Security: beware of BlackIce Defender

Discussion in 'Trading Software' started by harrytrader, Jan 3, 2003.

  1. just use .. it is the best..crushes blackice into little ice crystals...i couldn't care less if you installed bi on a thousand puters..why piss around with anything else BUT THE BEST? you don't know what you are talking about,. WHY WOULD ANYONE USE BLACKICE WHEN ZONEALARM IS BETTER & FREE?? WHEN YOU FIND SOMETHING BETTER USE IT
    #11     Jan 5, 2003
  2. igsi


    I agree with you to some extent but the problem is ZoneAlarm is not perfect. There are known stability issues which force many users to look for other solutions. Besides, it's easy to find ZA annoying. For those who are looking for alternatives, I'd recommend sygate Personal Firewall, which I think is a better choice for computer savvy people. Same as ZA, there is a free version, which is good enough, and there is a commercial Pro version.
    #12     Jan 5, 2003
  3. dottom



    You are not comparing the same thing. If you are going to shout (i.e. caps) might as well get your facts straight. BID is an IDS (with firewall and outbound connection management). ZoneAlarm is firewall only.

    Scenario :
    - User has IIS installed
    - IIS suffers from the ISAPI Buffer overflow.

    Zone Alarm Firewall:
    - Since ZA is setup to allow Inbound connection to IIS port 80, it will do so. It will also let pass the malicious buffer overflow attack which will exploit IIS.

    Result : Security compromised.

    BID is an IDS that analyzes the activity of the inbound packet.

    P.S. BID is free if you know what you're doing.

    P.P.S. There are much better other forums for discussions on Firewall vs. IDS vs. outbound connection management, etc. Try or
    #13     Jan 5, 2003
  4. Minime


    Here's a comparison I found (probably out of date).
    #14     Jan 5, 2003
  5. igsi



    your post did not contain solution section, so, here it is:

    -Download and install IIS patches

    As you can see, BID has not been used to solve this problem.
    #15     Jan 5, 2003
  6. dottom


    btw, many people have used both BlackIce and a firewall product to gain the benefits of IDS as well as firewall. Since BlackIce's 2.5 product, though, their firewall capabilities is just as good as ZA, Tiny, Symmantec's or any other personal firewall.

    An example of another difference between IDS and firewall- if a hacker attempts to port scan your machine, your IDS should recognize the port scan and immediately lock out that IP and notify the administrator. A firewall will just let the hacker continue to port scan, allow scans on the open ports and just dropping packets on the ports not allowed.

    Here's a general overview of IDS and some other security related topics:

    BlackIce got a bad rap for its earlier firewall product (version 2.5 and before), and many users were using BlackIce thinking they were buying a personal firewall when the firewall capabilities used to be limited. In fact, for awhile the debate on BlackIce vs. ZoneAlarm was quite interesting because most people used both products simultaneously.
    #16     Jan 5, 2003
  7. dottom


    What happens between the time an exploit is discovered and when Microsoft announces patch, and the user installs it.

    The point is that BID, as an IDS, will prevent malicious activity that a firewall will let through. For example, you run a web server, your firewall allows all traffic on HTTP and SSL port. If there is an exploit with your web server or SSL then you have absolutely no defense until patch is available and installed. BID can detect maligned, unicode, ISAPI buffer overflow, etc. exploits even if that specific exploit is not in its database.

    BID, like any other IDS, is not designed to be the solution. Obviously the solution is to patch the vulnerable service. What an IDS does is buys you time and protects you against the known and the most common exploits.

    I really don't know why there's so much damn discussion... IDS and firewall are two different things. Use both!.

    P.S. And go to Google and search on one of the mentioned Usenet groups to get reams upon reams of discussion. Keep the discussion here to trading!
    #17     Jan 5, 2003
  8. igsi


    Nothing. Absolutely nothing. All those infamous attacks targeted unpatched machines for vulnerabilities for which patches had been released months before.

    The average user does need IDS on her desktop.
    BlackIce Defender is not a tool to protect server either.
    #18     Jan 5, 2003
  9. Well if you don't have any firewall on your tradestation don't complain if one day your account would be hacked :eek:

    I remember a post on financial chat I think where the guy complained his IB account had been hacked.

    As for wealth-lab I have bought version 1.0 and was very upset. Since it seems better but I have chosen another solution. Perharps I will try again.

    #19     Jan 5, 2003
  10. igsi


    And why would I want to be notified every time another kid decides to port scan my machine if my machine is firewall protected?
    #20     Jan 5, 2003