Are these two products the same and is there anything wrong in having both
of them running on the same machine.
Thanks
In my opinion ZA plus Blackice may be a bit much, I like the combination of
BlackIce and tiny.
Regards Wessel
On Sat, 16 Feb 2002 14:05:06 +0100, "Wessel" <wzaa...@xs4all.nl>
wrote in post:
>I did try to install ZoneAlarm and I have ADSL , at time via a nat
>router. ZoneAlarm closed that, so I had to close ZA.
I have ADSL at home (at long last!) and use router as hardware
firewall (IS installed it for my remote access, along with 2 VPN
clients) and *still* use ZA.
Everything works fine except *one* program -- a <snicker> security
program I run for work. (Card key system; monitors physical
intrusion, staff access, etc.) I have to disable ZA when I run this
program. (Guess *I* can't watch IS watching *me*, lol!)
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
Comment: Because I *can*.
iQA/AwUBPG5cQaRseRzHUwOaEQIt0gCgrHVPXw6Nnt6rj1q1qhGGoFXB2OAAnR4O
TFbpt6drzutJTpeD4Y46gviL
=x48y
-----END PGP SIGNATURE-----
--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A
Remove CLOTHES to reply.
No they are not the same. BlackICE is a Network Intrusion Detection System,
and ZoneAlarm is a software firewall, and it is fine to run both programs
alongside each other. In my opinion, the only good thing about ZoneAlarm is
that when a program trying to make an outward bound connection from your
system to any other, it asks you if you want to allow it. ZoneAlarm works by
blocking everything except what you want to allow. BlackICE on the other
hand monitors each packet on your connection for anything suspicious. It
still stops port scans and various DoS attacks, but the thing I like most
about BlackICE is that it has the ability to help stop attackers using
exploits against you. For example,
Scenario :
- User has IIS installed
- IIS suffers from the ISAPI Buffer overflow.
Zone Alarm Firewall:
- Since ZA is setup to allow Inbound connection to IIS port 80, it will do
so. It will also let pass the malicious buffer overflow attack which will
exploit IIS.
Result : Security compromised.
BlackIce Defender :
- Blackice defender will identify the Attack, depending on the mode BID has
been setup it will block further requests to the attacking IP which has send
the malicious Internet Packet.
Result : Security partially compromised (depending on exploit and setup)
Also, BlackICE detects trojan connections such as SubSeven by the packets,
not which port it is listening on, so no matter which port it tries
listening on or someone tries connecting to it on, BlackICE will detect and
stop it. BlackICE also includes such information as MAC addresses etc. and
gives a much better detailed report on any types of attacks.
Another good feature of BlackICE is that it can detect suspicious activity
on your own computer, such as telnet abuse. So say if you were on a network
that had already been comprimised it can detect any activities that a hacker
might use, such as IP spoofing etc.
If you want more details on why using BlackICE on a network,
http://www.securityhorizon.com/whitepapers/technical/IDSplace.html is a
pretty helpful text on where the place such an application and why.
Hope any of this helps.
c0de.
Personally, since ZA is fairly complete product I would not buy BlakckIce to
augment it.
I allready had BlackIce so in my situation it was an obvious choice to
augment that with tiny.
The situation is completly different than that of the topic starter. But the
other question was can two products cohabit on the computer. The answer to
that question is yes.
HTH Wessel