted intrusion... dhcp server asking for your current ip..intrusion... request off hour firewall testing ...intrusion ...and this causes the newbie users to report legit stuff as intrusions.... I swear the minute I see a post title "network ice detected ...." I ignore it.

Network ICE is a great "firewall" (NOT!) for people who don't know any better and love neurotic intrusion messages.....

Will
[text was edited by author 2001-06-05 12:45:57]

I've run it for 8 months on one of my PC's with no problems whatsoever. It does it's job. No successful attacks and I get scanned very heavily. I would love outgoing protection though. Zone Alarm reports every lame connection to the web and it grows irritating.

I will agree that BID's reporting does scare new users and could be improved.

How about just disabling the alert pop-up window for ZA Mother?

said by Mother:

---

.......Zone Alarm reports every lame connection to the web and it grows irritating.

---

Check your settings, ZA doesn't do that on my machines. Blackice is problem laden and outdated. Registry polls interrupt defrags, spoofs can fool it, way too buggy, unstable,......just doesn't do the job.

The reports would be terrifying to someone who isn't a techie. But of course terrified users will always be buying the latest version of their software to protect them from such "vicious onslaughts". LOL.

But then, I'm not a subscriber to the whole honeypot concept.....at least not on a home PC which is the target audience of BID and ZA.

Why is it only Blackice users report port scans on a daily basis while ALL the other real firewalls don't? I swear sometimes I suspect the Blackice programmers threw in these error reports just to make people think the software is special....it's not.

Zonealarm can be set not to do pop-ups and log intrusions... and its FREE.

Will

I think Gibson was right. ZoneAlarm is simple, solid, and reliable.

The argument that the "pop-ups are annoying" is just fluff. I *want* to be notified when a program tries to go out to the net if I don't think it should. If BlackICE doesn't do this, it would be almost impossible to know if an IRC DDOS Zombie was using your machine. (Minus the huge drop in system performance, of course.)

Ever since I have had all the standard apps (IE, Netscape, Media Player, Napster, etc.) set up as authorized to use the net through ZA, it is extremely unusual for me to see ZA pop up... ever!

I also *like* the fact that ZA reports all attempts to scan / ping my IP address via any port or protocol. I just log the attempts, and clear the alert list. Very useful information if you think you are being targeted.

I have done every security scan against my IP that I have been able to find: Shields Up!, all the tests here on DSLReports, you name it. Every single test has indicated that my PC is essentially invisible. You can't ask for better stealth than that.

Why risk being compromised by a KNOWN security flaw in a program that was specifically designed to protect you? LET ALONE one you pay for? Hello? ZA is FREE! Don't feel that just because you paid for a product, that it has to be good. This is an obvious case where that just isn't true.

OK OK! Jeesh! I'll switch! Worse than a bunch of Mac users!

How does one require such a product? If you got 1 computer you wont have file and printer sharing enabled right? how doe these products help in that case. If you got multiple computers, and 1 on the internet which connects the rest, just disable file and printer sharing on that internet connected network adapter. I am missing the point.

WooHoo!!!

a lot of folks download stuff, run it and forget about it. It can happen that something called a trojan can be installed without the users knowledge. It can scan your machine looking for email addresses, cookies, and it can transmit out this information or just transmit out denial of service packets without your knowledge if you use a product like BID. Zonealarm will pop up and tell you an application is trying to access the internet or block it and log it...programs that are called "spyware" have this behavior too....

many denial of service attacks come from programs that hackers lay onto unsuspecting machine timed to go off...
the user of these machines are innocent dupes.

A firewall is essential to prevent both incoming AND outgoing data.

Will

Well said WillardK

I used to find that Zone Alert had an annoying habid of crashing my PC. It is not the great stable product that some have said.

I now use Norton Internet Firewall and so far, have found this to be very reliable.

