Re: No Black Ice trial-ware or free version?

From: Duane Arnold (darnold92@Insightbb.com)
Date: 12/16/02 

From: "Duane Arnold" <darnold92@Insightbb.com>
Date: Mon, 16 Dec 2002 03:43:53 GMT

> I must say I was very impressed with the
> readme file that listed all the known quirks and the workarounds that
would
> need to put in place if certain programs and/or settings reside on your
> computer. At least BID is honest about it (since they don't seem to know
> how to fix them in-house).

Well, I would think that they would, since the software is to protect
servers and client machines in a networked environment and not the home. The
administrators of such a product that did not informed the admin(s) as such
would be called on the carpet.

> I had it do the application scan which was very thorough, if not
> pointless

For you it's pointless and I guess for the average home user that doesn't
understand that an attack can come from many program types such as an OCX,
DLL, VXD, etc, etc. it's pointless. But for me and my setup, it had better
damn well be able to tell me about any component that is trying to execute
the machine or communicate back to the Internet on the machine. And I don't
care what it is. It had better tell me about any sub-component program doing
anything..

It had better be able to stop anything from installing itself on the machine
and executing. And BID does this very well. So a program called
solitaire.exe with a different time stamp hit the machine and I want to play
solitaire. But guess what, its not solitaire (and I am going to use this
word) it's MALICIOUS and it's not
solitaire. At least BID and I hope I would have a CLUE that something was
up!

> As far as blocking (stealthing) ports, 113 is closed for business now (it
> was stealthed under Outpost) so that's no help

That stealthed word is a, well what can I say about it. If Outpost, BID or
any software firewall had Stateful Packet Inspection (SPI), which means that
for every incoming packet there was an corresponding out going packet from
the source (statefullness), I guess it would mean something. They do not so
the point is moot. My only concern is the port is closed and nothing else. I
can't see you, because you hiding from me, but I just PINGED you so I know
you're there.

> I went to numerous port
> scan sites and all that are capable of seeing where I've been can now see
> where I've been thanks to not being able to shut down referers as I can in
> Outpost.

I am not concerned about being able to be seen where I go on the Internet. I
only need the IDS/firewall to do one very important thing, that's to stop
an attack from reaching the machine. So, you see that is moot to me too. I
don't need a nanny.

> Sure, you can install a seperate FW and popup blocker and DNS cache
> and this, that and the other thing but what's the point. If it comes in
one
> interface, everything works together and is easy to configure then get it
> but don't bloat something more than what it deserves

Yeah, what is the point? I don't need none of it.

> The point is, a firewall *should* be more than just blocking ports.

Too me a software firewall for the Windows desk top means:

1) Being able to accept or reject network traffic on specified IP(s) and
ports UDP/TCP.
2) Being able to stop an installation from happening on the machine without
approval.
3) Being able to detect any program element that is trying to execute on
the machine or communicate back to the Internet without approval.
4) Being able to examine the network traffic for attack patterns and stop
the attack if such a pattern is found. (IDS).

The total protection of the machine means:

1) Having an O/S such as NT, 2K, or XP that gives one the means to enable
security features of the O/S.
2) Have a good AV on the machine.
3) It's nice to have the router's NAT and SPI, if SPI is a feature on the
router, but NAT will do.
4) Know to enable the protection features that IE and OE have available on
the machine.

The bottom line here or in other words is to stop the attack by any means
necessary.

The software firewall is just one element in the total protection of the
machine. And the protection of the machine is a process and is not a given.

Duane :)

Relevant Pages

  • Re: Top General "Under the Gun"
    ... if the Enlightened Ones included Germans as a protected ... choosing which groups deserve special protection and privileges. ... Good hate crime laws ... to specific groups that are under a specific risk of specific attack. ...
    (rec.sport.football.college)
  • Re: 3-1/2 Spades?
    ... so first I call over director for protection, then I bid 3 Clubs. ... I think a variable NT a la Acol is a bit better, especially since it means you play all the transfer c**p vulnerable which would satisfy your desire for science. ...
    (rec.games.bridge)
  • Re: A Conservative Viewpoint...
    ... Protection of Works and Installations Containing Dangerous ... such attack may cause the release of dangerous forces and consequent ... Other military objectives ...
    (rec.music.gdead)
  • Re: 3-1/2 Spades?
    ... so first I call over director for protection, then I bid 3 Clubs. ... means you play all the transfer c**p vulnerable which would satisfy your ...
    (rec.games.bridge)
  • Re: Internet connection sharing - Norton, server, workstations
    ... Running NIS on the "server" will protect the whole network from network based ... Make it your outermost layer, ... because no layer produces complete protection. ... The second layer is a software firewall on each client computer. ...
    (microsoft.public.windowsxp.network_web)