Page 1 of 4 1234 LastLast
Results 1 to 15 of 55

Thread: Black Ice

  1. #1
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899

    Black Ice

    Just updated to the new Black Ice (cob) and look at this -

    3120014 11835 PDE_Renew_Host*
    3120015 11835 PDE_Unauthenticated_Host*
    2113179 14267 Spyware_PH_BroadcastPC
    2113183 14311 Spyware_PH_DownloadWare
    2113178 14320 Spyware_PH_MoeMoneyMaker
    2113185 14333 Spyware_PH_ExactSearchBar
    2113186 14336 Spyware_PH_EzulaTopText
    2113189 14370 Spyware_PH_HotBar
    2113193 14425 Spyware_PH_MyWebSearch
    2113196 14477 Spyware_PH_ShopAtHomeSelect
    2113180 14571 Spyware_PH_WhenUSearch
    2113197 14848 Spyware_PH_WildTangent
    2116016 16627 SMB_System32_FileWritten
    2113188 17404 Spyware_PH_GAIN
    2113194 18126 Spyware_PH_QuickSearchBar
    2113195 18148 Spyware_PH_EliteBar
    2113187 18252 Spyware_PH_GameSpyArcade
    2113192 18261 Spyware_PH_WeatherBug
    2113176 18291 Spyware_PH_MySearchBar
    2113197 18307 Spyware_PH_MessengerPlus
    2118027 18395 HTML_IE_Sysimage_Disclosure
    2113190 18419 Spyware_PH_IEPlugin
    2113182 18451 Spyware_PH_KeenValue
    2113181 18476 Spyware_PH_DownloadAcceleratorPlus
    2118028 18519 SMB_Samba_SecurityDescriptor_Bo
    2106186 18836 DNS_Authors_Request
    2121016 18884 UDP_Squid_WCCP_Cachelist_DOS
    2106185 19268 HTTP_WmvDownloader_B
    2106187 19269 Image_GIF_Netscape_Extension_BO
    3121002 19303 DNS_IDN_Query
    2110083 19385 PsExec_Installed
    2110084 19385 PsExec_Service_Accessed
    2110081 19396 IM_File_Xfer_Double_Extension
    2111021 19405 GTP_C_Element_Unexpected
    2111024 19408 GTP_C_Element_Overflow
    2120062 19433 LHA_File_Path_Overflow
    2104034 19494 MGCP_LongField
    2104035 19494 MGCP_Long_Endpoint
    2104036 19494 MGCP_Long_Tid
    2111025 19506 GTP_C_Element_Underflow
    2111026 19507 GTP_C_Err_SystemFailure
    3111030 19509 GTP_C_Discovery
    2111031 19510 GTP_C_APN_Corrupt
    3111033 19511 GTP_C_PPP_Login
    2111034 19513 GTP_U_InfrastructureAddress
    2111034 19514 GTP_U_Recursion
    2111038 19518 GTP_U_StationToStation
    2106189 19562 CA_License_Server_Request_Bo

    It now detects some spywares - cool.
    I'm using Windows 7 - you got a problem with that?

  2. #2
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    What is black ice? If you are referring to black ice the firewall, it used to be the worst known firewall in existence. (compared to the leaders)

  3. #3
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    Quote Originally Posted by lynchknot
    What is black ice? If you are referring to black ice the firewall, it used to be the worst known firewall in existence. (compared to the leaders)
    but this is Curio... the master IDS configurator

    Nice list, i notice the WhenUsearch is listed... still spyware, even though another 'brand name' anti-spyware said they were no longer a threat!!

    --- 0wN3D by 3gG ---

  4. #4
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    outpost, prevx, regdefend (w/regrun entries) and process guard seem to do the job well. Maybe this Black Ice (cob) can replace some of my apps? What do you think, Curio?
    Last edited by lynchknot; March 17th, 2005 at 16:57 PM.

  5. #5
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Black Ice is and always has been the best host IDS come firewall. Some people used to have a downer on it because it lacked egress filtering and program checksums (integrity checking) - it now includes these but they aren't the reason it is so good. It monitors the traffic in and out of any network adapter (including dial-up) and it will detect in real time what is inside the traffic. It will detect and can block all kinds of attack even if the attack is made on legitimate ports on legitimate services with legitimate tools, it recognises the attack signature and can temporarily block the attacking IP. For instance I am behind a hard firewall so I am just about immune from straight port attacks but BlackIce still picks up FavIcon overflow attacks, IE_Address_Bar_Spoofing, UPX_Packed executable downloads etc... This is because it reads the traffic and is a real IDS with attack signatures - I don't think there is another product like it, the rest are just firewalls, Integrity Checkers or both. Process Guard again is a bit unique - does anything else enable you to block Service installations, Global Hooks and Dll Injection - all known Trojan techniques? Take a look at ISS Website and get deep insiteful understanding of what it does. Maybe this is a better link http://blackice.iss.net/demo.php.
    Last edited by Curio; March 17th, 2005 at 22:07 PM.
    I'm using Windows 7 - you got a problem with that?

