Feeds

Network ICE hits back over Gibson jibes

BlackICE Defender is not a firewall

  • alert
  • submit to reddit

Seven Steps to Software Security

Network ICE has responded angrily to claims by security consultant Steve Gibson that its product, BlackICE Defender is "lame" and claims that it is "actually good for something fly in the face of logic and reality".

Gibson made the strong comments during a widely-read piece on his grc.com Web site concerning DDoS attacks he was suffering. He discovered that the attack was being co-ordinated through programs called Trojans saved on innocent people's machines.

These programs enable an external person to make that computer send thousands upon thousands of data packets to a particular Web site address and take up all the available bandwidth, effectively removing the site from the Internet.

Once Mr Gibson had found the Trojan program, he tested to see whether two security products - ZoneAlarm and BlackICE Defender - would discover the program if it tried to install itself on your hard disc.

ZoneAlarm - which is free - gave "perfect performance" according to Gibson, but the latest version of BlackICE Defender, which costs $39.95, had "absolutely no effect whatsoever". Gibson then proceeded to mock the product, offering a copy of it "only used once" to anyone that wanted it.

Network ICE, however, has produced an official response in which it says Mr Gibson has made a major error in labelling its product as a firewall.

"BlackICE Defender is not a firewall. Its primary function is that of an intrusion detection system," it says. "BlackICE Defender is, in reality, a 'hybrid' between intrusion detection and firewall protection."

It then goes on to mention Mr Gibson: "Unfortunately, Mr. Gibson consistently labels BlackICE as only a firewall, and expects it to respond as other 'firewall only' products do. Most intrusion-detection products are designed to guard against incoming intrusions. Mr. Gibson either does not understand the difference, or he chooses to ignore it."

It then goes on to say that BlackICE will detect the Sub7 virus - the one that Mr Gibson categorically said it didn't. The explanation of this dichotomy is as follows: "As far as I can tell from reading Mr. Gibson's description, he installed BlackICE on the infected machine AFTER the infection had occurred and AFTER the connection with the 'control program' had already been established. This is part of the reason for the supposed 'failure' of BlackICE.

"BlackICE has never claimed to be a virus protection product. If someone sends you the Trojan activation command, BlackICE will alert you. If you have accidentally downloaded the dormant Trojan, and it tries to respond to a Trojan activation command, BlackICE will alert you. However, BlackICE cannot protect you if you already have an ACTIVE Trojan on your system prior to installing BlackICE. It has never claimed to protect against this."

There's some more stuff until it launches into Mr Gibson again: "I find it interesting that Mr. Gibson does not appear inclined to test out how effective particular anti-virus products appear to be in identifying, stopping, and removing this Trojan. Since Trojans are one of the things that these products are designed to protect against, I am curious as to why Mr. Gibson omitted them from his 'testing'."

It goes on and on and finally ends by offering Steve Gibson a refund on his copy of BlackICE.

NetworkICE isn't the only company Mr Gibson managed to upset with his piece. Microsoft is furious that he said its new OS Windows XP would make the Internet unstable, other security experts doubt his conclusions and hackers have bombarded his site to make their feelings felt. ®

Related Stories

Security expert waves DDoS white flag
Windows XP will make Internet unstable - top security expert
Everything you wanted to know about DDoS attacks

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.