There's an update ver 1.9.4.
http://www.networkice.com/download/updateBID.htm

I downloaded but have not installed yet. It appears from the file name to be a definitions update... bidef. and the ver is 1.9.4. I can't find any info on it. I have an email out to support@networkice.com, which could take a couple days to get a response.

Does anyone know what this update covers?

EDIT: Just got an automated mailbot reply from support@networkice.com. It reads in pertinent part:

"The latest released version of BlackICE Defender is 1.9.4.

This web page tells you how to get the update through BlackICE Defender: http://www.netice.com/Advice/Support/KB/q000011/default.htm

BlackICE Defender 1.9.4 fixes many issues of the previous versions. We highly recommend you update your BlackICE installation before seeking technical support."

Still doesn't tell me much. http://www.sysopt.com/forum/frown.gif



[This message has been edited by socalgal (edited 01-02-2000).]

Thanks Socalgal.

Socalgal,
Sorry for the long post. I hate how you have to install it before you can get to the "read me".

----What's New in this Release----
This release has several significant improvements over all prior
releases of BlackICE Defender. They are:
. WinProxy compatibility issue resolved. BlackICE Defender can now co-
exist with WinProxy
. Improved interoperability with SCANDISK and DEFRAG. When your system
is not busy receivng network traffic, SCANDISK or DEFRAG will work
without having to stop the BlackICE intrusion detection engine.
. Improved handling of adapters that pretend to be network cards.
This release will now ignore most adapters that pretend to look
like network adapters. In the past this would crash BlackICE.
. You can now have more that 30 trusted address entries.
. Fixed issues related to resuming from standby mode; this is a must
for notebook computer users.
. Fixed issues related to logging in and out and back again; this one
is a must for multi-user computer systems.
. We've added an option "Allow NetBIOS Neighborhood". If you are on
a local area network (LAN), this will allow you to login to your
domain as well as be visible in the network neighborhood.
. The BlackICE parameter "trust.pair" or "exclude.pair" now works.
. From the Attacks tab, you can right click on an attack and
do one of the following: Trust Intruder, Ignore Attack, or
Clear Attack List.
. From the Intruders tab, you can right click on an intruder and
do one of the following: Block Intruder or Trust Intruder
. Fixed false positive "Bad favicon.ico file" which occurred on some
sites.
. Fixed false positive "Bad MAIL FROM format" which occurs rarely with
some email.
. Fixed false positive "TCP ACK ping" due to unusual, but legitimate,
TCP flag settings on RESET frames.

Dave

Thanks for the info socalgal...as Dave said the install is the only way to get to the read me file..but this looks worthwhile
http://www.sysopt.com/forum/smile.gif

Dave_H

Thank You very much for that. I sure do appreciate it! http://www.sysopt.com/forum/smile.gif

Looks like I have an install to do here http://www.sysopt.com/forum/wink.gif

I like how it says it improved how it works with scan disk and de-frag. Haven't tried it since I updated this morning, but I was having problems before with nortons scan disk not getting thru the whole scan without turning off the "Blackd" thingey.
Dave

Same here, Dave, - scandisking and defragging an 18G hdd takes long enough as it is... That is a great addition if they did it right! http://www.sysopt.com/forum/smile.gif

While we are on the subject.

I really like Black-ice and I feel it is worth every penny I spent on it.

But a couple things BUG me. (besides the read-me thing).

Ever notice how after every upgrade there is a file left behind in c/windows/temp about 400kb in size that has to be manually deleated?

Also, Black-ice seems to grow by it's self.
On this (my home) computer the BI folder is over 45megs now. I have over 100 .enc files
but BI is set to only save 32 files. Whats-up with that?

On my office computer I deleated them all (I had 52 there) and set Black-Ice to not log anything since I no longer send .enc files with my complaints. After deleating them all The folder was only around 3.5 megs again like the original installation.
(I remember having to re-run the last update after that time for some reason, I'm not sure if deleating all those files caused a problem.)

Also, I can't seem to get the "history" interval to stay on the hour setting.

Sorry for all the whinning everyone, little things like that sometimes BUG me.

Dave
p.s. the scan disk does work better now. http://www.sysopt.com/forum/smile.gif

i like the upgrade. I just wish they'd add the automatic email feature that Jammer has. As for the growing file- I guess I should check the size of mine!
Dave

Hi. I had no problems with BID before 1.9.4 update. Since then I've had two Illegal operation boxes pop up. One was with user.exe, the other with kernell32.dll Remember to keep copies of prior updates just in case you need to go back. Any of you use Icewatch to give you a warning sound? For those unfamiliar, usually you only get the blue eye to flash red, but if your taskbar is hidden, you can't see it. Icewatch runs in the background and gives you a warning sound, along with the flashing eye. It comes with one sound but you can set it to use any .wav file. It's free and easy to setup. You can run it on auto or manual. Here's the website. It's called ICEWatch 1.05. Scroll about halfway down the page. http://members.home.com/rkeir/software.html

Where would I find "jammer"?
I saw socalgal talking about it but was unable to find it in a search.
Dave

The company's website is here:
http://jammer.comset.net/

They're a Russian firm I believe. The program's very simple to use, and very user friendly, but it's not as good as BID. Then again, nothing is as good as BID...

[This message has been edited by Todd Beck (edited 01-03-2000).]

Thank-you Todd http://www.sysopt.com/forum/smile.gif

Dave_H

I believe most apps put files in the Temp directory while installing. I think it's kind of a "placeholder" during the install process.

As for the logging features (packet log, evidence log) it does seem strange that it would continue to add logs past the set parameters. As I understood it, if the log is set to 32 files and that limit is reached, the newest evidence/packet logged should replace the oldest to maintain the set number of files. It's the log~.enc files that are the big ones though - mine are ±14mg, each (and getting *very* large too..)

My History Interval never stays set either.. I always have to reset it from 'day'.

RacerX - Any luck with those errors yet?

If I'm offbase on anything here, someone please correct me.

[This message has been edited by socalgal (edited 01-03-2000).]

Yep, thanks for asking. I just downloaded update 1.9.6
The website shows it as 1.9.4, but part of it is a new update. BlackICE.exe is 1.9.6 and blackd.exe is 1.9.5
So far so good. No more problems, although I did completely uninstall 1.9.4 and then installed the update.

Thanks for that info RacerX http://www.sysopt.com/forum/smile.gif

Here's the Readme on 1.9.6:

---What's New in this Release ---

. This release addresses customers' concern regarding the reporting
feature in BlackICE 1.9.4 that can be inadvertently turned on,
resulting in BlackICE Defender sending attack information to a Network
ICE ICEcap server. This auto-reporting feature has been disabled in
this release.

Since the reporting feature has been disabled, this release IS NOT
intended for corporate users who use BlackICE Defender with the Network
ICE ICEcap server.

. We've improved BlackICE's intrusion detection ability so that it
minimizes the chance of a false positive UDP port probe when
using RealAudio.

. BlackICE Defender has been tuned to co-exist with additional adapters
such as a firewire (1394) adapter, Deterministic Network adapter,
and SpeedStream 40xx series USB-based DSL adapters, thus eliminating
BlackICE failures on systems with such adapters.



[This message has been edited by socalgal (edited 01-05-2000).]