Quote:
Originally posted by shoestring@Apr 5 2005, 12:45 AM
10 million downloads of his products and his information is incomplete?
16 years in the business and he is giving people a false sense of security.
Because he can write a good press release? Give your head a shake that is insulting to me but especially to him.
Send me your security website address and I will see if it is "complete" or "giving a false sense of security" Condescending to him and patronizing to me.
Start a poll and see how many on this site have open ports.
http://grc.com/default.htm
Easily one of the most complete security sites on the net. Did you go to the site.
How many of your ports are open.Mine are stealthed.1000's of them.
Even in your example, closing those three ports protects you from maybe 0.001% of all viruses...
Where did you get this info ,obviously you didn't check your firewall analysis.
Mine were getting hit 100's of times per day the other ports only after they couldn't probe 137 et all.
And we are talking homeusers here ,why do they want any ports open?
In fact spyware/adware/malware are the biggest threat to computer usability today, bigger than viruses to most home users.
You are kidding right? Malware maybe if it is a trojan
The guy has done some brilliant work and offered it up free to public,I am sure you will find his explanation and testing of firewalls comprehensive and his links to problems and solving same, helpful.
I don't think you should slag some guy who has been on the net from the beginning unless you can give me substantive proof.
Because it works for me and many other computer illiterate folks I have helped and I go back to his site because he is ahead of the game and helping folks protect their computer for free.
Read his site it contains many ,many pages of good content and a must for anybody that wants to understand how hacking is done.
The one month ZA is for the person with the problem.You get a free pro version for the first month where you can analyze hackers probing your system for open ports.
|
Just because something is popular doesn't mean it's good, that's flawed logic. Just because someone has been in an industry for a long time doesn't mean he's good either, that's also flawed logic.
I don't maintain a security website because there are many excellent lists, newsgroups, and sites that provide that service already (most of which also classify Gibson as someone who has just enough knowledge to be dangerous).
And again, I did not say that having open ports on your computer is a good thing! Obviously having a firewall to block any incoming requests is a good thing. But open ports aren't the only problem.
Yes, I've gone to his site. I spent quite a while watching his site, watching it change as people pointed out the flaws and inaccuracies (which he never gave credit to the source for), watch pages disappear as they were shown to be pure bunk.
How many ports of mine are open? 10 actually, for bit-torrent. But his site didn't show that because he only scans the first 1056 ports.
Just because you get hit 100's of times per day on a sepcific port by a specific virus doesn't mean anything other than someone on your subnet is infected with those viruses. The top virus threats on Symantec security response are email viruses. The top viruses in 2004 were mostly mass mailers and trojans (from browser exploits). Direct port viruses were still there, but are not the majority by any means. You have to agree that closing direct port access to computer is only one aspect of maintaining a secure system.
In fact spyware/adware/malware are the biggest threat to computer usability today, bigger than viruses to most home users.
You are kidding right? Malware maybe if it is a trojan
Yes, trojans are at the top of many top detected lists on AV sites. Users are becoming more educated not to open suspicious email attachments and run a virus scanner, but they still surf with abandon to sites with non-updated software. While a system gummed up with spyware and adware may not be damaged like it would with a virus, it can still become unusuable. I've seen companies spend a lot more resources fighting spyware on the desktop than they have had to fighting viruses recently. People put an antivirus program and a firewall on their computer and think they're safe, and they're not. That's that false sense of security. More education is needed.
Gibson doesn't do brilliant work, and here's just a few examples of how he's shown he's not up to the standard he projects for himself.
His port scanning site used to be easily used to scan OTHER people's computers. How great is it that a self proclaimed security expert provided a tool hackers could use to find computers to hack! And since Gibson says he doesn't keep any logs, a hacker can scan till his heart is content while all over the only IP that shows up in logs is Gibson's, so the hacker doesn't even have to worry about hiding. Talk about making life easier for hackers.. When asked about it he said it wasn't a big deal.
His port scanning software has been analyzed a few times by real security experts in the field and isn't very accurate. Just one example:
http://www.jluster.org/2003/11/shieldsup-analyzed/
Gibson doesn't belong to any respected security organization, he doesn't post to the respected lists (or at least not for long).
When there was a problem with Windows and the Universal Plug and Play subsystem (a potential buffer overrun exploit that would allow system access) Gibson jumped on the bandwagon with a page that blasted that Universal Plug and Play should be disabled. He even accused Microsoft of delaying a patch so that their Christmas sales wouldn't be bad.. Unfortunately disabling UPnP didn't fix the issue. It was the Simple Service Discovery Protocol (SSDP) service that had the problem. Gibson's page now has the correct info, but at the time even the FBI (and all the media outlets) had it wrong.
He's endorsed a $40 product which does nothing more than switch off your Internet connection. Sure your computer could be riddled with trojans and spyware, but that's ok because this will disconnect your computer from the Internet when you're not there!
http://www.theregister.co.uk/2002/08/26/fo...s_total_safety/
That's just a few examples of a LOOOONG list of posts to newsgroups, updates to his sites, emails to commercial products he's tried to have changed for his own purposes, etc where he's proven he knows far less than he claims.
I'll say it one more time. I didn't say his entire site was false. I didn't say it was all useless. I SAID it was incomplete, and I SAID he claims to be more than he is. If you feel patronized because I criticize someone you see as an Authority, that's too bad.
I apologize for the uber long post.
