This product was produced by Network Ice, and is extremely good, but does have
some fairly nasty flaws.
Essentially a firewall this product will protect the user from incoming
malicious traffic. You can also turn off NetBios file sharing and various other
features (bugs?) that lurk in the background of your windows system.
An important note is that altough the box for this product says that it is a
firewall, Network Ice recently claimed that it was not so, this I find somewhat
contradictory.
Installation:
Simply click on the setup file and go for it, it installs quickly and requires a
key in order to activate it. The key may have a limited support period, which
means that you may have to periodically re-buy the key in order to still recieve
support and patches from Network ice.
Quick Usage Guide:
Once up and running you really do not need to do anything to it. However, you
can adjust the level of security in the program via 'Edit BlackIce settings' on
the tools menu. You are then presented with the following Tabs :
Trusted addresses
Blocked addresses
ICEcap
Packet Log
Evidence Log
Back Trace
Protection
Protection is usually in the foreground, and is the only area that you will ever
really need.
Allow internet file sharing: You can switch this nasty windows flaw off, I
advise you to never allow internet file sharing, it allows too many ways for a
hacker to gain access to your system.
Allow NetBIOS Neighbourhood: Again another feature that no-body really needs to
use, I advise you to never enable this feature.
Security level: your have four options, Paranoid, Nervous, Cautious and
Trusting.
If you run ICQ and want to transfer file try not to set it higher than cautious.
For internet multiplayer games set it to trusting, as most multiplayer
game traffic will cause the firewall to block it at any other setting.
Paranoid is really good if you are poking around in an unfamiliar site that
could possibly have a hacker watching, it is also good for IRC.
On the Main window of the program you have the following tabs:
Attacks: Apparent attacks are listed here, right clicking on the
attacker gives you the option of trusting them, or blocking
them for varying lengths of time, including indefinately.
Intruders: This merely lists the intruders that have attacked your system, and what you
have done to them eg: block or nothing etc.
History: This gives a graphical display of network traffic and attacks against your
system depicted by lines that indicate the severity of the problem : red for
bad, orange for medium attack, and yellow for a passive attack/ non-serous
attack.
Information: this merely tells you what your key is and the expiry date.
PROBLEMS WITH BLACKICE:
BlackICE suffers form some pretty deadly flaws, it will allow ANY type of
out-going traffic, including BO info etc... PC-Anywhere, a commercial program
about as powerful as Back Orrifice, is allowed to pass through the firewall
anytme it likes, even if it is for malicious intent. Black-ICE does not defend
against spoofing of your address, but will report it to you. If you use the
audio alert option a hacker can crash your machine by flooding your address with
multiple unsigned packets... this typically plays the sound multiple times and
usually causes an exception error afer about 1 or 2 seconds (I know, I have
experianced this [SB-LIVE!]).
WORK AROUNDS: simply install zone-alarm from www.zonealarm.com, it is free,
unlike Black-ICE, but has to be shut-down if you want to do multiplayer gaming
on the net. Please note that two firewalls will slow the system slightly, but
what one does not block, the other will and this is a vital feature.
Captain Nuke Bloodaxe. C.O. Bulletproof - Armoured.
I run the following as security:
Black-ICE, Zone-Alarm, Mc-Afee Virus scanner (full web-page check, java and
active x applet checking enabled, download scan enabled, e-mail scan enabled,
system scan enabled, internet filter anabled).
Win-98: no raw-Sockets here!
Author of this document unknown
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|