I downloaded it, but am real hesitant to install it.
for one: I have no open ports
for two: Im a gamer, and play games ALOT
for three: The Black Ice FAQ is scary
for four: my ip changes frequently.
Should I install this mofo or no?
Install Black Ice; Yes or NO?
-
JustForFun
- Regular Member
- Posts: 317
- Joined: Wed Dec 08, 1999 12:00 am
- Location: WISCONSIN
-
messiah
-
messiah
Bouncer et al - I'd like some feedback from anyone who's tried ZoneAlarm 2.0, the new "free" firewall from Steve Gibson. Over 400,000 people have already downloaded it in the past week, since it came out. Steve Gibson had a review of BlackICE that was pretty harsh, in his discussion of the various firewalls. I'm thinking of running ZoneAlarm 2.0 in conjunction with BlackICE.
This morning, some idiot from @Home, same IP address, tried DNS, TCP, and FTP port probes,
plus a What's Up scan. I was laughing he was so stupid, I've turned him in already. Anyway sorry for the length, love to hear more positive feedback on ZoneAlarm 2.0. PCWeek had a rave review on it too, and I recommended it to a guy I work with, who didn't want to shell out 40 bucks for BlackICE. Thanks all.
This morning, some idiot from @Home, same IP address, tried DNS, TCP, and FTP port probes,
plus a What's Up scan. I was laughing he was so stupid, I've turned him in already. Anyway sorry for the length, love to hear more positive feedback on ZoneAlarm 2.0. PCWeek had a rave review on it too, and I recommended it to a guy I work with, who didn't want to shell out 40 bucks for BlackICE. Thanks all.
-
MrGrim256
-
messiah
Black Ice is cool. It's very small uses little resources, and hasnt affected anything whatesoever, still get 500kb online, and still ping around 17-30.
I did get about 20 alerts today, but you can customize the alerts, as whenever you get a PROBE, you can highlight it, and click a link to view the nature of the attack. Its a great learning tool, and interesting to see the activity.
*Note this is day one of install. I have blocked about 20 ip's.
I recommend it. Its not free, but its cool.
[This message has been edited by messiah (edited 02-21-2000).]
I did get about 20 alerts today, but you can customize the alerts, as whenever you get a PROBE, you can highlight it, and click a link to view the nature of the attack. Its a great learning tool, and interesting to see the activity.
*Note this is day one of install. I have blocked about 20 ip's.
I recommend it. Its not free, but its cool.
[This message has been edited by messiah (edited 02-21-2000).]
-
JustForFun
- Regular Member
- Posts: 317
- Joined: Wed Dec 08, 1999 12:00 am
- Location: WISCONSIN
Actually, that's quite "normal" these days. Once you install and run a firewall, you will see that you get probed almost every day, numerous times.I got my first intruder 2 min after I installed it. Odd.
The thing I want to stress here is that if you decide to run a firewall, you have to be wise enough to not run around like Chicken Little sreaming at every little alert. PLEASE don't take this as an insult towards you messiah. It isn't. I'm just suggesting to ALL who install firewalls that they understand what they are getting into. Most, Steve Gibson says 99%, of all the probes you are alerted to are harmless. Some are even quite accidental, such as a person with a misconfigured PC sending out PCAnywhere packets. Also, a lot of the probes you see are routed through "unsuspecting" people's PC and the actual IP you see isn't the Actual person's doing the probe.
My point is, to all who get a firewall, RESEARCH "before" running to the authorities and ISP's with log files and the like. They are deluged DAILY with reports like this, and sad to say, MOST are filed in #13, due to various reasons.
And messiah, you shouldn't notice ANY higher pings while running BID and gaming. I know I don't. And leave it on when you play games. That's what it's there for.
Have fun.
JFF
Umm...
You have to remember that Windows was originally designed to facilitate networking. As a result, it has inherent security issues. While some or most of these can be overcome with knowledgeable security decisions, as a functional network issue, I'd always recommend some sort of firewall protection for any user directly connected to the internet via a routable IP number.
There's basically two way to run firewalls, software and/or hardware based. Most firewalls (and almost ALL consumer firewalls) are software based. Security folks will tell you that there is an inherent issue with that, because if I can break the OS the firewall is running on, I can defeat the firewall.
Hardware or firmware based firewalls are much more difficult to defeat, because you're working at the physical level, and there is no OS to defeat.
