Shields UP!
It is not the normal practice of this site to criticize other sites; however, Shields UP! is spreading a great deal of dangerous misinformation on the risks of Microsoft Networking:
Shields UP! claims that "the best FREE thing you can do for your Internet security is to immediately remove the Client for Microsoft Networks." [bold emphasis added] As explained above, the risk is from the server component of Microsoft Networking (File and Printer Sharing for Microsoft Networks), not the client component. (See Fiction/Urban Myths)
Shields UP! can report that you are "wide OPEN" even when NetBIOS is in fact secure (i.e., no "shares"), which just spreads "Internet security hysteria." (See Note below)
Worse, Shields UP! can report that you are "exposing NO SHARES to the Internet" even when you do have "shares" exposed (e.g., when "shares" are merely "hidden" with a trailing "$"). "A FALSE sense of security is worse than being unsure."
Shields UP! suggests that password crackers (based on brute force trial and error) make password protection insecure. In fact, the most common problem is no real password protection at all. If you do use passwords and avoid easily guessed words (e.g., "password"), then it's very doubtful that anyone will invest the time and effort needed to crack your password. (See Note below)
Shields UP! claims that "personal" firewalls are the "ONLY WAY to be safe!" Although personal firewalls can provide good protection for personal Internet access, they are not as safe as separate standalone (hardware) firewalls. (For more information, see "Hardware Firewalls" in the main Navas Cable Modem/DSL Tuning GuideTM.)
The false claim that so-called "Evil Port Monitors" (certain unnamed security products) are "so much junk" that compromise your computer's security by "actively advertising its existence across the Internet" is simply "Internet security hysteria" promulgated by Shields UP!. Port monitors don't really do that. (See Fiction/Urban Myths)
The claim that your computer and workgroup names are in and of themselves "significant personal information" that is "highly valuable" is likewise just "Internet security hysteria" promulgated by Shields UP!. (See Fiction/Urban Myths)
Shields UP! claims that Client for Microsoft Networks will "slow down" your computer. The real impact on your computer is insignificant. (See Fiction/Urban Myths)
The strong password example at Shields UP! ("4F3hw9Egh84d2") uses mixed case. While that is helpful on some other systems, NetBIOS passwords are not case sensitive, so mixing case does not increase NetBIOS password security.
Shields UP! is unable to distinguish a weak (insecure) Scope ID from a strong (secure) one -- it will indicate that you are secure either way.
For alternatives to Shields UP!, see "Check Your Security" in the main Navas Cable Modem/DSL Tuning Guide.
Notes:
You will pass Shields UP! "Test My Shields" if you set a (strong) Scope ID, or if you completely disable NetBIOS over TCP/IP.
Even assuming 100 trials per second, and that an attacker would know what kind of attack to use, cracking a simple two-word password (e.g., "rocktowel") with a minimal (64K) dictionary-based approach would take on the order of a year or more of continuous non-stop attack (probably much more). Long before then the attacker will almost certainly give up and move on, because there are easier and more productive fish to fry.
Steve Gibson (self-proclaimed security guru behind Shields UP!) is also spreading a great deal of hysteria over raw socket functionality in Microsoft Windows XP. For rebuttal to this hysteria, see:
"Security geek developing WinXP raw socket exploit" (The Register)
"Microsoft rebuts XP Net instability claims" (The Register)
"Hostile Code, not the Windows XP Socket Implementation, is the Real Security Threat" (Microsoft)
"Steve Gibson really is off his rocker" (The Register)
"Code Red Tribulation is nigh, Steve Gibson warns" (The Register)
"To put it simply: 'no'" (Vmyths.com)
See also:
"Unmasking Steve Gibson" (radsoft.net)
The Steve Gibson Saga (Vmyths.com)
Shields UP! is not the only case of hysteria from Steve Gibson. He got his start by promulgating the myth that "hard disks die" due to degradation of magnetic patterns. He profited from the myth by selling SpinRite, a program claimed to fix the alleged problem. (more details)
("Shields UP!" is a claimed trademark of Gibson Research Corporation.)
