I feel I need to add my two cents to the BlackIce Defender debate. In regards to BlackIce not stopping outgoing connections, in particular Steve Gibson's leaktest, read http://grcsucks.com/the.idiocy.goes.on.and.on.htm
<snip> "BlackICE does not currently prevent outgoing connections or traffic except in cases where these connections are caused by unsolicited incoming traffic, or are otherwise deemed "dangerous/suspicious" traffic by the BlackICE program. When the user (you) initiates an Internet connection, BlackICE assumes that you are aware of the exchange of information, and approve of it. In most cases, this assumption is correct (when you ask for information from a particular website for example). The leaktest is a specific program designed to test the "User-Initiated Outbound Blocking" feature of certain personal firewalls. It is not a generic hacker test, nor it is a test of your computer's security. In fact, leaktest does not do anything malicious. If it was a hacker program, we would add it to the list of detected Trojans, just like we detect Back Orifice and SubSeven. Because the user initiates the connection with the GRC site, BlackICE will not prevent information from being exchanged between your system and GRC, any more than it would prevent information exchanges between your system and any other website. (To do so would drastically interfere with your ability to "surf" the Internet freely.) What happens is this: 1) You contact the GRC site and ask it to perform the "leaktest". 2) The site asks you for certain information. This is the same information that any other website asks for when you ask it for information (when you do a search on Yahoo, when you download something from a friend's website, when you ask for a price from a travel site, etc.). 3) Your system sends the information it was asked for. (This information is rather like confirming your "return address". It is needed to allow the exchange to proceed smoothly.) Under normal circumstances, you would then receive the information you asked for, and think nothing further about what just happened. With leaktest however, what you receive is this "dire warning" about how your system has been "compromised", when it was really just doing what it was designed to do!" <snip> As for trojans, refer once again to the same page. <snip> "You should know that the "threat" that the leaktest program supposedly exposes can be GREATLY reduced by using "safe computing practices". These include not running any program sent to you by an unknown or unfamiliar source; not running programs sent to you by friends and acquaintances that you did not specifically request; exercising caution when downloading shareware or Freeware programs, particularly from "catch-all" or "warez" sites; using passwords on all shared resources; and installing and regularly updating a good virus-protection program. Most (if not all) of theses programs gain access to a system by "conning" the USER into downloading them onto the system. Informing and educating yourself about these programs is still the first (and best) line of defence." <snip> As for Steve Gibson, the man is a charltan and fraud. He is the security community's Chicken Little spreading FUD throughout. His leak test, nanoprobes and Shield's Up have all been proven as scams. Pat McDonald -----Original Message----- From: Paul Leroy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 5:07 AM To: 'garren'; [EMAIL PROTECTED] Subject: RE: Feedback on BlackICE... Hi, One comment I have heard is that Black ICE Defender does not stop outgoing connections. I'll have to find the reference, but it was to do with a trojan that openned a control connection to an IRC server. This means that Black ICE Defender will not stop you from participating as a zombie in a DoS attack. This was about a year ago, so I don't know if this has been fixed/added in a later version. Paul Leroy. -----Original Message----- From: garren [mailto:[EMAIL PROTECTED]] Sent: 29 January 2002 08:41 To: [EMAIL PROTECTED] Subject: Feedback on BlackICE... Hi all, I am looking at BlackICE and wondering if anyone has good/bad feedback on the tool. Do you think it does a good job of the combined Firewall/IDS/etc security that it claims it does? I have it installed and running and it has caught a few port scans and a DoS on my system but that could be just window dressing. Feedback is a good think... looking forward to yours. Cheers... "This e-mail may contain confidential information and may be legally privileged and is intended only for the person to whom it is addressed. If you are not the intended recipient, you are notified that you may not use, distribute or copy this document in any manner whatsoever. Kindly also notify the sender immediately by telephone, and delete the e-mail. When addressed to clients of the company from where this e-mail originates ("the sending company ") any opinion or advice contained in this e-mail is subject to the terms and conditions expressed in any applicable terms of business or client engagement letter . The sending company does not accept liability for any damage, loss or expense arising from this e-mail and/or from the accessing of any files attached to this e-mail."