The sensitivity of alarms can be both a blessing and an annoyance. You are really going to have to decide which is more important to you. By comparison, some anti-virus programs are "twitchy" compared to others, by which I mean they are much more likely to alarm on less likely scenarios. However, that may be just what you want, depending on how much of an issue it is to you.
Regards,
-Bouncer-
------------------
"Yeah Baby, YEAH!!!"
You have to remember that Windows was originally designed to facilitate networking. As a result, it has inherent security issues. While some or most of these can be overcome with knowledgeable security decisions, as a functional network issue, I'd always recommend some sort of firewall protection for any user directly connected to the internet via a routable IP number.
There's basically two way to run firewalls, software and/or hardware based. Most firewalls (and almost ALL consumer firewalls) are software based. Security folks will tell you that there is an inherent issue with that, because if I can break the OS the firewall is running on, I can defeat the firewall.
Hardware or firmware based firewalls are much more difficult to defeat, because you're working at the physical level, and there is no OS to defeat.
The sensitivity of alarms can be both a blessing and an annoyance. You are really going to have to decide which is more important to you. By comparison, some anti-virus programs are "twitchy" compared to others, by which I mean they are much more likely to alarm on less likely scenarios. However, that may be just what you want, depending on how much of an issue it is to you.
Regards,
-Bouncer-
------------------
"Yeah Baby, YEAH!!!"
-
JustForFun
- Regular Member
- Posts: 317
- Joined: Wed Dec 08, 1999 12:00 am
- Location: WISCONSIN
People can change their minds. I see nothing wrong with that. Especially when one considers the couple of buggy releases that NetworkIce released after his recommendation.
I agree with some of the thigs Steve says. BID does have a tendency to "break" easy for many people. Also, BID is $40 only for the first year with new upgrades after that costing more $$$. ZA is free for now. Also, BID's outgoing traffic monitoring cabablity is more sophisticated than BIDS.
However, I still use it, at least until my "1 year rental" expires.
Hopefully by then, ZA will have their bugs worked out. If it still free, I'll switch.
JFF
I agree with some of the thigs Steve says. BID does have a tendency to "break" easy for many people. Also, BID is $40 only for the first year with new upgrades after that costing more $$$. ZA is free for now. Also, BID's outgoing traffic monitoring cabablity is more sophisticated than BIDS.
However, I still use it, at least until my "1 year rental" expires.
Hopefully by then, ZA will have their bugs worked out. If it still free, I'll switch.
JFF
-
messiah
-
JustForFun
- Regular Member
- Posts: 317
- Joined: Wed Dec 08, 1999 12:00 am
- Location: WISCONSIN
-
Slide
-
Slide
It's because of people like you Steve, turning in people when there was no harm done, that really wastes your ISP's time and energy. If you read JustForFun's
post, I think he was trying to tell YOU to know what you are doing and only turn someone in for a serious attack. And trust me, you have not had anything serious ...
If people like you keep "crying wolf", your ISP won't take you serious when you really need them... Trust me, they laughed when you turned that person in... So grow up...
post, I think he was trying to tell YOU to know what you are doing and only turn someone in for a serious attack. And trust me, you have not had anything serious ...
If people like you keep "crying wolf", your ISP won't take you serious when you really need them... Trust me, they laughed when you turned that person in... So grow up...
-
JustForFun
- Regular Member
- Posts: 317
- Joined: Wed Dec 08, 1999 12:00 am
- Location: WISCONSIN
Slide,
You are out of line here. Don't try to speak for me. I am not trying to specifically tell Steve, messiah, or even you what to do when you see probes. Again, my post was meant as a general piece of advice to anybody who uses a firewall. In fact, if anyone were to see several probes from the same IP in a short period of time, then the resposibility becomes encumbant on the person getting probed to report them. It is for the benefit of everyone to punish someone who does that. If I were to see something similar to what Steve saw, I might report them also.
But a "single", "random" probe on a common port is usually nothing to be alarmed about. That is the point I am making here.
Thanks and play nice.
JFF
You are out of line here. Don't try to speak for me. I am not trying to specifically tell Steve, messiah, or even you what to do when you see probes. Again, my post was meant as a general piece of advice to anybody who uses a firewall. In fact, if anyone were to see several probes from the same IP in a short period of time, then the resposibility becomes encumbant on the person getting probed to report them. It is for the benefit of everyone to punish someone who does that. If I were to see something similar to what Steve saw, I might report them also.
