Neal Jones said...
 
> URL?  is it the same as the PC workstation software, does it run on Server
> software as well?
Neal, BlackICE is now a product of Internet Security Systems (they bought BlackICE from a company called Network ICE a few years ago). You can see their server products, including BlackICE Server (which is their entry-level product) at http://www.iss.net/find_products/server.php. You can read the manual at: http://documents.iss.net/literature/BlackICE/BISP-UG_36.pdf. The server version (needed to run on any server version of Windows I believe) is $300, whereas the "desktop" version is $40. They say they support NT4 and W2K but I am also running it on Windows Server 2003 with no problem.
 
In the interest of full disclosure, BlackICE is an interesting product: interesting as in having pros and cons.
 
The firewall is simple yet robust and the basic options are easy to configure, although today on this list I happily discovered that it is possible to tweak the underlying configuration files to do things like automatically block dictionary attacks. I have yet to discover where/if these tweaks are documented somewhere. (Out of the box BlackICE will auto-block IPs attempting attacks that are both serious and difficult to spoof--but NOT dictionary attacks.) BlackICE did have a well-publicized vulnerability, oh 6-8 months ago, which they did a TERRIBLE job communicating/patching and left any system running BlackICE wide-open vulnerable to a custom-crafted and very destructive worm (Witty). I did not enjoy that, but it's been the only major issue I've had with the software in years. Also, BlackICE firewall settings apply to all IPs on the box--no IP-specific settings.
 
On the con side, IMHO, BlackICE has a feature called application protection that seems basically to take a checksum of all applications on your machine, and if it sees an "unauthorized" application start up, BlackICE will kill it. A related feature is communication control which will quash unauthorized outbound network access. IMHO these features are not well implemented, and a day will come when you will have trouble getting software to start for no apparent reason because the executable has changed (software update?) and BlackICE is killing it every time it tries to start up. Fortunately, you can turn application protection off altogether and not worry about it.
 
Last time I checked their support for BlackICE was email only and I've found their response quality/timeliness average.
 
Hope this helps.

Evan

Reply via email to