長澤まさみちゃん、かわいいぞ!84
239 : :
NetworkICE's BlackICE Defender Update
Apparently Designed to Mislead its Users
Eleven Months after the release of our first, simple, but effective and popular (6,325,068
ownloads) LeakTest firewall testing utility, BlackICE Defender (BID) continues to "leak"
? as defined by LeakTest. But a recent update to BID (version 2.9cai) was hiding this fact
from its users by effectively cheating the LeakTest.
Rather than enhancing BlackICE Defender by adding the sort of application-level controls
that are available even from many completely free personal firewalls, BID's publisher,
NetworkICE, apparently chose to prevent LeakTest's intended operation by adding specific
awareness to BID of LeakTest's remote testing IP.
Demonstrate This for Yourself
If you are using the current version of BlackICE Defender as of this writing (version
2.9cai), you can click this button to have your web browser touch the old LeakTest IP
address and port:
lackICE will alert you to "LeakTest trojan horse activity" even though your web browser
obviously has NOTHING to do with LeakTest.
ID's fraudulent LeakTest detection is "misfiring" because it was never designed to
truthfully test for LeakTest's outbound communications. As far as we know, BID has no such
cpability. So it appears to have been designed merely to mislead and hide that truth from
ts usrs.
his IP address-specific blocking could have falsely lead BID's users into believing that
their updated BID firewall was now providing the sort of outbound blocking, protection, an
d awareness that LeakTest was designed to detect, test, and report. (And which all effective personal firewalls provide.)
lthough we would celebrate the addition of true outbound application-aware control and
blocking to BID, achieving that sort of protection is significantly more difficult ? and
certainly far more valuable to its users ? than blocking a single IP address at Gibson
Research Corp. in order to falsely appear to be doing more than they are.
eakTest Version 1.1:
Shortly after we learned of and confirmed this unfortunate decision on the part of
NetworkICE's developers, we updated the original LeakTest v1.0 to version 1.1 by simply
changing LeakTest's remote connection IP and port number. With that small (two byte)
change, LeakTest was again able to communicate out through BlackICE Defender's complet
elack of defenses, as it always has ? and as any other malicious hackerware or spyware presumably also could.
It is understandable that new Internet savvy users of Windows XP, who are aware of our work here at grc.com, would be curious to learn about their new system and its Internet defenses.
Just so you know, WinXP's built-in firewall does not attempt to manage or restrict outbound
connections at all. It appears to be a useful firewall for hiding the machine from the
Internet (it has "stealth mode" unsolicited packet handling), but you will still need to
use a good third-party personal firewall if you wish to manage and control outbound
connections from your system.
Introducing LeakTest
This site has been most well-known for its FREE ShieldsUP! Internet security test. Crucial
as it is to protect yourself from malicious hackers outside, those bad guys represent only
half of the threat. The Internet has proven to be an extremely fertile transportation
medium for all manner of nasty Trojan horse programs, rapidly proliferating viruses, and
privacy invading commercial spyware. As a result, it is no longer true that all of the
Apparently Designed to Mislead its Users
Eleven Months after the release of our first, simple, but effective and popular (6,325,068
ownloads) LeakTest firewall testing utility, BlackICE Defender (BID) continues to "leak"
? as defined by LeakTest. But a recent update to BID (version 2.9cai) was hiding this fact
from its users by effectively cheating the LeakTest.
Rather than enhancing BlackICE Defender by adding the sort of application-level controls
that are available even from many completely free personal firewalls, BID's publisher,
NetworkICE, apparently chose to prevent LeakTest's intended operation by adding specific
awareness to BID of LeakTest's remote testing IP.
Demonstrate This for Yourself
If you are using the current version of BlackICE Defender as of this writing (version
2.9cai), you can click this button to have your web browser touch the old LeakTest IP
address and port:
lackICE will alert you to "LeakTest trojan horse activity" even though your web browser
obviously has NOTHING to do with LeakTest.
ID's fraudulent LeakTest detection is "misfiring" because it was never designed to
truthfully test for LeakTest's outbound communications. As far as we know, BID has no such
cpability. So it appears to have been designed merely to mislead and hide that truth from
ts usrs.
his IP address-specific blocking could have falsely lead BID's users into believing that
their updated BID firewall was now providing the sort of outbound blocking, protection, an
d awareness that LeakTest was designed to detect, test, and report. (And which all effective personal firewalls provide.)
lthough we would celebrate the addition of true outbound application-aware control and
blocking to BID, achieving that sort of protection is significantly more difficult ? and
certainly far more valuable to its users ? than blocking a single IP address at Gibson
Research Corp. in order to falsely appear to be doing more than they are.
eakTest Version 1.1:
Shortly after we learned of and confirmed this unfortunate decision on the part of
NetworkICE's developers, we updated the original LeakTest v1.0 to version 1.1 by simply
changing LeakTest's remote connection IP and port number. With that small (two byte)
change, LeakTest was again able to communicate out through BlackICE Defender's complet
elack of defenses, as it always has ? and as any other malicious hackerware or spyware presumably also could.
It is understandable that new Internet savvy users of Windows XP, who are aware of our work here at grc.com, would be curious to learn about their new system and its Internet defenses.
Just so you know, WinXP's built-in firewall does not attempt to manage or restrict outbound
connections at all. It appears to be a useful firewall for hiding the machine from the
Internet (it has "stealth mode" unsolicited packet handling), but you will still need to
use a good third-party personal firewall if you wish to manage and control outbound
connections from your system.
Introducing LeakTest
This site has been most well-known for its FREE ShieldsUP! Internet security test. Crucial
as it is to protect yourself from malicious hackers outside, those bad guys represent only
half of the threat. The Internet has proven to be an extremely fertile transportation
medium for all manner of nasty Trojan horse programs, rapidly proliferating viruses, and
privacy invading commercial spyware. As a result, it is no longer true that all of the
|
|
|