BlackIce Pc Security.

Discussion in 'other firewalls' started by bigc73542, Nov 20, 2003.

Thread Status:
Not open for further replies.
  1. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I received a free copy of BlackIce Pc Security and would like to know if anyone uses this program or knows if it is any good at what it does. I appreciate any responses you may post about this app.







    - removed unnecessary attachment.
     
  2. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    It's reporteclly an excellent IDS (Intrusion Detection System) and particularly good for those who run servers. As far as outbound monitoring and blocking, although BI has program component control some users indicate it's still less than an ideal implementation and other software firewalls are preferable for the outbound stuff. It depends on your needs.
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I appreciate your response on this . I installed BI but I could not get it to stealth so I took it out. I wanted to know if maybe I was doing something wrong, but I beleive there are better apps for my needs. Thanks sig for your input , it is appreciated. ;)
     
  4. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Is it ok to use it with ZA Pro? Ususally BlackICE will explain in more detail something that ZA stopped.
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I wouldn't think it would be a good idea to run two firewalls at the same time. They usually don't play nice together.
     
  6. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    mvdu: Both BI and ZAP have changed so much I don't know how it is running them together. In the past ZA and BID frequently were used together without problems. I don't know how both "get along" with each other now. It they work OK together and you don't mind the additional resources used I'd figure it's up to you if you want to use them both.

    bigc: The stealth thing may just be a matter of tweaking the settings. Although for those running servers stealth is not that big of a deal since the whole point is to be visible and reachable. An actual user could provide much more helpful info and assistance for anyone considering BI or just giving it a try. A number of BI users occasionally post at the Security Forum at dslr.com, but don't recall if some post here also or if ISS (BI's vendor) has a forum of their own.

    While BI is considered a very good IDS the average user might just prefer a regular software firewall like ZA, Outpost, etc. YMMV :)
     
  7. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    sorry for just popping in here... but is kerio2X ok...?? i am only using that though i hav ZA pro and Ez firewall in kitty but notusing more than one firewall at a time... so i din install them... i am ok with kerio??
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    That is the reason I didn't keep it. I prefer to have a firewall that is less of a chore to config, I use this comp. for fun the one at work is enough trouble without having it at home to.Since ISS bought Black Ice I under stood that it had changed the program is why I didn't think it would run with another firewall. But it wouldn't hurt to try. Now my only problem is trying to figure out who to give the BlackIce to o_O





    - removed unnecessary attachment.
     
  9. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Thanks - yes, they seem to be working fine together, but sometimes you don't notice a conflict. That's why I want feedback.
     
  10. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    mvdu: yeah that's why you're often told not to run two firewalls together, but that's also the only way you'll find out if it works out ok or not on your specific set up. ;)
     
  11. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    subratam: this is a thread about Black Ice, not Kerio. You really should not just drop into someone else's thread and ask about off topic issues. That's considered rude and is the kind of thing that moderators discourage in order to keep discussions on track. Manners aside, looking at it from a practical perspective, let's say someone is looking for a Kerio discussion: logically they would look for a Kerio thread, not a Black Ice thread. It's considered bad form to "hijack" a thread to another issue entirely.

    As for your question, as I seem to recall you've already have had at least two discussions, certainly at least one thread specifically regarding the Kerio firewall. If you have any more questions, consider posting them on those preexisting threads since your question is not new material. But I will respond here for expediency's sake:

    Kerio 2 is a good rules based firewall but, as BlitzenZeus I believe told you before, it is not for people who are newbies and don't understand how rules based firewalls work. It takes more than just casual study to learn, understand and apply what one has learned to bulid a secure rules set. I concur with Blitz's previous recommendation that you instead use ZA or ZAP rather than a rules based firewall like Kerio. But you evidently did not care to take the considered advice Blitz gave you.

    So I will add that when using a rules based firewall like Kerio the question should be not how good is the firewall, but how skilled and capable is the user at setting up a secure rules set? Since it is the user who determines how well the rules based firewall is able to protect the PC it is on.

    After actually having used Kerio, if you still think that your protection primarily is provided by the firewall software, then IMO you've missed the point of a rules based firewall. You really should then use software that is designed to protect you without much if any effort on your part. And that would be a primarily application based firewall such as ZA or others, but not Kerio.
     
  12. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Just out of curiosity, what was not stealth with BI?
    As sig mentions, it could be just a configuration issue. I have not looked at BI in some time, but in the past changing some settings involved modifying some files. The backtracing options selected could also affect your system being stealth (if stealth is what you are after).

