Word of warning-- on my machines, this update (3.6cch) changed my previous config by enabling auto-blocking and changing settings to Paranoid (block all inbound). On a busy server, it didn't take long for users to start screaming loudly when they suddenly could not connect. ISS is real vague with their info, and they get low marks for not having an update-notify email list. There is no automated way of finding out if an update is available without logging on to a machine that has BI installed and either manually checking for updates or looking for some icon indicator in the BI admin console window. We update BI regularly-- but because there is NO automated notify mechanism, NO auto-update feature, and because there was such an incredibly SHORT amount of time (matter of hours) between when the 'ccg' update was released and the Witty worm struck, we lost 2 servers. What was *supposed to keep us safe was the very mechanism that cost us a full day of downtime while the destroyed servers were rebuilt from scrach & backups. >it seems that a new problem was discovered in the default config of many versions of BlackICE and RealSecure... > >Whats' new (26 Mar 2004) : Updated to correct a misconfiguration in the default settings that changed the default blocking and reporting behavior and may affect the level of protection provided by the product. >http://blackice.iss.net/update_center/ > >any details ? > >God bless (in)security... > >-------------------------------------------- >Berty Stephane - Senior Security Consultant >Cellule Incidents & Veille Sécurité >http://www.k-otik.com > > >
