black ice defender

From:
Date: 08/14/02 

Date: Tue, 13 Aug 2002 18:42:22 -0600

This post is from the web site of http://www.grc.com, or Gibson Research.
They have a port-probing utility that tests to see if your system is at
risk, etc. I found this blurb about Black Ice on their site (the link to
download LeakTest)

NetworkICE's BlackICE Defender Update
Apparently Designed to Mislead its Users

Eleven Months after the release of our first, simple, but effective and
popular (3,102,549 downloads) LeakTest firewall testing utility, BlackICE
Defender (BID) continues to "leak" — as defined by LeakTest. But a recent
update to BID (version 2.9cai) was hiding this fact from its users by
effectively cheating the LeakTest.

Rather than enhancing BlackICE Defender by adding the sort of
application-level controls that are available even from many completely free
personal firewalls, BID's publisher, NetworkICE, apparently chose to prevent
LeakTest's intended operation by adding specific awareness to BID of
LeakTest's remote testing IP.

      Demonstrate This for Yourself
       If you are using the current version of BlackICE Defender as of this
writing (version 2.9cai), you can click this button to have your web browser
touch the old LeakTest IP address and port:

            BlackICE will alert you to "LeakTest trojan horse activity" even
though your web browser obviously has NOTHING to do with LeakTest.

            BID's fraudulent LeakTest detection is "misfiring" because it
was never designed to truthfully test for LeakTest's outbound
communications. As far as we know, BID has no such capability. So it appears
to have been designed merely to mislead and hide that truth from its users.

This IP address-specific blocking could have falsely lead BID's users into
believing that their updated BID firewall was now providing the sort of
outbound blocking, protection, and awareness that LeakTest was designed to
detect, test, and report. (And which all effective personal firewalls
provide.)

Although we would celebrate the addition of true outbound application-aware
control and blocking to BID, achieving that sort of protection is
significantly more difficult — and certainly far more valuable to its
users — than blocking a single IP address at Gibson Research Corp. in order
to falsely appear to be doing more than they are.

LeakTest Version 1.1:
Shortly after we learned of and confirmed this unfortunate decision on the
part of NetworkICE's developers, we updated the original LeakTest v1.0 to
version 1.1 by simply changing LeakTest's remote connection IP and port
number. With that small (two byte) change, LeakTest was again able to
communicate out through BlackICE Defender's complete lack of defenses, as it
always has — and as any other malicious hackerware or spyware presumably
also could.

begin 666 transpixel.gif
M1TE&.#EA`0`!`( ``````/___R'Y! $!``$`+ `````!``$`0 ("3 $`(?Y0
M1DE,12!)1$5.5$E460T*0W)E871E9"!O<B!M;V1I9FEE9"!B>0T*4U1%5D4@
E1TE"4T].#0I':6)S;VX@4F5S96%R8V@@0V]R<&]R871I;VX`.P``
`
end

Quantcast