Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

BlackIce vs. ZoneAlarm

0 views
Skip to first unread message

Asprin

unread,
Feb 15, 2002, 10:48:28 PM2/15/02
to
Hi,

Are these two products the same and is there anything wrong in having both
of them running on the same machine.


Thanks

Wessel

unread,
Feb 16, 2002, 8:05:06 AM2/16/02
to

"Asprin" <Helll...@you.com> schreef in bericht
news:sEkb8.25362$NP4.3...@news20.bellglobal.com...
Blackice calls itself an intrusion detection system and is not really a
firewall. However with blackice running doing the shieldsup test at
http://grc.com it reporsts that all ports are in stealth mode, which is
good. You are invisible from the internet for port scanners.
I did try to install ZoneAlarm and I have ADSL , at time via a nat router.
ZoneAlarm closed that, so I had to close ZA. I have good experience with
Tiny.
The reason I like to have tiny, which is a firewall is that it warns me when
something wants to connect to the internet and so functions as a early
warning system that maybe something is amiss when I don't understand why
that prog wants to connect.

In my opinion ZA plus Blackice may be a bit much, I like the combination of
BlackIce and tiny.

Regards Wessel


Laura Fredericks

unread,
Feb 16, 2002, 8:19:34 AM2/16/02
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 16 Feb 2002 14:05:06 +0100, "Wessel" <wzaa...@xs4all.nl>
wrote in post:


>I did try to install ZoneAlarm and I have ADSL , at time via a nat
>router. ZoneAlarm closed that, so I had to close ZA.

I have ADSL at home (at long last!) and use router as hardware
firewall (IS installed it for my remote access, along with 2 VPN
clients) and *still* use ZA.

Everything works fine except *one* program -- a <snicker> security
program I run for work. (Card key system; monitors physical
intrusion, staff access, etc.) I have to disable ZA when I run this
program. (Guess *I* can't watch IS watching *me*, lol!)

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
Comment: Because I *can*.

iQA/AwUBPG5cQaRseRzHUwOaEQIt0gCgrHVPXw6Nnt6rj1q1qhGGoFXB2OAAnR4O
TFbpt6drzutJTpeD4Y46gviL
=x48y
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

Remove CLOTHES to reply.

c0de

unread,
Feb 16, 2002, 11:27:26 AM2/16/02
to

"Asprin" <Helll...@you.com> wrote in message
news:sEkb8.25362$NP4.3...@news20.bellglobal.com...

No they are not the same. BlackICE is a Network Intrusion Detection System,
and ZoneAlarm is a software firewall, and it is fine to run both programs
alongside each other. In my opinion, the only good thing about ZoneAlarm is
that when a program trying to make an outward bound connection from your
system to any other, it asks you if you want to allow it. ZoneAlarm works by
blocking everything except what you want to allow. BlackICE on the other
hand monitors each packet on your connection for anything suspicious. It
still stops port scans and various DoS attacks, but the thing I like most
about BlackICE is that it has the ability to help stop attackers using
exploits against you. For example,

Scenario :
- User has IIS installed
- IIS suffers from the ISAPI Buffer overflow.

Zone Alarm Firewall:
- Since ZA is setup to allow Inbound connection to IIS port 80, it will do
so. It will also let pass the malicious buffer overflow attack which will
exploit IIS.

Result : Security compromised.

BlackIce Defender :
- Blackice defender will identify the Attack, depending on the mode BID has
been setup it will block further requests to the attacking IP which has send
the malicious Internet Packet.

Result : Security partially compromised (depending on exploit and setup)

Also, BlackICE detects trojan connections such as SubSeven by the packets,
not which port it is listening on, so no matter which port it tries
listening on or someone tries connecting to it on, BlackICE will detect and
stop it. BlackICE also includes such information as MAC addresses etc. and
gives a much better detailed report on any types of attacks.

Another good feature of BlackICE is that it can detect suspicious activity
on your own computer, such as telnet abuse. So say if you were on a network
that had already been comprimised it can detect any activities that a hacker
might use, such as IP spoofing etc.

If you want more details on why using BlackICE on a network,
http://www.securityhorizon.com/whitepapers/technical/IDSplace.html is a
pretty helpful text on where the place such an application and why.

Hope any of this helps.

c0de.


Wessel

unread,
Feb 16, 2002, 11:56:42 AM2/16/02
to

"BoB" <rho...@whasper.com> schreef in bericht
news:u5ss6ukt0cof51h9l...@4ax.com...
> They are supposed to perform the same function if that's
> what you're asking?
>
> BlackIce effectiveness is openly challenged on GRC.com
> Make up your own mind.
>
> BoB
>
That is where you are wrong, blackice is not performing the same functions
as ZA.
ZA checks all network traffic as a firewall should.
Blackice is an IDS and only checks incoming. The criticism by Steve Gibson
was that BlackIce's vendor allowed the impression that it was a firewall and
that it therefore should pass the leak test. It didnot and still doesnot.
Tiny does, ZA does and a lot of others who failed that test are doing better
now as well.


Personally, since ZA is fairly complete product I would not buy BlakckIce to
augment it.
I allready had BlackIce so in my situation it was an obvious choice to
augment that with tiny.
The situation is completly different than that of the topic starter. But the
other question was can two products cohabit on the computer. The answer to
that question is yes.

HTH Wessel


0 new messages