Just my 2 cents worth for the sake of balanced reporting

BlackICE Defender isn't known as a intuitive product. In fact, it is a highly technical software compared to something simple like ZoneAlarm. But unlike ZoneAlarm, BlackICE gives you immense power, should you decide to learn how to use it. BlackICE is slow, unwieldy, and the name is a bad reference to William Gibson's legendary science-fiction novel "Neuromancer." But it does its job When Configured Correctly(tm).

Steve Gibson is very very intensely disliked within the circles of computer security consultants. He has a reputation for blowing things out of proportion and behaving in a manner that is irresponsible and alarmist. This article he put up on his site only reinfores that reputation.

I would suggest reading the bottom of this page: »cable-dsl.home.att.net/n ··· bios.htm ...you will notice a criticism of Gibson's popular Shields UP! page.

With BlackICE someone did actually gain some-what access to my system. Now thaT I have switched to ZA no problems WHAT SO-EVER!

Obviously, Gibson denies the charges. I myself, after utilizing that guy's tests, I ran all the security tests I could think of, with za down. Netbios=open on all of them. Some protection. I think that guy's an idiot.

i have used all software firewalls except za but the router has given me the best protection. i have had no intrutions since i installed it. according to gibson im invisable to the net. is this true?

In their response, Network Ice said that this wouldn't happen if their product was installed on a machine that didn't already have a trojan, virus, etc. on it. ZoneAlarm did see the malicious code as something new and allows the user to make a choice. Also, network ice's claim that it is not a firewall is ludicrous. Their inference to black ice as a firewall is obvious. The link on Yahoo to Network Ice uses the word firewall. Yahoo didn't probably didn't write that. When you submit a url to Yahoo, you include a summary statement.

The problem is this: many people download black ice, to do that they have to already be connected to the internet, which means they could already be under attack. Also, even software out of the box has been known to have viruses, trojans, etc., on it from the factory (rare, but it does occur), also many people load software backed up to disk on their computers, which could contain malicious code.

This doesn't mean that a zone alarm user should not have virus protection. However, it is nice to know that whether there is malicious code on the system or not, zone alarm will tell you when it tries to connect for the first time.

As for the notifications, it isn't very difficult to disable that function. In fact, I can configure zone alarm in less than 5 minutes. After that, I only have to respond when a program tries to connect or act as a server for the first time.

Moreover, malicious code named like a normal program, such as iexplore.exe, will ask to connect even if you have already given internet explorer the ok to connect without asking. This allows you to check the path/file out before allowing it. A good test of it is on steve's site. It's called the leak test

Finally, if you work in a tech support job and want to have fun with black ice fans when they call saying their isp's network is sending them a trojan, etc., do a tracert from one of the servers listed at tracert.com and get the ip of that server. Then get the black ice dude's ip address and trace him from that server.....telling him that you suspect that he will be hit from THAT ip address before you do it.

Talk about a barrel of laughs. That guy will be trippin out, convinced that he is under attack, while being amazed at your clairvoyance. After a few times, simply tell him what you are doing and explain to him that his product goes a little to far on the paranoia side. Of course, some people still won't believe you. Just forward them on to the abuse department with the appropriate notes on the account.

When I first got cable a month ago I obviously knew I needed a firewall. A friend told me to get the same one he was getting, BID. I thought it was working well but I found it quite odd that I was pingable when I did the security test here at DSLr...perhaps there were settings I overlooked...I'm not sure. All I know is while on IRC I nearly got a virus that BID claimed slipped through and I had it. I'll give credit where credit is due...BID's extra info page gave me good info on how to find and eliminate the virus and apparently I didn't get it anyway although BID said it made it in. However, shortly after that BID started going off the wall and the engine would shut down, BID would cause me illegal operations msgs and the whole works. It was then I that read into BID more and found out it wasn't really a firewall in the true sense...so I switched to ZA...so far I love it and I love how it asks permission for everything to connect to the net.

Being pingable is not a bad thing. Its when someone tries looking for services that you need to stop them. Most of the hackers won't try you if they can't connect something to your computer, they'll move on.

give credit where credit is due... if it weren't for Steve Gibson and his site most newbies would be clueless about security and firewall protection...

alarmist? I think BID instrusion alerting is alarmist...Steve Gibson site spread information that is painfully true. Don't put a firewall on your machine and you can be sure eventually you will be victimized.

Explain again why someone should spend $39 for a product that doesn't prevent outgoing packets? and lets incoming packets all the way up to the software level? Zonealarm is FREE.

Will

I, like many, have found his site quite useful for tightening our PC's. The man is not a soapbox preacher but a testing freak. If he says Win2000/XP has security flaws, it's not because he dreamed it, he has the evidence. Look at all the hassle he undertook to feret out and pick apart the bot that was DOSing him.

All I can say is thank you Steve, I'll keep visiting your site on a regular basis.

If you can afford to pay $40-$90 per month for high speed internet service, you should be able to afford a decent hardware firewall or NAT router solution. I use the Netgear FR314 which is based on the Sonicwall Soho feature set. Price varies from $220-$299 but is well worth it if you want more than simply NAT. Linksys, Netgear and D-link all have decent NAT connection sharing devices in the $100 range. Combining any of these with ZoneAlarm or a similar product that WORKS, a good, ACTIVE auto-protecting antivirus program and doing regular scans for viruses/trojans and locking down the ever surfacing MS security holes is about the best you can do.

The Art of Xyn

I use a Linksys Router for all of my connectivity to my cable modem. I have a Linksys Router connected to a switch and the switch is connected to my print servers, computers and web appliances. Is the Router enough security? I use the Linksys Log to see all the incoming and outgoing communications on the network and all network traffic that I record is normal. I only had 1 record that I had did a background check on and I found that it was my computers anti theft tracking system. The router showed that alert and I use neotrace to find out where that connection was coming from and I found that it was not a security breech. I do not use software firewalls at all. Can you tell me if it would give me even more security to install a software firewall like ZA on my network or am I fine with my current config?

I ran BID for a while and consistently got a blue screen on shut down.
I ran ZA for a while and while I didn't like the "opt-in" at first, I got used to it and even paid for the upgrade when I went to DSL.
ZA hums along in the background and doesn't bother me unless there is a serious security breach attempt.
It's kinda fun to watch all the odd port scan attempts from the script kiddies.

said by mdavis4:

---

Can you tell me if it would give me even more security to install a software firewall like ZA on my network or am I fine with my current config?

---

ZA would definitely add more security. If you happen to download a malicious program, and that program tries to connect to the internet (or even your LAN for that matter), ZA will pop up with the message. At this point, I doubt any single product will provide the real protection that most people would desire. Most likely a combination of few good products will bring you closer to "secure"(is it possible to be truly secure?)

Steve Gibson is right. BlackICE denfender is a bad firewall. I use zonealarm. It is the best software firewall in the world.

OkOk! I have BID and I think it works good. I faithfully used ZA for 1.5 yrs until the latest update crashed my Win98se for the 327th time! I don't need that.

BID is good and more stable, IMO, than ZA.

No, it doesn't check whats going out but Tiny Firewall does and for free also. Steve Gibson has good points and I have used Spinrite faithfully since 1993 on all drives I have ever had. But, if we all lived in Steve's world we would live in Titanium lined boxes 6' under ground with only anti-static clothing between our birth-day suits and the .0000001ppm dustfree air!

Their are viri on the Internet, their are viri and bacteria all over your skin and inside your body. Your body is under attack at all times. Just keep healthy and you'll do fine. Your car has a firewall too. If your ignition malfunctions and the engine cathes on fire and blows your car to "smitherines" are you going to sue the manufacturing for a faulty firewall??? Deal with it and let's keep the parinoia under control.

I may be going out on a limb here but; can any one honestly say that they themselves or any one they know, or any one that they know, knows of any one else; that has lost their life because their Windows system, unknowingly, sent out the vers. of Windows, browser, browser vers., Windows vers. their Grandma's secret recipe for her yummy strawberry preserves, and their IP address?

Just my thoughts...