BlackICE calls Steve Gibson stupid.

[Eug]

BlackICE vs. Gibson.

I've always thought Steve Gibson is far too harsh on BlackICE Defender. This program is not designed to work the same way as ZoneAlarm. Many people don't know this of course, but Gibson doesn't mention it either. While, ZoneAlarm in some ways is arguably better than BlackICE Defender, I don't think that the latter is a bad product as long as you know how it works and what its limitations (by design) are.

 

[Ipno]

Well, honestly, if as they say their product is supposed to be an "Intrusion Detector"... I would consider a Trojan to be quite an intruder. An unauthorized program sending data to the internet? Yeah, thats bad.

I think its funny how they are trying to save face though, that article is a pretty good read for that.

 

[HaVoC]

Gibson lost a lot of credibility in my eyes with stuff like this. I read a lot of other websites refuting his claims and they offered solid evidence rebuffing him.

 

[FrancesBeansRevenge]

I personally found BlackICE just as useless as Steve Gibson did. What good is a firewall/intrusion detection program if it doesnt detect a trojan 'phoning home'?

 

[Eug]

<< I personally found BlackICE just as useless as Steve Gibson did. What good is a firewall/intrusion detection program if it doesnt detect a trojan 'phoning home'? >>

True, but that was the whole point of their message. BI Defender will block the trojan trying to install itself from the outside. However, it WON'T detect it if someone sitting in front of the computer decides to install it. A hardware firewall wouldn't detect that either. Using Steve Gibson's argument, ZoneAlarm is better than a hardware firewall as well. In truth, in this particular situation, yes, ZoneAlarm IS better than a hardware firewall, but I'd rather have a hardware firewall than ZoneAlarm any day. Fortunately, ZoneAlarm is free so you can run both a hardware firewall AND ZoneAlarm.

I'm not saying BI Defender is as good as ZoneAlarm. I'm just saying that it's OK, and Steve Gibson is overly harsh in his criticism of it. It would be better if he gave a reasoned explanation as to why it's inferior without mocking it. I personally dislike ZoneAlarm, not because I think it's bad, but because I think the more useful settings are too annoying for most everyday users. With the higher settings, basically every program has to be given specific permission to run. Very irritating. I erased my copy about 2 days after installing it. BI Defender is much more user friendly for the average user. It just sits there and does it's job without bothering the user, but its job is less complicated than ZoneAlarm's.

 

[Adul]

If you just read about the sub7 trojan, I can see why steve is harsh on Black ice. Most people are not to good about keeping up-to-date virus protection.

 

[Looney]

Well, BI is definitely better than some of the other stuff out there... especially for newbies (Norton Security is just too complicated and time-consuming for the first time user). But i still prefer ZA over BI.

I started off with BI a few years ago, and it was great, but there were way too many false alerts. Running BI made me paranoid. Another beef with BI is that you had to renew your license every year! Hey, if i buy a piece of software, such as an antivirus or wordprocessor, i should be able to use it for as long as that software is still capable of running on my machine.

But i like Gibson... he has definitely brought the attention of security to the masses. Whether if he's always 100% right all the time is uncertain, but i'm assuming he's human, so he'll make mistakes now and then.

 

[TravisBickle]

Eug, you must be very lazy with respect to security and that's why you deserve whatever the world can invent to destroy your data.
I like to know what programs are making requests to the internet.
if you just want simplicity, get an internet TV

 

[Eug]

<< Eug, you must be very lazy with respect to security and that's why you deserve whatever the world can invent to destroy your data. >>

I personally have a hardware firewall and run encrypted for wireless. I also keep my virus checker up to date. Sometimes I run Norton Internet Security as well. What are you running?


<< I like to know what programs are making requests to the internet. >>

That's good and I applaud you for it. No need to crap on other people's post though.

Oh yeah, I also run a free utility which checks the open ports and tells you which program the open port is associated with. Ironically, I don't even run BlackICE.

ZoneAlarm is good and is the best available program for the price (ie. free), but you're fooling yourself if you think if you're absolutely secure running just ZoneAlarm.

 

[Boonesmi]

steve gibson called it how he saw it

sometimes the truth hurts

 

[aircooled]

I like Steve Gibson. He really brought to light the whole spyware issue a couple years ago.

 

[Helznicht]

The Internet and the tools hackers use evolve everday. Why shouldnt the tools to protect agaist them.

