| Product: |
BlackICE Defender |
| Date: |
30/05/02 (973 review reads) |
| Rating: |
 |
Advantages: Configurable, Reputable software house
Disadvantages: Interferes with applications, Not enough attacker detail
Is your Internet connection safe? Probably not in 9/10 browsers. Thats a fact.
ISS incidentally, who bought BlackICE, are probably the most reputable security company with regard to Internet and corporate network security products for intrusion detection and vulnerability probing.
When you dial into the Internet or use your ADSL/Cable Modem you are connected to one BIG network. Not only can you connect to web sites but you can connect to other people browsing just like you all over the world directly onto their modem.
Coomon operating systems like MS Windows have certain built-in features when installed by default. Most people who have a fast internet connection will share it amongst other PC's in their home, much like a business network. Windows has a useful, but very dangerous, feature called ICS or Internet Connection Sharing. A small 'peer-to-peer' network (PC's connecting to PC's for file and print sharing) connected to the Internet exposes all the available resources on your PC to anyone who feels like a look on the Internet. In this manner, your hard disk can be accessed by anyone on the Internet!! Not good!! Especially when you have your personal finance records like budgets, letters etc. etc. saved away in My Documents.
BlackICE Defender is a personal firewall application. Imagine your PC is a business. Lots of people work in this business with a telelphone on their desk. Your Internet connection works very much like their telephone exchange call management system. You phone the business telelphone number and it asks you what extension you want to speak to someone who works their. Every single thing connected to the Internet has an IP (Internet Protocol) address, the phone number. Now, to browse the internet and collect your email at the same time your PC uses 'port numbers', same as the extension numbers, to perform various tasks. For example, SMTP, used for sending email is po
rt 25. POP3, a mailbox where you pick up your mail is port 110. HTTP, what your browser uses to view web pages is port 80 and so on. So for example, my PC would connect or 'phone' a web site and use extension 80 to view the web pages.
Hackers will often scan huge ranges of IP addresses (like dialling numbers in a phone book) to find PC's with a certain Trojan virus installed or a certain port open for attack. Trojans are applications written that allow hackers to access your PC and often take full control of it from anywhere on the Internet. Very often these Trojan virii contain the ability to capture keystrokes so they can also record passwords used for ISP accounts and even your personal banking on the net. Once they have found you are vulnerable, they will come back!
BlackICE will intercept these incoming 'telelphone calls' and see if they are innocent or suspicious. By looking at the port number (extension number) it can also detetct if someone is probing your PC for known Trojans or services. PC's sharing files and printers on a network use ports 139, 138 and 137 with Microsoft products. If your PC is exposing these ports on the Internet, anyone else can use these resources just the same as your PC's linked together at home. The Internet is one BIG network after all.
BalckICE version I have also alerts you if an application is trying to access the network and ask you if you want it to or not. This is a very good way of detecting Trojan programs that may not be detected by your anti-virus software yet. Belt and braces so to speak.
A very tuneable piece of software too. You can open and close ports to allow access into your PC to specific IP addresses or all IP addresses.
The 'Alerts' window in my opinion leaves a little to be desired. I would prefer to see the full details of the attack by port number and packet size. As a general view it is useful but a bit limited i
n my opinion.
By default, BlackICE is configured fairly well to stop anything untoward happening to your PC from the outside. Changing these settings requires a bit of knowledge in some places!!
Security wise, there are four settings from Trusting to Paranoid. The problem here is that settings above Trusting can block UDP packets, for example, using Netmeeting incoming video streams can be viewed as malicious and blocked. Here you either have to lower your settings or trust the IP sending the video stream from the Alerts window by right clicking and Trust this IP....
Personally, I much prefer this application over Zone Alalrm. I found Zone Alarm hard to configure how I wanted it, the pop-ups were extremely annoying and didn't go away!!! The advantage is Zone Alarm is free but you gets what ya pay for these days especially in software!
Summary:
|
Last comment:
 |
- 30/05/02 Sounds like this is something I need! |
|
Deutschland 
España 
Italia 
France - 