  6. #6
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I also use a router. How does it perform against leak tests such as DNS? Does it feature "open process control"? Are there as many cofiguration points such as Outposts: http://www.outpostfirewall.com/forum...ead.php?t=9858

    **edit - the demo video put much emphasis on incoming which is generally hardware firewall territory. How does it perform as far as outgoing?

    Is there any area that is not covered in my security configuration that Black Ice covers?

    I am not familar with the term IDS firewall. All i've been exposed to is "rule based" "stateful inspection" type firewalls.

    speaking of attacks:









    I never hear much about Black Ice at security forums I frequent. Someone did mention Black Ice but as you can see, there was no interest: http://www.wilderssecurity.com/showt...ighlight=black



    BTW, I have a hard time reading posts that do not utilize paragraphs. I have a vision tracking problem (no i'm not crosseyed) my eyes wander.

    Maybe I will demo BI on the other computer.
    Last edited by lynchknot; March 17th, 2005 at 23:40 PM.

  7. #7
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I started a thread at http://www.wilderssecurity.com/showt...151#post404151 - some actually installed it and tested for a short while. It did not seem to impress, though you may know more and have spend more time with the app.

  8. #8
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    Gibson research has problems with blackice defender:
    http://www.grc.com/lt/leaktest.htm

    are these complaints finally sorted out?
    ------------------------------------------------------------



  9. #9
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    , it's difficult to forgive BID for its lack of outbound protection
    their demo video was almost entirely about filtering inbound. (I think)

  10. #10
    Hardware guy Super Moderator FastGame's Avatar
    Join Date
    Apr 2002
    Location
    Blasters worm farm
    Posts
    3,416
    , it's difficult to forgive BID for its lack of outbound protection
    Thats a quote from November 8, 2001, software has been known to get better (or worst) over the years.

    How good was Firefox back then ?

  11. #11
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    There was no firefox back then. I tend to like specialized apps (separates) not all in wonders. But then here's the latest post:

    Sounds like BI is doing a lot more than I thought regarding network traffic. I don't know of any other product that scans packets for that kind of info or intrusions. Tiny has an IDS which is probably pretty good, but not the same as that. Nowadays AVs are also scanning network traffic for viruses and malware
    Such as Avast, NOD32. I don't know but I doubt BI is on the level of those two AV's'.

    I'm still considering trying it though for the sony computer.

    Test your IDS: http://www1.corest.com/products/coreimpact/index.php?

    You may want to look into shellcode obfuscation. While it may not fool every IDS
    out there it certainly fools a great many analysts.
    Last edited by lynchknot; March 18th, 2005 at 06:11 AM.

  12. #12
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    Quote Originally Posted by FastGame
    Thats a quote from November 8, 2001, software has been known to get better (or worst) over the years.

    How good was Firefox back then ?
    Right, I did notice leaktest was updated years ago after my post.

    I still recall a hack that crashed bd or something. It only affected those users.

    Anyway

    I might try gain.

    I heard gator was bad but gain is the new version

    J/K

    i am also not sure about ad-aware.

    and who said bad publicity aint bad?

    hmm....
    ------------------------------------------------------------



  13. #13
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Can you remember how bad ZoneAlarm was in those days - there were hacks on the internet to disable it remotely and replace the icon in the system tray so no-one noticed, at the same time it used half your system resources and if you tried to uninstall it without following the correct procedure it killed your PC - cool, but GRC recommended it. I quite like Outpost Firewall and it has some cool add-ons but I don't think it is an IDS as such I believe that it operates as a proxying firewall similarly to Norton Internet Security - I could be wrong - it is a nice firewall though, I used to use 1 through 2 on various machines. If it saw a packet with the signature of a buffer overflow in it would it recognise it?
    No really - I have no idea.
    Go to www.secunia.com try a search for BlackIce, try a search for zonealarm, try a search for outpost, try a search for sygate - nothing's perfect eh? (remember these products are not the same thing).
    I'm using Windows 7 - you got a problem with that?

  14. #14
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    ...which is why I feel a lot safer using Process Guard and RegDefend.....

    cool, I never thought about going to securnia for firewalls

    The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Outpost Firewall Pro 2.x.

    This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

    Currently, 0 out of 3 Secunia advisories, is marked as "Unpatched" in the Secunia database.
    BlackICE PC Protection 3.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical

    This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

    Currently, 1 out of 5 Secunia advisories, is marked as "Unpatched" in the Secunia database.l
    Last edited by lynchknot; March 18th, 2005 at 16:53 PM.

  15. #15
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    BTW software junkies (that's you - all of you) might like a look at harden-it http://sniffem.exaserve.net/Hardenit.exe some nice people have looked at the registry entries needed to stiffen up the stack and made a nice configuration tool for lazy people - that means me. I tested it on a few machines and it doesn't do anything bad (like add spyware apps).

    We should start a PG fan club
    Last edited by Curio; March 18th, 2005 at 16:53 PM.
    I'm using Windows 7 - you got a problem with that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •