BlackICE product description?

[gshipley () neohapsis com (Greg Shipley)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

I don't want to start any kind of marketing battle here, but a colleague
of mine pointed this out on Network ICE's site and now I am curious:

(See http://www.networkice.com/html/blackice_agent.html_

"BlackICE Agents actively defend each system by employing a multi-layered
defense mechanism.  Like a firewall, the first layer of protection blocks
the ports that do not need to be open on the protected machine.  The
second defense layer is the dynamic analysis of all of the traffic
destined to any open ports to ensure the validity of these communications.
While traditional firewalls cannot stop malicious activity directed at
available ports, Network ICE's 7-layer decode technology enables it to
thwart these attacks in real time."

I guess what I don't understand (and perhaps I need to do some more
homework) is whether or not this thing really DOES serve as a firewall?
What does this mean by "the ports that do not need to be open?"  Does it
block all INBOUND ports, by default?  As in, if I have file sharing
enabled on my Win32 box, will it block 135/139 out of the box? What about
other listening services?  All of them, too?

If so, this could indeed be a handy little tool to shove down the throats
of those pesky remote users.....

Me rambling,

-Greg