BlackICE Defender- A Good Choice?
Written: Oct 21 '00 (Updated Oct 22 '00)
|
Product Rating:
|
|
|
Pros: Easy Setup
Cons: Outbound Traffic/Programs Go Undetected
|
|
|
| rpllingrock's Full Review: Macmillan BlackICE Defender (1575954451) for PC |
Being yet another curveball to throw at would be hackers, BlackIce Defender will give you the protection against these attackers. But this does come at a price.
This review follows personal experience with this program over the past 3 weeks. It is not indicative of how it may perform for you, just my perspective on this firewall.
BlackIce Defender
This program does one thing, block potentially harmful packets from entering your computer.
Most of the configuration properties are preset and can be a "plug and play" firewall. Little user intervention will be required to get you up and running.
Unlike a few other user-friendly firewalls, BID appears to use a more dynamic approach to blocking incoming packets. With firewalls using predetermined attacks, such as Norton Internet Security, the user knows the identity of the attack.
Many times I would get an alert with no description of the supposed attack. For example with Norton I'd get a message alerting me that an attack was attempted and included with this alert is the type of intrusion, such as Ultor's Trojan. This is just informational data though. It's the ports used by these Trojans that trigger this verbose output and it's not guaranteed that someone is attempting to violate your space.
For most of us we don't really care what it was, as long as it was stopped in its tracks, but I want to know exactly what is happening, why, and by whom.
What it didn't do is stop outbound traffic. Should a Trojan find its way around BlackIce, the stealth program on your computer can freely communicate with its devious owner.
How do I know this? -Norton but not BlackIce detected the recent QAZ Trojan virus. This was on my local network of course. QAZ had renamed my notepad.exe file and replaced it with itself. So when notepad tried to access the Internet, I at least had a clue that something was up. After realizing that my system has been affected with this Trojan did I disable Norton and allow notepad to again access the net. It sure did, and right through the stranglehold that BlackIce supposedly had on my ports.
It would only be fair to mention here that NIS didn't know it was a Trojan, only that a new application was trying to access the net that I previously had not set a rule for.
The Interface
Much easier to understand and control than McAfee's firewall. Contains four tabs for your viewing pleasure. The first tab "Attacks"; will show the recent attacks on your system. In fact some of these so-called attacks may be innocent. Double clicking an attack will bring us to the next tab, "Intruders".
Below is an example attack that I've attached showing a DNS Port Probe of my computer.
IP: 192.168.0.3
Node: MICHAEL3
Group: MSHOME
NetBIOS: DANIELLE
MAC: 00A0CC3F191E
DNS: MICHAEL3
This obviously was my daughter's computer on my local home network, showing information such as her I.P. Address on the network and my Network Group name.
Was she attacking poor old Dad?
Well according to BlackIce she was. Clicking on advICE on the panel will link you directly to their web site where they gave me the following information pertinent to this type of attack,
"Either a hacker is scanning your system looking for the "DNS" service, or somebody has misconfigured your machine as a DNS server."
What her machine was obviously doing was searching for an Internet Connection Sharing computer. Mine!
On Norton IS, I would have received a dialog box informing me that Internet Connection Sharing was being contacted by another machine instead of the warning given by BlackIce.
This is a good example of how a product with wordy dialog boxes can make programs easier to comprehend than others.
It was determined after reading through the knowledge base on their site that BlackIce was intended to be run on a machine that doesn't provide network services. - Internet Connection Sharing. What!?
If you intend to try this program and use Windows 98SE with ICS, you should check this out before attempting to install this firewall.
http://advice.networkice.com/Advice/Support/KB/q000069/default.htm
But in almost the same breath but on a different page, BlackIce brags about how it can be "an excellent combination with ICS". Go figure!
http://advice.networkice.com/advICE/Support/KB/q000010/default.htm
It took some re-configuration for me to allow clients on my network to access the Internet through my machine. One would think that BlackIce would have noticed ICS before installing it in the first place!
The third tab is "History", showing all of your network traffic and attacks with selectable intervals in minutes, hour, or day. All presented with a colorful on-the-fly graph.
The fourth and final tab is just "Information".
BlackIce Settings
· The pre-canned settings, paranoid, nervous, cautious (default), and trusting will allow you to get started without having to worry about firewall configuration.
· Adding trusted addresses was helpful in my case since all of the IP's are static. Beware of adding anyone with dynamic addressing, as can be found on most dial-up connections.
· Blocking is just as easy. If you were to block an address of an attacker that was dynamic, this wouldn't prevent the same person from probing your ports in the future because their IP would change each time they logged on.
· If you'd like to make yourself crazy, choose the paranoid setting and set the alerts to audible, this sounds like a flute at an extremely high pitch whenever there is an alert. Often I found myself disabling the engine so I could concentrate on my current task.
· An "Evidence" log can be maintained in the form of a log so you may look back on previous attacks for reference.
Link to the evaluation version of BlackIce Defender.
http://download.cnet.com/downloads/0-10105-101-2311126.html
What I Didn't Like
Since there is limited documentation included, you'll have to visit their site for any questions pertaining to this program unless of course you want to weed through every section. This reason alone was enough for me to dislike this program.
Their online knowledge base was extensive but didn't answer all of my questions.
Reports on attacks were not descriptive enough for me.
Overall
It was hard for me to say anything nice about BlackIce after being spoiled by similar firewalls that offer much more in the way of information. I don't pretend to know everything there is to know about firewall applications, but what I do know is that BlackIce didn't even come close to the hype portrayed on their site.
For an inexpensive solution I would still recommend ZoneAlarm, a free program available to individuals. It accomplishes the same task but with an easier to understand interface with fancy buttons (I love fancy buttons), with the option to select which programs you will allow to access the Internet.
You can find an easier solution for less than the $39.95 you'll spend on this.
While being a competent firewall, it is not at a level of user friendliness I've come to appreciate in personal firewall packages.
Recommended:
No
|
|
|
|
|
- Add to My Yahoo!: 
- Add to Google Homepage: 
© 1999-2008 Shopping.com, Inc.