BlackICE is a robust and useful personal FW/IDS. The IDS sigs are more robust than the logging features offered by other personal FW vendors. With the recent changes they've made over the last year or so, you can crank the security level up and open up specific ports, rather than lowering your security settings so some apps will work. Also, you can add and remove individual IPs or entire subnets. This ultimately gives you much more flexibility for Internet facing PCs.
It does not do outbound blocking like Tiny or Zone Alarm. This is a complaint many people have, but I find that to be a more annoying than useful feature anyway. And it's important to understand the nature of IDS before freaking out over what you see in your logs. Many people claim that BI overreacts with all the alerts, but if you don't worry over every port scan, it shouldn't bother you. Other negatives are that you can't turn off any of the sigs (for repeated false positives). And some sigs are a little vague in their description, so it won't tell you the difference between a Code Red or a Nimda scan for example, but you probably don't need that much granularity for a personal FW anyway. At that point you'd probably want a dedicated IDS system. FYI, don't believe anything Steve Gibson says about the software (www.grc.com). He has no idea what an IDS is and therefore has no idea how to use BI. Brownfox -----Original Message----- From: garren [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 29, 2002 1:41 AM To: [EMAIL PROTECTED] Subject: Feedback on BlackICE... Hi all, I am looking at BlackICE and wondering if anyone has good/bad feedback on the tool. Do you think it does a good job of the combined Firewall/IDS/etc security that it claims it does? I have it installed and running and it has caught a few port scans and a DoS on my system but that could be just window dressing. Feedback is a good think... looking forward to yours. Cheers...
