Here's an easy-to-understand explanation of basic BlackIce/ZoneAlarm differences that some may find helpful.

How does BlackIce product compare to ZoneAlarm? http://advice.networkice.com/Advice/Support/KB/q000132/default.htm

Chilipepper

Thanks for the read. Might be a little biased though... If I find another one I will post it here.

Interesting but you must remember that this comparison is somewhat biased due to the source. Certainly Network Ice is not going to point out the ways that Zone Alarm is better than Black Ice.

For the expert that is a control freak, black Ice is a superior product. For the novice (in spite of what the report states) Zone Alarm is probably better.

some of what is said is very misleading. How can DLL insertion take place if your ports are closed and stealthed? I personally believe that stealthed ports are probably the best defence against a hacker if you aren't in USENET groups posting (advertising your IP). Really you probably won't have a real problem if you make sure you follow some simple steps such as not using file or print sharing or at least not binding them to TCP/IP and not running any program that will not keep your ports continually open. There are to many people out there with ports screaming to invaded for any hacker to waste to much time with a tight system.

I do know that home systems are vulnerable if you don't at least do the basics. And I know that some will disagree with me. I am certainly open to change my mind if someone can come up with a convincing argument.

Great! I would really like to learn more about how they operate, especially how to make them work well together.

An unbiased comparison would be very helpful. I haven't found it yet. Very limited info on the ZoneAlarm website (mostly marketing and a couple of FAQs).

Thnx

Ha! I was posting just as your reply showed up, Just Mark. My intent in sharing the BlackIce document was to offer an additional resource to those evaluating or using both programs. I hope to see an unbiased version.

I agree with both views about possible bias. I think both products are excellent and complement each other's weaknesses. I guess I assumed (ack) that people who read the page will realize that it was written by NetworkIce and weigh it accordingly. hehe

Although I am not the most technical person (which is why this board is so helpful), a lot of the points seem to make sense and crystallize a couple of nagging concerns I have about both programs. I was hoping to find additional info on the ZoneLabs site but found only marketing info and a few FAQish docs.

Pivotal fact(?) (from the BlackIce document):
>>Simple firewalls are an on/off switch. Traffic is either allowed or disallowed. Once the traffic is allowed through, they do not monitor the traffic for attacks against that particular program. True anti-hacker products such as BlackICE Defender constantly monitor all traffic for hacker attempts, even on traffic that is allowed to enter and exit the computer.
<<

So, this seems to be saying that any traffic *allowed* to pass through ZoneAlarm will be monitored by BlackIce for signs of "hacker activity". Use them together for the best of both worlds?

So would it be correct to say that ZoneAlarm is a firewall with some intrusion detection features, and BlackIce is more of an intrusion detection tool with some firewall features? (Please keep in mind that I am the typical customer for these products - not very technical in a lot of ways. Tossing out points for discussion. IOW, be nice. hehe)

I did wonder about the following statements because I thought that BlackIce only monitored incoming traffic. Or maybe it monitors incoming and outgoing, but only *blocks* incoming.
>>ZoneAlarm can tell you when a program is attempting to make an outgoing connection to the Internet, but does not monitor the content of that data. This creates a problem similar to the Melissa virus: users must answer this question correctly each and every time, and it takes only a single wrong answer to cause havoc. On the other hand, BlackICE Defender monitors your outgoing traffic looking for signs of hackers activity. If it detects such activity, it blocks all further access to your machine from the hacker.
<<

>>For the expert that is a control freak, black Ice is a superior product. For the novice (in spite of what the report states) Zone Alarm is probably better.
<<
I am not sure why you (and others) say BlackIce is more suited to a more advanced user. I don't consider myself advanced, yet find it easy, logical, and much more helpful in it's help files and online explanations of attacks. (Call me Abbey?)

I also find ZoneAlarm easy to use, but when questions or problems arise, their online support is practically nonexistant compared to BlackIce. Also, the single log file is meaningless to me and there is no explanation of how to read/analyze it on their support site. It is nice tho to be able to auto-lock with inactivity, and to see alerts when programs try to connect to the net. But only BlackIce actually analyzes the data that is being sent to and from the machine, rather than just blocking or allowing it. If I understand it correctly.

I do admit that I have had very positive experiences with BlackIce tech support. Helpful, friendly, gave good ideas about using it with ZoneAlarm (altho they can't *recommend* their competitor, they did not disparage or advise against it). Responded quickly to emailed questions and even called me after a volley of emails did not resolve an issue. I currently have a question in to ZoneLabs and look forward to their answer. (ZoneAlarm occasionally stops responding but gives no warning.)

So I have wandered back to my original thought: they complement each other.

How's that for a long-winded response ...

Chilipepper