But a "single", "random" probe on a common port is usually nothing to be alarmed about. That is the point I am making here.
Thanks and play nice.
JFF
For my money...
I'm solidly behind Steve. Breaking and entering isn't a crime only after someone has broken in. It's the ATTEMPT to gain access to something you KNOW you have NO right to that constitutes the crime.
So far, the only argument I've heard otherwise is the "no harm, no foul" argument, which is equivalent to saying that it's okay to fire a gun at a someone as long as they're wearing body armor or you don't actually hit someone.
But let's extend that argument. Let's say, that I hack a commerce server and grab YOUR credit card info, and personal data. Is it still okay as long as I don't try to buy anything with those numbers? Is it still okay if I don't sell your information about who you are, where you live, what you buy and how much money you have? Or if I hack you and start looking at all your files, even if I don't remove or destory anything?
It's the electronic equivalent of a stranger walking into your home, looking through your clothing drawers and personal mail and belongings and playing with your property. I mean, as long as I don't take anything it's "no harm, no foul" right?
Flat out, if I catch someone trying to port scan me than you can be very sure I will get all information I can about them, and turn it over to both the ISP, and the police or FBI.
That's MY responsibility, because it's MY property and privacy you're trying to invade.
You wanna hack a server, fine, go set one up under your control and hack till your fingers fall off. Then, the only system you accidentally crash will be yours, the only data you damage will be your responsibility, and the only privacy you violate will be your own.
Regards,
-Bouncer-
------------------
"Yeah Baby, YEAH!!!"
I'm solidly behind Steve. Breaking and entering isn't a crime only after someone has broken in. It's the ATTEMPT to gain access to something you KNOW you have NO right to that constitutes the crime.
So far, the only argument I've heard otherwise is the "no harm, no foul" argument, which is equivalent to saying that it's okay to fire a gun at a someone as long as they're wearing body armor or you don't actually hit someone.
But let's extend that argument. Let's say, that I hack a commerce server and grab YOUR credit card info, and personal data. Is it still okay as long as I don't try to buy anything with those numbers? Is it still okay if I don't sell your information about who you are, where you live, what you buy and how much money you have? Or if I hack you and start looking at all your files, even if I don't remove or destory anything?
It's the electronic equivalent of a stranger walking into your home, looking through your clothing drawers and personal mail and belongings and playing with your property. I mean, as long as I don't take anything it's "no harm, no foul" right?
Flat out, if I catch someone trying to port scan me than you can be very sure I will get all information I can about them, and turn it over to both the ISP, and the police or FBI.
That's MY responsibility, because it's MY property and privacy you're trying to invade.
You wanna hack a server, fine, go set one up under your control and hack till your fingers fall off. Then, the only system you accidentally crash will be yours, the only data you damage will be your responsibility, and the only privacy you violate will be your own.
Regards,
-Bouncer-
------------------
"Yeah Baby, YEAH!!!"
-
messiah
-
JustForFun
- Regular Member
- Posts: 317
- Joined: Wed Dec 08, 1999 12:00 am
- Location: WISCONSIN
Messiah,
Check out the BID messageboard. BID and Power Mangaement don't get along too well for some people. Some even report that BID fails to run properly after coming out of standby or sleep modes. A trip to www.grc.com often confirms this for them. Or even pulling up Task Manager will show that the BID engine process named "blackd" is no longer there. NetworkICe has been trying over several versions to fix this...but I suspect it is still a problem for some.
Some say this is a failure on BID's part, but I disagree. Microsloth's Power Mangement is notoriously buggy and doesn't work properly with many programs. Visit a Microsoft board sometime and you will see numerous complaints about this "feature"
What to do?? My suggestion is to DISABLE all power management and go without it. It's got to many issues.
JFF
Check out the BID messageboard. BID and Power Mangaement don't get along too well for some people. Some even report that BID fails to run properly after coming out of standby or sleep modes. A trip to www.grc.com often confirms this for them. Or even pulling up Task Manager will show that the BID engine process named "blackd" is no longer there. NetworkICe has been trying over several versions to fix this...but I suspect it is still a problem for some.
Some say this is a failure on BID's part, but I disagree. Microsloth's Power Mangement is notoriously buggy and doesn't work properly with many programs. Visit a Microsoft board sometime and you will see numerous complaints about this "feature"
What to do?? My suggestion is to DISABLE all power management and go without it. It's got to many issues.
JFF