BlackICE Defender's graphical user interface is efficient and well designed. The most impressive portion of the interface is the detailed level of network logging. BID's log interface displays information about suspicious network activities, including the attacker's host name, IP address, and other valuable data needed to track down the malicious individual. However, BID lacks an interface to efficiently browse and analyze these activity logs. To obtain this ability, one needs to obtain a third-party software package, such as Brady and Associates' ClearICE Log Analyzer. To include a similar utility with BID would likely have required little effort by NetworkICE, so it's hard to understand why they bypassed it.
Extensive testing of BID capabilities resulted in uncovering several possible security risks. BID does not provide protection for outbound network connections. While most applications require that information be exchanged in both directions, a clever Trojan horse could send data by exploiting this vulnerability. The default configuration also lacks proper filtering settings to protect against several common backdoor applications, such as Back Orifice or NetBus. The default setup also allows both incoming and outgoing ICMP port transfers. These ICMP transfers are ping requests. If multiple pings are directed to one IP address, the receiving system can be flooded with data transfer requests. This flood of data can lead to a system stall, thus rendering the computer useless until rebooted. BID also has incompatibilities with certain Virtual Private Networking (VPN) technologies. VPN provides an encrypted network connection. This will likely be a moot issue for most users, as only a small portion of Internet Service Providers (ISP) support this advanced protocol.
NetworkICE's BlackICE Defender (BID) was the first personal firewall mass marketed to the end-user community. It features the ability to guard against most Internet attacks and intrusion attempts. BID's signature checking capabilities include the ability to detect and block over 200 of the most popular network attacks. These signatures include such popular attacks as Back Orifice, the Melissa Internet Worm, and TCP slow scanning. Another positive feature includes the ability to configure NetBIOS file share and print share capabilities with ease. The most impressive feature is BID's ability to automatically block all network traffic from specific IP addresses during and after a critical level attack or intrusion.
Other noted problems with BlackICE Defender were minor. During testing with a Local Area Network (LAN), BID would consistently post false alerts for trusted activities. While this is not a clearly defined bug, it is annoying. Another annoying characteristic is how one must configure the blocking of specific ports. This process involved manually editing BID's "firewall.ini" configuration file. Most novice users will likely not feel comfortable with this process. The uninstall routine also features numerous bugs, as it does not properly remove registry entries, configuration files, and log files. While this does not affect the security aspects of the application, the manual removal of these files and entries can be a tedious and time-consuming task.
BlackICE Defender provides an effective interface, but the possibility of the above-mentioned security issues could prove troublesome or even dangerous. Until these critical risks are addressed, I cannot recommend BID to those seeking a secure personal firewall. BID could prove effective for some situations, but it is not a complete online security solution.
Events
IE 7
Firefox 2.0
