Re: Blackice Firewall

From: Duane Arnold (notme_at_notme.com)
Date: 04/03/05


Date: Sun, 03 Apr 2005 19:00:32 GMT

Redmond du Barrymond <redmond@STUFFIT.invalid> wrote in
news:ibb051lifjg2v92364udsdsf1v07t810fq@4ax.com:

>
> http://www.grc.com/lt/leaktest.htm
> NetworkICE's BlackICE Defender Update
> Apparently Designed to Mislead its Users
>
> Eleven Months after the release of our first, simple, but effective
> and popular (4,340,641 downloads) LeakTest firewall testing utility,
> BlackICE Defender (BID) continues to "leak" as defined by LeakTest.
> But a recent update to BID (version 2.9cai) was hiding this fact from
> its users by effectively cheating the LeakTest.
>
> Rather than enhancing BlackICE Defender by adding the sort of
> application-level controls that are available even from many
> completely free personal firewalls, BID's publisher, NetworkICE,
> apparently chose to prevent LeakTest's intended operation by adding
> specific awareness to BID of LeakTest's remote testing IP.
>
> http://www.zdnet.com.au/reviews/software/security/0,39023452,20264708,0
> 0.htm
> BlackIce PC Protection: Dark and slippery
>
>
> PC protection is a must, but many users will find BlackIce PC
> Protection's interface and rules baffling.
>
> Waves apps through the blockade
>
> Confusing, cluttered interface
>
> Diligent but bothersome
>
> Not everything is in stealth mode
>
> http://www.informationweek.com/841/langa.htm
> Good And Bad Online Security Check-Ups
>
> You might think this a harmless prank, but I don't. That's because the
> site is using this ruse to scare users into buying a copy of Black Ice
> Defender, a personal firewall, supposedly to prevent this
> "vulnerability." (If you examine the site's sales URL, you'll see that
> the site owner is an "affiliate" of Network Ice, the publishers of
> Black Ice Defender.
> ------------------------------------------------
>
> You people seen enough or do I have to beat you around the head some
> more?
>

This is even more outrageous than that other poster who didn't know
anything.

And we have another one running around in the NG. It seems like once a
year someone shows up that's hit the Gibson site. ;-)

The notion of stealth is crap and as long as the port is closed it is
closed and stealth means nothing. I didn't get the expected response back
from the FW when I did the prob. So I know that you're there for sure.

This is old an outdated stuff you're posting here about BI and Gibson's
Leakiest. BI was configured to detect the LeakTest with the LeakTest
signature being detected along with Application Control that was placed
in the application to prevent LeakTest.exe or any other type of program
from phoning home if the user's so chooses to stop the Leaktest.exe from
communicating or executing.

LeakTest is crap an is by no means the marker of a FW solution's ability
to stop traffic. Even FW solutions that cost $,$$$$.$$ cannot stop
Leattest. If a program running on the machine makes a solicitation for
input from a remote site or IP like the Leaktest client program making
contact with the Leaktest server program, then the FW is going to allow
that traffic back to the machine -- period that's any FW solution. The
only way to truly stop traffic is to block that IP with a FW rule to
block inbound or outbound traffic for the IP.

You need to settle down and stop running around in the NG with this non-
sense.

Could it be that you're using ZA? ;-)

Duane :)