BlackIce Defender - ideal protection for the novice
Written: Sep 16 '00 (Updated Sep 23 '00)
|
Product Rating:
|
|
|
Pros: for the novice - easy to install, no configuration
Cons: poor documentation of advanced features (only on manufacturer's web site)
|
|
|
| ptiemann's Full Review: Macmillan BlackICE Defender (1575954451) for PC |
With more and more people being online 24x7 also at home, there is a market for protecting software. The risk of having a computer connected to the Internet starts with a shared C-Drive with a weak password or no password at all on it. A hacker could get full read access to your hard disk and find your file of passwords for your PC-Banking web site. Are you interested now in protecting yourself?
BlackIce Defender is the ultimate protection from unwanted Internet traffic for the novice.
My situation:
I have 3 computers in a local network with one of them being exposed to the outside world. This exposed computer obviously is the potential target of attacks while the other two are secured. The exposed computer runs some remote control software so I can access it from my office.
I purchased BlackIce and ran the installation program. Took less than a minute.
Zero configuration so far. BlackIce was installed and active.
The Good
My computers worked. Well, so it seemed.
Then I tried to connect to my home computer from the office's computer. It was not possible - BlackIce did not allow this 'unsolicited traffic'. Then I checked for the log file of intruders. My office's IP number was listed among the other computers from my home network and a few unknown intruders who had run port scanners.
It turned out that my other computers at home could not see the protected machine anymore either. No surprise - BlackIce blocked everyone.
I simply right-clicked on the "good ones" and trusted them. That was 2 clicks for each.
If I had wished to, I could have blocked the other IP numbers from unknown intruders. In that case, if they try to probe my system again, it would just appear to be non-existent to them. I tried the blocking feature in my local network and I could not even ping the protected machine. So the attackers would have to believe that I turned off my computer.
In my case, the log file showed that they tried only 2, 4 or 5 times (each) so I did not bother to block them.
At any time, when I feel like it, I can start the "BlackIce Utility Program" and look at the history graph. It shows the network traffic - the desired and the undesired. That's nice to see. It distinguishes between suspicious and critical activities. When viewing the log, there is a link for each attack that points to the company's web site where it explains what this type of attack means, whether or how dangerous it is and more.
BlackIce also allows you to click on the intruder and will show as much information as it could gather from the attack. The information ranges from an IP number with nothing else to a longer description such as this one:
IP: 63.193.132.148
Node: WIN95BOX
Group: FJS
NetBIOS: JODY
MAC: 004005A08BEF
DNS: adsl-63-193-132-148.dsl.lsan03.pacbell.net
(No, I still don't know who JODY is. And I did change the numbers slightly for the review. Appears to be a DSL user. If JODY would show up frequently, I would contact PacBell. They know who this number 63.... is.)
A nice fact is that BlackIce is not intrusive to myself at all. Normally I don't realize that BlackIce is running. It's just an icon in the tray - I forget about it for days.
Summed up, the good is
- Almost zero configuration - quick install.
- Extremely easy - made for novices.
- Educates you if you care to know what those "NetBIOS probes" mean.
- Shows you as much information about the intruder as possible.
- Not intrusive
The Bad
Well, BlackIce was made for the novice and it is not a full-scale firewall. I forgot to mention that I run a little web-server from my computer. Thanks to BlackIce, the web site can only be seen from my office computer (and from my computers at home, haha). In other words: Black Ice does not allow specifying blocking by port number (80 for http) through the user interface - SEE MY NOTE AT THE END. I could try to add my sister's computer to BlackIce's trusted list - but that won't work. My sister uses dial-up and her IP number changes every time.
To make things worse, I did not see that I could specify a range of IP numbers that I want to trust.
E.g. my sister is today 62.100.200.10; tomorrow she might be 62.100.200.40 and next time 62.100.200.50
I would be willing to trust 62.100.200.*
BlackIce doesn't allow such a thing.
My personal solution was to have the web server on a different computer and use my router's port redirection feature.
Summed up, the bad is what I listed as the best feature in the product:
- Almost zero configuration, too simple for advanced users.
Recommendation
I fully recommend this product to people with always-on Internet connections who do not intend to run servers - be it web/ ftp/ telnet or remote-control servers. BlackIce is the ideal product and it is worth the $40. You also get free updates for a year. In case you believe that your DSL or cable modem connected computer is not probed - get a freeware port monitor and you'll see better.
If you have a local network and want to run some servers, put out the extra $100 and get a hardware router. It's better than a software solution anyway. See my review on the Hawkingtech which cost $149 back then.
------------------------------------------------
Added note:
Blocking by port is not 100% secure either. Tunneling allows transporting any kind of packet within a packet of the allowed type (e.g. http, port 80). It is possible to exchange any traffic within the data part of the http protocol. But this allows special software on both sides that the private user would not have on his/her machine. This is more a threat for the system administrator in the corporate world who fears the bad egg of an employee.
-------------------------------------------------
Added note - 2:
One can manually edit the text file firewall.ini and block certain ports (services). The manufacturer's web site has a knowledgebase where this is documented.
"Allowing FTP and HTTP servers"
http://advice.networkice.com/Advice/Support/KB/q000012/default.htm
To configure for using Internet Connection Sharing:
http://advice.networkice.com/Advice/Support/KB/q000010/default.htm
and
http://advice.networkice.com/Advice/Support/KB/q000069/default.htm
So that scandisk and defrag can run to completion (since BlackICE,
like some other firewall programs, often keeps some files open
causing these programs to keep restarting):
http://advice.networkice.com/Advice/Support/KB/q000022/default.htm
Using FTP software with BlackICE - a classic firewall problem!
The problem with FTP is that when you use it, you send a command
from one port and the server will try to communicate back on another,
which will be seen by BlackICE as an "attack".
http://advice.networkice.com/Advice/Support/KB/q000032/default.htm
To run BlackICE invisibly so that the intrusion detection warning
doesn't flash for every attack (BlackICE normally shows a small
shield in the tray in the task bar and this shield will flash when
an attack is detected - can get very annoying):
http://advice.networkice.com/Advice/Support/KB/q000032/default.htm
Fellow reader TOM AMAN pointed me to these sources. Thank you!!!
Recommended:
Yes
|
|
|
|
Epinions.com ID:
ptiemann
|
 - Top 10 |
|
Member: Peter Tiemann
Location: Capitola, CA
Reviews written: 260
Trusted by: 2800 members
|
|
|
- Add to My Yahoo!: 
- Add to Google Homepage: 
© 1999-2008 Shopping.com, Inc.