I consider BI (firewall/intrusion detection) in the same family as virus software. Lets see, I bought Norton Antivirus for 50 bucks over 3 years ago and to this day I can still upgrade for free to protect myself agaist the latest virus. If I pay 40 bucks for BI, I would hope I could get updates to help defend agaist the most popular attacks and intrusions today, especially if I have to RENEW my subscription every year ! :disgust:

 

[Eug]

<< I consider BI (firewall/intrusion detection) in the same family as virus software. Lets see, I bought Norton Antivirus for 50 bucks over 3 years ago and to this day I can still upgrade for free to protect myself agaist the latest virus. If I pay 40 bucks for BI, I would hope I could get updates to help defend agaist the most popular attacks and intrusions today, especially if I have to RENEW my subscription every year ! >>

I agree, good point.

 

[nuttervm]

I agree with gibson from a security point of view, BI is not as secure and complete as it could be. BI was made for the masses, for people like eug where &quot;mostly secure&quot; is good enough. It all comes down to your level of paranoia, and what you are willing to put up with to have that warm fuzzy feeling inside. No computer is totally secure if it is connected to the internet, its a simple fact. However, we need to do the best job we can and pick a level of risk we are willing to live with.

imo anything that makes people more aware of their privacy and security is a good thing, even if it is a little skewed to the sensational aspect. And I have to agree that if what he says about XP is true, that would be a very Bad Thing (tm)

 

[Eug]

<< BI was made for the masses, for people like eug where &quot;mostly secure&quot; is good enough. It all comes down to your level of paranoia, and what you are willing to put up with to have that warm fuzzy feeling inside. >>

My guess is that you didn't read my later post. I don't actually use BlackICE. I use a hardware firewall, and my computers are on 192.168.x.x IPs. This is along with a program that monitors the open ports (with it's associated program) on my computer, and sometimes if I'm feeling paranoid I'll activate Norton Internet Security, specifically to check on the outgoing access. However, like you suggest I think BI ain't that bad for the masses.


<< No computer is totally secure if it is connected to the internet, its a simple fact. >>

Yep.

 

[CQuinn]

<< steve gibson called it how he saw it >>



And that is the biggest part of the problem. Steve often goes off on a &quot;crusade&quot; over
some issue that affects him personally, and rants about it to the whole world, then a
couple of weeks pass and he finds some other earth-shaking issue to get on a soapbox
about. Meanwhile the real issues get left behind under a ton of rhetoric and witty
banter.

Steve bashes Black Ice, Microsoft, and the Script Kiddies for the attacks on his site.
But he seemed to completely miss getting the message out for people to check their systems
for such Trojans and other background service stealing apps, which would go far to help
prevent the type of DOS attacks that hit him in the first place.

This is the same Steve Gibson who last year claimed he was going to create the ultimate
tool against Spyware, but now he claims he is helpless against a network exploit that
depends upon what is basically spyware. People aren't bashing him for speaking his mind
and having valid points, they are bashing him for jumping to early conclusions without
testing his ideas or doing a few minutes of research to back his points up.

 

[Charles]

I like BlackICE Defender. By the way who's Steve Gibson?

 

[Eug]

Steve Gibson's website. Interesting info, and some useful utilities. There is also a good read there about his run in with an amateur hacker.

 

[Adul]

he runs this site.

GRC
He is a security consoltant.

 

[Rogue]

Sounds like Steve is kinda like Tom of Tomshardware. He puts out great information on network security and things of that nature, but sometimes you have to take some of his stuff with a grain of salt. DOS attacks are scary though in their effectiveness.

 

[Macro2]

Man, did you see how that guys site was attacked?
Resistance is futile.
And the RIAA thinks they can stop MP3 sharing? WHat a joke.
MAc

 

[DAHOLE]

AS someone who can Analyze system intrusion, I will say both Zone Alarm and Bi are worthless period. I routinely scan both and find holes in these systems ( while clients are sitting right in front of there computer) with out anyone ever knowing. On the point of software calling home and ZA, I can also get software to do that without either ZA or BI knowing. So while Gibson was hard on BI, he does so with the premise that ZA is better which is completly false.


DAHOLE

 

[Helznicht]

Hey D-AHOLE,

Instead of bragging on how you can crack these puny software firewalls with ease and concealment, why dont you let us in on what will give us the best protection for the money? Share some knowledge!

 

[Batti]

CQuinn says:


<< But he seemed to completely miss getting the message out for people to check their systems >>



So what is Patchwork? And Steve's work with SANS? I agree he's sensational, but the average audience has been numbed by media and needs sensationalism just to tune in.

 

[Radboy]

BI is prolly feeling the sting, since nobody is gonna want to pay $40, when they can get a superior product for free.