Steve Gibson says Black Ice is crap. Check his site for more info.
I think Steve Gibson is crap.
Here is the report I got after running Sheilds Up:
Attempting connection to your computer. . .Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist! One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
If anyone is looking for an excellent and easy to use firewall, I highly recommend Armor2Net. It's free to use for 30 days and only $19.99 to purchase a license.
I've used a few firewalls, hardware and software, and wish there were some way to selectively enable/disable ICMP/PING. To be sure, leaving it on when there's no need for it may not be a good thing (though not nearly as bad as Steve suggests) but there are times when it is genuinely useful for diagnosing networking problems.
BTW, on a related note, one idea which I've been thinking might be somewhat interesting (though probably not of quite enough use to be practical) would be a DOS-resistant TCP document server for a small collection (up to 256) of static documents.
The server would do nothing except in responce to a TCP packet on the configured port.
All packets received except SYN packets would produce return packets whose headers were identical to those received except for swapping source/destination IP and port addresses.
The response to a SYN packet would be a SYN+ACK packet whose ack number was equal to the received sequence number, plus one [the transmitted sequence number would be equal to the received one].
For packets containng 'n' bytes of data, the first byte of data would be examined and used to select a data file. The received sequence number (which would also be the transmitted sequence number) would be taken, modulo the size of the data file. The reply packet would contain 'n' bytes of data from the file, starting at the specified location unless the received sequence number was within an incomplete 'last copy' of the file, in which case it would send out a 'garbage indicator' pattern.
The data file should not contain any FF's within the data proper (code-escaping makes that a trivial requirement), but should start with an FF-preceded header which would state the file size. To receive data file 'n', simply telnet to the appropriate port and start sending character byte 'n'. Grab the received data, watching for an FF followed by a header. If you get a stream of FF's before the header, toss them out. Once the header has been grabbed, grab the appropriate number of bytes after it [size of file minus the number of non-FF bytes received before the header] and assemble the file.
In some ways this would be less efficient than some other TCP protocols, but would have two big benefits: