From: Duane Arnold (notme_at_notme.com)
Date: Mon, 09 Feb 2004 03:59:21 GMT
"RaYzor" <firstname.lastname@example.org> wrote in
> "Vinnie" <email@example.com> wrote in message
>> Never see much posted about BlackICE anymore. Am I the only one who
>> still uses it?
> BlackICE is useless and it has been proven thaqt it is all a scam.
> See also http://grc.com ...
> "BlackICE Defender had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs
> being held by the Zombies and Trojans running inside the poor "Sitting
> Duck" laptop. I knew that BlackICE Defender was a lame personal
> firewall, but this even surprised me.
> The Zombie/Bot happily connected without a hitch to its IRC chat
> server to await further instructions. The Sub7 Trojan sent off its
> eMail containing the machine's IP and the port where it was listening.
> Then it connected and logged itself into the Sub7 IRC server,
> repeating the disclosure of the machine's IP address and awaiting port
> number. No alerts were raised, nothing was flashing in the system
> tray. The Trojans were not hampered and I received no indication that
> anything wrong or dangerous was going on. "
> It goes on and on ... then this ...
> "I performed one final test: As I had with ZoneAlarm, I attempted to
> connect to the Sub7Server Trojan running inside the "Sitting Duck"
> machine on the IP and listening port number the Trojan was advertising
> all over the Internet . . . and it worked perfectly. I received Sub7's
> "PWD" prompt asking me to login..."
> BlackICE should not be used by anyone. Get the free Zone Alarm, or
> the $30 Zone ALarm Pro.
When you become a verified security computer testing lab, then I think
someone will believe something you have to say on BI. You're not an
expert on BI or any host based FW for that matter, because if you did
understand a FW, you would know that a program that's running behind a
FW that solicits traffic by sending outbound packets to a remote site,
the FW is going to allow that solicited inbound traffic back to the
machine. That's called a stateful FW application. Any inbound traffic
that is not solicited or unsolicited inbound traffic to the machine is
going to be stopped by the FW, because no application or program on the
machine solicited the inbound traffic.
You don't seem to know the first thing about BlackIce or any FW it seems
like. It's the same situation on a FW appliance or a router for that
matter. If a program running on a machine behind one of those devices
solicites inbound traffic from a remote application the solicitation of
inbound traffic from a remote IP, then those devices as well will allow
traffic back to the machine.
It's a shame that you have made such a low quality post as this on
something you apparently have no *clue* as to how it works. BI, does stop
Trojan activity on a machine, if one knows what he or she is doing with
BlackIce to prevent it.