|
Black ICE
10/21/99
Mike Hudack
Editor-in-Chief
Black ICE, a product of the Network ICE corporation, has received some amount of favorable press lately. Ziff Davis and itīs ilk have published several stories on the subject of personal firewall / IDS solutions, and even mainstream (non-computer) press like US News & World Report and PC Magazine have mentioned the software. So how good is it?
OSAll has been testing Black ICE on a personal computer for almost a month now. The box itīs been tested on is a Dell Latitude laptop with 128 megabytes of RAM and a 500 MHz Celeron processor, running Windows 98 SE. It was also tried on a homemade 300 MHz Pentium II box with 64mb of RAM running Windows 95. We didnīt test it on Windows NT as itīs meant as a personal solution.
Intrusion Detection
The first thing we did after installing Black ICE was perform standard attacks against the machine (which was connected via a cable modem -- the market Network ICE is chasing). First we ran an NMAP xmas port scan against it, then a Back Orifice ping. Black ICE detected both "attacks," deflecting the Back Orifice ping (we had an active version of Back Orifice on the machine) but allowing the port scan to succeed.
We then tried to use some Internet Explorer vulnerabilities to get into the machine. Two of them worked, but Black ICE caught the third.
False Positives
We left the machine online for three weeks, checking every day or two to see what it was telling us about. There were many "attacks" like pcANYWHERE pings, SMTP port scans and the like. On closer examination, however, we noticed that many of these "attacks" were actually local -- from the same machine!
Similiarly, when FTPing troves of files onto OSAll we found that Black ICE would say aviary-mag.com was performing various attacks on our machine.
Interfacing With ICE
Black ICE resides in your Windows system tray as a blue & black shield -- and it flashes red when thereīs an attack against your system. The configuration and monitoring parts of the Black ICE interface are rather counter-intuitive. For instance, in order to open the monitoring window you have to single-click -- not double-click -- and this provides some consternation to those used to the Windows user interface.
For the most part, though, the interface isnīt too bad.
Levels of Control
Network ICE realizes that not everyone is in a position like OSAll -- where we care about security above most else and want to keep everything working just right. With that in mind, they set up several levels of protection.
We usually had it set on the highest level, but we tried all the levels. You have to decide what level is best for you. You have to realize, though, that on the highest level most net applications like ICQ and AOL Instant Messenger (or pretty much anything that isnīt e-mail, IRC or hypertext) wonīt work.
And the Verdict...
Black ICE isnīt that poor a product. It has itsī problems but itīs certainly worth the $30 price tag. |
