BlackICE Defender
Weil ich's hier wieder mal lese. Ich rate dringend von BlackICE Defender ab. Der Firewall ist alles andere als sicher. Wer sich davon überzeugen möchte, http://grc.com/ ist eine exzellente Security-Site, mit allerhand Test-Utilities, u.a. einem Fire-Wall Tester namens "LeakTest".
Dieser Webseiten betreiber hat sich auch mit Sub7 und ähnlichen Trojanern beschäftigt, hier ein Auszug:
Zitat:
Personal Firewalls and IRC Zombie/Bot Intrusions
ZoneAlarm v2.6 (Free) —
The last of my testing was to see whether the firewall I keep telling everyone to use: ZoneAlarm — either FREE or Pro — would be effective in stopping the IRC Zombie/Bot and the Sub7 Servers that had taken up residence in my poor "Sitting Duck" laptop.
I downloaded the current, completely free, version of ZoneAlarm 2.6 from the ZoneLabs web site and installed it on the "Sitting Duck" laptop. Upon restarting the machine I was gratified to receive immediate notification that the Zombie/Bot was attempting to make an outbound connection to its IRC chat server.
Meanwhile, the Sub7 Trojan was sitting quietly waiting for someone to connect to it. So I used another machine to "Telnet" to the port the Sub7Server Trojan was listening on. Up popped ZoneAlarm asking whether the nonsense-looking random character name the Sub7Server had chosen for itself should be allowed to accept a connection from the Internet.
Perfect performance from ZoneAlarm.
Then I had a thought: What would Network ICE's BlackICE Defender do under the same circumstances?
BlackICE Defender v2.5 ($39.95) —
I did not have a current copy of BlackICE Defender around, but I felt that this was an important test. So I laid out $39.95 through Network ICE's connection to the Digital River eCommerce retailer and purchased the latest version (v2.5) of BlackICE Defender hot off the Internet. I had already removed all traces of ZoneAlarm and restarted the machine, so I installed BlackICE Defender, let everything settle down, and restarted the machine with my packet sniffer running on an adjacent PC.
As far as I could tell, BlackICE Defender had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs being held by the Zombies and Trojans running inside the poor "Sitting Duck" laptop. I knew that BlackICE Defender was a lame personal firewall, but this even surprised me.
The Zombie/Bot happily connected without a hitch to its IRC chat server to await further instructions. The Sub7 Trojan sent off its eMail containing the machine's IP and the port where it was listening. Then it connected and logged itself into the Sub7 IRC server, repeating the disclosure of the machine's IP address and awaiting port number. No alerts were raised, nothing was flashing in the system tray. The Trojans were not hampered and I received no indication that anything wrong or dangerous was going on.
I took a lot of grief after my LeakTest utility cut right through BlackICE Defender. Network ICE told everyone that LeakTest was "being allowed through" because it was a completely benign Trojan. I knew that was a load of bull (and they must have too), but it didn't really matter to me, and I had no affirmative means of proving otherwise.
Well . . . I have that now, and so do you.
I performed one final test: As I had with ZoneAlarm, I attempted to connect to the Sub7Server Trojan running inside the "Sitting Duck" machine on the IP and listening port number the Trojan was advertising all over the Internet . . . and it worked perfectly. I received Sub7's "PWD" prompt asking me to login.
Anyone want an "only used once"
copy of BlackICE Defender?
|
Also ich kann jedem nur zu ZoneAlarm raten, vor allem weil er Freeware ist...
Greetz! GangMan |
