Its not a matter of believing Steve or not. Its objective technical facts and I agree with Steve's interpretation of these facts. Regarding Steve's understanding of IDS: your arguments are personal and not technical (reminds me political discussions). I think that I understand architecture and security and in my opinion NIDS can't detect most professional attacks by cyber-criminals. The reason: NIDS scanning for signatures is not related to content format and context.
Mike On Tue, 29 January 2002, "Kevin Brown" wrote: > > BlackICE is a robust and useful personal FW/IDS. The IDS sigs are more > robust than the logging features offered by other personal FW vendors. With > the recent changes they've made over the last year or so, you can crank the > security level up and open up specific ports, rather than lowering your > security settings so some apps will work. Also, you can add and remove > individual IPs or entire subnets. This ultimately gives you much more > flexibility for Internet facing PCs. > > It does not do outbound blocking like Tiny or Zone Alarm. This is a > complaint many people have, but I find that to be a more annoying than > useful feature anyway. And it's important to understand the nature of IDS > before freaking out over what you see in your logs. Many people claim that > BI overreacts with all the alerts, but if you don't worry over every port > scan, it shouldn't bother you. > > Other negatives are that you can't turn off any of the sigs (for repeated > false positives). And some sigs are a little vague in their description, so > it won't tell you the difference between a Code Red or a Nimda scan for > example, but you probably don't need that much granularity for a personal FW > anyway. At that point you'd probably want a dedicated IDS system. > > FYI, don't believe anything Steve Gibson says about the software > (www.grc.com). He has no idea what an IDS is and therefore has no idea how > to use BI. > > Brownfox > > > -----Original Message----- > From: garren [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 29, 2002 1:41 AM > To: [EMAIL PROTECTED] > Subject: Feedback on BlackICE... > > > Hi all, > > I am looking at BlackICE and wondering if anyone has good/bad feedback on > the tool. Do you think it does a good job of the combined Firewall/IDS/etc > security that it claims it does? I have it installed and running and it has > caught a few port scans and a DoS on my system but that could be just window > dressing. > > Feedback is a good think... looking forward to yours. > > Cheers...
