Re: upgrade from 98 to XP

Subject: Re: upgrade from 98 to XP
From: Andrew Plato <intrepid_es -at- yahoo -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Wed, 6 Feb 2002 19:36:44 -0800 (PST)

"Douglas S. Bailey (AL)"

> Years ago I read that BlackICE doesn't prevent rogue programs running on
> your PC from sending traffic out to external, Internet locations. Which
> why I use Zone Alarm instead (and have been very happy with it,
> considering the price). Have they implemented outgoing traffic policing
> BlackICE yet? If not, why would anyone use it?

BlackICE and Zone are fundamentally different technologies that both
mis-label themselves as firewalls.

BlackICE is an intrusion detection system with a firewall component.
BlackICE detects WHAT hackers are doing to your computer and WHO is
hacking you. In the truest sense of the word "firewall" BlackICE is more
of a firewall, except that it does not, by default, block outbound
traffic. BlackICE only blocks traffic when it poses a threat to the
computer. BlackICE blocks ports and addresses at layer 2 on the stack,
like a traditional firewall.

What BlackICE does not do is "access control." It does not control which
applications are permitted to use the network. Most computer programs,
from Internet Explorer to even FrameMaker have the ability to send and
receive network communications. Either this is performed natively through
the application (such as an FTP or IRC client) or through one of the many
APIs in the operating system. ZoneAlarm as well as Sygate and Tiny
Personal Firewall all perform "access control." That is they establish
which applications are allowed to use the network resources. An
application that is not explicitly allowed, is blocked.

The problem is - nearly everybody who uses ZoneAlarm must explicitly allow
Internet Explorer, Outlook, etc. to use the network (otherwise you
couldn't surf the web). Once these applications are allowed to use the
network, any spyware program can "piggyback" their transmissions on the
APIs that these applications use. Thus rendering your personal firewall
hopelessly ineffective. Many of the modern spyware applications (like
SubSeven) have worked this way for years and as such ZoneAlarm wouldn't do
a bit of good.

Of even greater fun are rouge device drivers. It is possible to replace
the device drivers for say your mouse with a mouse driver that still
allows your mouse to function, but at the same time surreptitiously logs
keys and then proxies them out via IE or Outlook.And since the device
driver loads at a lower level than Zone, it can't stop it, your virus
scanner can't see it, and you might as well light the box on fire.

The thing is, BlackICE and Zone/Tiny/Sygate/Norton have fundamentally
different approaches to security. BlackICE is an protocol analysis-based
IDS. It tells you WHO is hacking your PC and WHAT they are doing.
Zone/Tiny/Sygate/Norton are access control devices that help you lock down
your PC, but don't do much to tell you WHO is hacking. BlackICE is
arguably a tool for security geeks who want to know more than just what
port got blocked. Zone et al are perfectly fine products. They will offer
your PC a very acceptable level of security.

Incidentally, BlackICE 3.5 (due out soon) and will have rouge application
control as an option. Thus giving the best of both worlds - IDS and access

Andrew Plato

Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!

Did you know you can get RoboHelp certified?
To learn how, visit Be sure to also check out
our special pricing offers and promotions for RoboHelp 2002.

You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit for more resources and info.

Previous by Author: Re: upgrade from 98 to XP
Next by Author: Re: Home network security WAS Re: upgrade from 98 to XP
Previous by Thread: Re: upgrade from 98 to XP
Next by Thread: Re: upgrade from 98 to XP

What this post helpful? Share it with friends and colleagues:

Sponsored Ads