(no subject)

From: Jeff Cochran (jcochran@info.der-keiler.de)
Date: 07/23/02

From: jcochran at naplesgov dot com (Jeff Cochran)
Date: Tue, 23 Jul 2002 18:29:22 GMT

>> Actually, Gibson is pretty much dead on right.
>> I'm American. And I do know about intrusion detection. And I realize
>> that detection and prevention are two very different animals.
>Well, Gibson was rating BlackIce as a firewall [at a time when BlackIce was
>being sold as an IDS].

As I recall, he rated it as a firewall because it was being pushed as
a personal firewall. And as I recall, the "war" that developed fueled
even more animosity, when Black Ice users were sending reports to
Gibson's ISP that he was attacking their system, after they requested
the attack as a test. :)

>Snort would have failed his "LeakTest" test as well,
>because neither Snort nor BlackIce were designed to do what he was testing
>for [blocking trojan. To me that's a little bit like comparing apples and
>oranges. It's a good thing Steve didn't run his Leaktest test against
>Snort, because then a large portion of the security community would have
>been against him, instead of just a portion of it.

This is absolutely true. There is a definite difference between an
IDS and a firewall. Even though the lines are getting blurrier every
week, mostly due to the marketing hype.

>The best solution is not always the one with the best technical features,
>but sometimes is the one that's the easiest to set up, the one that runs
>pretty well in the default configuration, or the one that's easiest to

And that "best solution" depends dramatically on who the solution is
for. Which makes any blanket statement, whether it's "Black Ice is
what you need," or "Black Ice is crap," pretty useless.

And that's what I objected to the post for, not that Black Ice is bad.
Just that it may not be the right tool for the job that needs to be

Of course, I also need to keep in mind the groups posted to. Some of
these support vastly different sets of users, with different sets of