for the zonealarm/blackice comparison crowd....
advice.networkice.com
"How does your product compare to
ZoneAlarm?
BlackICE Defender
SUMMARY
Like most personal firewalls, ZoneAlarm assumes that you are a
security expert, and that any traffic you decide to allow is benign.
DETAILS
ZoneAlarm works by querying the user if they want to allow or
deny other programs access to the Internet. This is very good in that
it can help you understand which programs on your computer are
accessing the Internet. However, this technique has a number of
problems:
It is very intrusive; you have to answer questions each and
every time a program accesses the network.
If you make a mistake, there is no backup. For example,
every time the Melissa virus spread, a user answered "yes" to
the question if the Word document should run macros.
Enough users answered this question incorrectly that the
Internet crashed for a few days.
ZoneAlarm cannot recognize incoming hacker attacks from
the Internet.
ZoneAlarm is fooled by simple hacker techniques such as
DLL insertion.
Example: AOL messenger
Simple firewalls with outbound blocking do not help against hacker
attacks on common internet programs such as the AOL or Yahoo
messenger programs. As an example, if you are a user of AOL
messenger, these firewall products will ask the question "Do you
want to allow AOL messenger to access the Internet?". The normal
internet user will answer "Yes", since he wants to use his AOL
messenger to communicate with friends.
Now, this user is susceptible to buffer overflow attacks against the
AOL messenger service and the firewall will not detect these
attacks. The AOL buffer overflow attack was documented back in
August, 1999. You can read more about this attack at
idg.net. While this particular
exploit has been fixed by AOL, there are other hacker attacks
against many commonly used internet programs that have not been
fixed or even discovered yet.
Simple firewalls are an on/off switch. Traffic is either allowed or
disallowed. Once the traffic is allowed through, they do not monitor
the traffic for attacks against that particular program. True
anti-hacker products such as BlackICE Defender constantly
monitor all traffic for hacker attempts, even on traffic that is allowed
to enter and exit the computer.
Example: Personal Web Server
DSL and cable-modem users often install a "personal" webserver
on their machines in order to have their website to share files with
their friends. With ZoneAlarm, you either have to sit at the machine
and OK each incoming connection, or tell the system to allow all
incoming connections to your webserver. If you do so, you have not
protection against attacks against the webserver. Most personal
webservers are vulnerable to attacks that either allow the hacker to
read all the files on your system (not just the ones you intended to
share), or break in and completely control your machine.
BlackICE Defender detects these attacks and blocks out the
intruder.
Example: Monitoring outgoing traffic
ZoneAlarm can tell you when a program is attempting to make an
outgoing connection to the Internet, but does not monitor the
content of that data. This creates a problem similar to the Melissa
virus: users must answer this question correctly each and every time,
and it takes only a single wrong answer to cause havoc. On the
other hand, BlackICE Defender monitors your outgoing traffic
looking for signs of hackers activity. If it detects such activity, it
blocks all further access to your machine from the hacker." |