    Regards,

    CrazyM
     
  13. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    So would you recommend I keep using BlackICE with it and just be attentive? I have a router, so I don't really need an IDS for inbound very much if at all - but IDSs give more detail as to what is affecting you. That's why I like it. I have a license for NPF 2004, and that has an IDS integrated, but I like ZAP more as a firewall. So I've been running BI with it.
     
  14. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
  15. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I tested BI at grc and PcFlank and it had quite a few ports open Not closed or stealth I tried a few settings but It didn't change much. It is probably just my inexperiance with BI. I will probably never know if it was me or the program because I don't plan to try it anymore. I am very happy with EZ armor Av and firewall that I am useing now. It has a lot of settings if I really want to get that deep in it :) The best part is that it didn't cost anything to try it anyway.






    - removed unnecessary attachment.
     
  16. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    would just want to say....
    i am sorry for posting off-track topic... and i would have liked to answer sig for his questions... but again i dont want to carry it on.. and moreover this isnt the thread to go on... cya frm here...
    take care yall
     
  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    subatram,

    It's not that big a deal - happens to many on ocassion. Let's conclude "lesson learned"and go on with life as usual ;)

    regards.

    paul
     
  18. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    BI will give you complete stealth on nervous and paranoid settings except ping icmp which can also be stealthed by editing the firewall.ini file (with notepad)...with this line
    This statement will block all ICMP Echo traffic for all IP addresses.put underneath [MANUAL ICMP ACCEPT]


    REJECT, 8:0, ICMP, 2001-10-15 00:01:00, PERPETUAL, 1000, unknown
     
  19. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Forgot to mention that port 113 ident is enabled by default but can be stealthed by opening advanced firewall settings and modyfying the rule to reject rather than accept.
     
  20. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    I have used BlackICE for several years as my only firewall and love it.

    Set it to paranoid and make the modifications to port 113 and you will be safe.

    Even if you set it to trusting or cautious you should be OK as on these settings it closes the ports with any services running on them - and if it detects any hacker activity on other ports it will detect it and close them also.

    Note: even if you modify the ini file as detailed earlier to reject pings, it will fail the test at pcflank - as the request for ping will have come from your PC - but if you get someone else to ping you it will be stealthed.

    I personally dont care about stealth.

    I love BlackICE as it is easy to configure and works well with windows messenger - set it to trusting (you are safe in this setting) - and you can send and recieve files and video etc.

    You can also set trusted IPs - but if it detects any hacker activity in this trusted port range it wil block it also. Cool!

    Have a look at the usenet group for firewalls. A guy who posts there "Duane Arnold" knows loads about BlackICE and will help you out with any problems - a nice guy.

    Hope this helps

    ChrisP
     
  21. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Thanks for the info. ChrisP :)
     
  22. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I ran BI for a couple of weeks and removed it. I can't say that anything was wrong with it; I just didn't feel comfortable with it. I know that isn't much of a reason, but it's all I can give.

    It was stealth on all the tests I ran and seemed to do the job. I guess it's a case of, the product just isn't for me.
     
  23. Aggressor

    Aggressor Registered Member

    Joined:
    Nov 21, 2003
    Posts:
    28
    Location:
    here
    Don't intend 2 wreak any havoc here among BID fans, but I reckon they should be made aware of a most interesting (and alarming) piece of news by following this link.

    I know, this must have occurred aeons ago, but the point is, if they could do this once to their customers, they could do it again... :mad:
     
  24. dom424

    dom424 Registered Member

    Joined:
    Aug 19, 2002
    Posts:
    41
    Location:
    Enid, OK.
    I use BID once and a while when I get ticked at ZAP on my XP machine. Believe me, version 3.6cbz will drive you nuts if the aplication that wants out has'nt been okayed. Just don't have a trojan on board when you do a baseline scan.
     
  25. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Well it has been a while since My last reply on this post. But I did some research on BlackIce and went ahead and installed it again. This time I was a little more prepared to tweak it. I am sure it is stealth now but I really can't confirm that because since the last time I had it installed I have added a wireless router and that alone has a one hundred percent stealth hardware firewall. But I wanted the protection of the application protection app and the intrusion detection system. It seems to be working better with the right tweaks this time.
     
Loading...
Thread Status:
Not open for further replies.