[Ham-Computers] BlackICE

[Hsu, Aaron (NBC Universal)]

Paul, Duane, et al,

There is always a reason for one's madness.  Steve Gibson is truly a well
respected person in the IT field, especially when it comes to data integrity
and security.  I've used Spinrite for 14 years and there's nothing else like
it.  Many moons ago, Steve actually recommended BlackICE over all the other
firewall applications out there.  But, when trojan style apps became more
prevalent, BlackICE fell behind the "rest of the crowd" by not blocking
outbound traffic.  This is where Mr. Gibson has a beef with BlackICE - and
possibly justifiably so.

I understand the reasoning behind the blocking/monitoring of outbound
traffic.  Trojans and "bots" all work because the outbound side of a
firewall is open.  However, there are circumstances where using a program
with outbound blocking can be a major nuisance.  The last time I used Zone
Alarm, I got pretty sick of seeing each and every pop-up that said my
programs were transferring outbound data.  And, since I use *A LOT* of
different programs in my field, configuring ZoneAlarm for each app was a
headache.  Of course, I could just configure ZoneAlarm to block all outbound
traffic, but then I still run into the same problem where my apps don't
work.  On top of that, when I finally decided to uninstall Zone Alam, my
system became "hosed" to a point where it would no longer boot properly.
Most of you know me and if a system gets to this point, it's pretty badly
hosed!  I eventually ended up re-installing the OS - not necessarily a bad
thing since I was planning on moving to Win2K at the time...just prematurely
unexpected.

I've been using BlackICE for five years and have not had any virii, trojans,
or other malware successfully attach itself to my system(s).  BlackICE is
less intrusive on a user and runs in the background without any user
intervention - it can also be configured to run complely "silent".  It has
never caused *any* networking problems (in or outbound) including with many
on-line games that I use to play.  It's successfully blocked *all* intrusion
attempts on my system (as proven by the fact that my system is completely
clean).  If one wants to look into more serious firewalls, BlackICE has a
bigger brother called "RealSecure".  Both are marketed by "Internet Security
Systems" (aka ISS) who is a world leader in data security software.

Now, I must add that I also keep my Anti-Virus programs up-to-date and I'm
very selective in what applications I run on my system.  IMHO, BlackICE is a
good choice for people who know absolutely nothing about computers and don't
know or want to know about configuring a firewall such as ZoneAlarm.  Is ZA
the better of the two?  IMHO, absolutely.  But, you must also weigh in other
factors such as usability.  I know of many clients who will absolutely
refuse to be "bothered" by warnings - even Anti-Virus warnings.  There are
also those situations where another vendor's application will not work due
to any number of conflicts.  These are the times when BlackICE stands out.
It's non-intrusive, easy to use, and compatible with everything (software
and hardware) I've used without having to touch the control panel.  Is it
for everyone?  No.  But it works great for me and none of my other friends
or clients have had any problems.

Just my humble 2 cents.


73,

  - Aaron Hsu, NN6O (ex-KD6DAE)
    {nn6o}@arrl.net
    {athsu}@nbcuni.com
    No-QRO Int'l #1,000,006
    . -..- - .-. .-   ".... . .- ...- -.--"
 
p.s.  Oh, and one other thing...if one does decide to use BlackICE, I
*HIGHLY* recommend that the "application protection" feature be turned off.
This was NetworkICE's attempt at adding outbound detection and it's just not
that great.  Since ISS aquired NetworkICE, they haven't done much to update
the app protection side of things...best to just keep it off.