Black Ice 3.6

ZA, I thought you were an Avast junkie - what, now you want a Zone alarm firefox theme? hehe.

 

Whats a firewall got to do with Avast! ? yes I'm an Avast! junkie and I want a FF skin that matches Avast!

I switched firewalls because of the Sygate Loopback problem with Webshield

 

erm...sniffing too much arctic silver?

 

Lynchknot - I don't see any obvious way to restrict ports and addresses on an app by app basis. You can block ports and addresses with rules in the firewall. I'm still looking things over here, so correct me if I miss something.

I believe you can go into the advanced app section and toggle some settings if you need to on an app by app basis. Whether to terminate or block for internet access, and whether to terminate an app on execution, etc.

I don't see any way to turn off the firewall and just use the app control features and IDS.

For my purposes, it's looking pretty good here, but it may not be what you need.

You might want to also check out Tiny Pro 6.5. It has some nice features as well, including an IDS/IPS system and heavy duty Windows protection features, and on and on. The price tag on Tiny 6.5 Pro is pretty steep at $100, but if it has what you want, then it might be worth it. If you're looking for just an IDS for use with other firewalls, there are several, such as Snort. I'm not too familiar with them, but I know they exist.

PS: I just found some of your FF themes... pretty nice..

 

It's a neat program. But I already have a router, so outbound protection is most important for me - perhaps BI is not the best for me. I do run a couple programs that act like servers, so I hope Outpost is ok for that.

 

Outpost should handle that ok. You can do pretty much what you want or need with the rules on an app by app basis... Outpost is nice..

 

ahh, that may be the ticket. The configurability of Outpost pro with the intrusion detection of Snort.

 

I did buy Outpost Pro about 4 months ago. I should probably be using it since I spent the money on it, but I keep getting side tracked by all these other firewalls...

Snort was a little over my head I guess.. I tried one implementation that configured and set itself up automatically for me, but it was way too much for me to deal with even so. I guess I like it when the IDS is built-in to the firewall like in BlackIce and Tiny. Kerio 4 has it also, but I don't know how full it is.

 

K,

Securepoint also supports IDS with its free Nuzzler utility which is supposed to be based on Snort.

 

Arup - I noticed that yes.. Tried Securepoint once recently and it still had some bugs. But I hear it has good SPI, if you can believe what you hear...

 

It doesn't support ICS otherwise would have given it a run as it looks quite promising, especially when combined with Nuzzler.

 

Snort needs WPCAP.DLL - I wonder why they don't have the full package? WinPcap also supports an open-source packet sniffer called Ethereal.

*edit - wow, configuring snort.config is a handful. I'm going to search for a guide.

 

You said a mouthful there.. I took a look at what you had to do to config it all and I gave up before I even started. Good luck though..

 

So Outpost's limited IDS should do? What I was worried about is bad traffic not being filtered out of ports I need open. For example, some games need server rights. Should I get BlackICE or something with an IDS?

 

hehe, forget it. I don't have enough asprin. However this could turn out to be a headache but True Images makes me brave:





Outpost warned my about another 3rd party firewall. I have BI set to start manually with App control turned off. So far no problems.

 

I noticed that BlackIce does tend to use a little cpu.. Similar to Sygate. Outpost uses almost nil on my machine. Both use a little ram too. I don't mind ram usage as much as I mind cpu usage. I like to keep the cpu usage down. So far though, it's not bad. Around 1-3% here.

 

Well, i've got both Outpost and Black Ice running at the same time, as you can see - not much CPU usage so I guess no real conflict of that nature. I have 1 gig of ram so i'm not worried there as well. I'm just wondering if BI is going to do it's job.

 

Should do it's job I guess. I don't know either, but BI's primary emphasis has always been IDS, so I would hope that it does it's job. It's been around for a while.. I guess you either have to have faith in it, or test it somehow.

Now you've got me wondering if I should try the Outpost/BlackIce combo too. After all, I did buy Outpost, didn't I? I should make use of it..

Are you seeing anything in your Outpost logs inbound? I've never run 2 firewalls, but I would think that one or the other would grab incoming packets first, leaving the other to do nothing, or just catch what the first missed. Or in this case, maybe Outpost will block traffic, leaving BlackIce to catch intrusions? I'm not sure exactly how the 2 will work together.

You've got my curiosity going...

 

What I mean is the fact i'm running outpost AND blackice together. I hope the combination of two firewall's does not affect it's function. Connections are fine though. I even have a high ID using Emule. So far, I don't even notice it. Browsing speed and app starts ups are all normal.

App control is disabled in BI as is IMON for NOD32 (for now) and I manually start BI.

 

Hmmm... I'm thinking that if Outpost gets the incoming packets first, then BlackIce may never see them, and hence never get to analyse them for intrusions. However, BlackIce will still analyse your browser traffic on remote 80 and whatnot, which Outpost won't do, so in that sense it probably will work.

I'm kinda surprised that Outpost is accepting BI running at the same time. I remember once having Kerio 2 installed and then installing Outpost at the same time, with Kerio 2 service disabled. Even so, I got BSOD's and had to boot into safe mode to remove Kerio before Outpost would boot up normally. I thought that Outpost was rather touchy about that..

 

Hey korodo - You're from LA huh. I was a student at Alhambra High School (4 years) and UCLA (for a short time)

I imagine I will receive warnings from outpost every time I reboot.

BI just asked for DNS outbound through Outpost

How can I tell what it's monitoring?



Outpost's IN/OUT



**edit I just got an intrusion warning (I think the tray icon was flashing yellow icon)

 

Yep, UCLA is nice.. I almost went there myself, but went to Cal State Long Beach instead. Small world eh?

I guess BI is just doing some dns resolution for stuff it sees coming in and asking Outpost for permission to look up dns? This is getting really confusing already. I just might have to try it here myself.

Are you using XP? I'm Win2k. Don't know if they'll coexist here for me... That may be my experiment for tomorrow night..

 

I edited above - did you see that? Do I have this set correctly?

I'm trying Sygate's site Trojan scan. One or the other should report a scan.

 

Not sure about that. I just left it at the default. Your intrusions are most likely just incoming TCP connection attempts. In the Event section, you can right click on the columns and tell it to display source/destination ports and other info. I like to see what the ports are. So far all I've seen here is the typical TCP connection attempts that you usually see in any firewall. BI doesn't even bother logging incoming UDP unless it's part of some kind of UDP scan or something.

I told BI to log packets in the settings, and then went out and looked at some of the logs. They're not text files, but I could make out some interesting stuff in there. I actually saw parts of my emails in those files. So I take it BI is even monitoring my email in and out. Interesting...

 

Here's info about the three:

I think perhaps I should also disable Outpost's blockpost plug in for now.