Most trusted online security scan?

[optigrab]

My first poll, but I sincerely want to know the answer. Hope this one doesn't violate any Board policies or generally seem like the proverbial "stupid question"

My guess is that the majority of members subscribe to a "layered approach" to all aspects of security, so a lot of you will want to specify more than one. Looking forward to the discussion!

[crockett]

Hi

Three best to me (by far):

http://www.pcflank.com/test.htm about privacy (nice and precise)

http://www.pcflank.com/exploits.htm about firewall defences (beware - powerful test !) You have to tick all the boxes to proceed with all the attacks at the same time.

http://www.leader.ru/secure/who.html again about privacy (terribly good - already helped me several times to discover flaws in my soft's or config's when I thought all was perfect)

If you haven't done it already, please go and try these and come back to tell me what you think... (Don't try the second one if you're not firewall-protected !)

Rgds, Crockett

[crockett]

BlackCode I can't even run, 'cause my security settings seem to keep me from even going further than the start page ! JVScripts enabled, though... Strange.

Crockett

[beetlejuice]

For a ports test I like Gibsons-GRC. Quick and to the point whether your ports are open, closed, or stealth. A while back I believe I read that he is working on a scanner that will include all 65,535 ports. I can't wait for that!!

[bigc73542]

I agree with beetlejuice. I like grc. for a quick port scan to make every thing is stealth .

[JayK]

Quote:

quoting: beetlejuice link=board=19;threadid=15280;start=0#msg95458 date=1066860085]
For a ports test I like Gibsons-GRC. Quick and to the point whether your ports are open, closed, or stealth. A while back I believe I read that he is working on a scanner that will include all 65,535 ports. I can't wait for that!!

You can already custom scan ports.

[JayK]

Quote:

quoting: Crockett link=board=19;threadid=15280;start=0#msg95416 date=1066845930]
Hi

Three best to me (by far):

http://www.pcflank.com/test.htm about privacy (nice and precise)

Pcflank test looks too "clever" and yet it can't work if you are using an ISP trasnparent NAT

[snapdragin]

i choose grc. too.... it was quick and i like that i can just enter a port range and scan.

JayK...."ISP transparent NAT"....?? i am not sure what that is, could you explain it so i don't go around thinking you mean one of those see-through cased routers?

snap

sorry..spelled your name JKay..it sounded the same

[JayK]

Quote:

quoting: snapdragin link=board=19;threadid=15280;start=0#msg95566 date=1066908725]
i choose grc. too.... it was quick and i like that i can just enter a port range and scan.

JayK...."ISP transparent NAT"....?? i am not sure what that is, could you explain it so i don't go around thinking you mean one of those see-through cased routers?

snap

sorry..spelled your name JKay..it sounded the same

Hmm perhaps the word NAT was redudant. transparent proxy

But seriously, I don't know what that means either, it just sounds cool!

PS See my tag line

[snapdragin]

ROFL - well it DOES sound cool! Thanks JayK!

[optigrab]

Quote:

quoting: Crockett link=board=19;threadid=15280;start=0#msg95416 date=1066845930]
http://www.leader.ru/secure/who.html again about privacy (terribly good - already helped me several times to discover flaws in my soft's or config's when I thought all was perfect)

If you haven't done it already, please go and try these and come back to tell me what you think...

Hi Crockett

I tried the " Holmes/Who" site you recommended - Seems like a good one, but it didn't give me any different results than PC Flank or GRC, and it doesn't seem as polished. Then again, I only tried the first port scan Still, I've bookmarked it.

I have found that Sygate Online (stealth scan option) tells me I've got several ports 'Blocked' but not 'Stealth'. But every other scan I've done (PC Flank, GRC, Sygate quick scan) tells me I'm 'All Stealth'. Question: Does anyone suppose that these results are reliable - that is, Sygate found a problem others didn't?

Regards, Optigrab

[crockett]

Hi Optigrab

If your system is safe, as yours seems to be, there's no automatic reason Holmes would give you any different result.

But I recall, when first trying Opera a couple of years ago, I tried the test and was amazed to see the site could access... my internet connection username ! Talk about a surprise !

After some trial and error and dialogs with the Opera crew, we realized the problem came from some flaw in the SunJava machine (1.3 at the time if my memory is good). Using some combination of Java and Javascripts, the Holmes site could get access to the info the JavaMachine knew.

The point is - I was very proud of the fact that I succeeded all the on-line tests I could get my hands on, and then this flaw was revealed by Holmes.

So I was glad I came accross it so I could correct the flawed configuration on my pc (i.e. change my JavaMachine or decide to disable JavaScripts alltogether).

More recently, I decided to try the FireBird stand-alone browser, and again went through many tests, always succeeding... But again, I went to Holmes, and with JavaScripts enabled, it was able to see which previous site I was connecting from. That puzzled me, since I had history and referrers disabled in the browser AND referrers disabled in WebWasher (web filter). I then tried with a former version of FBird (i.e. Phoenix) and got the same troubling result. I then switched to Opera, which appeared not to suffer from the flaw. I then tried Beonex (a third stand-alone browser based on the Mozilla engine), and it didn't suffer from the flaw either...

See, in some instances this Holmes site can really see some important things that most other sites can't...

Now, you can understand why - even when I succeed on PCFlank - I always double-check on Holmes...

Rgds, Crockett

[crockett]

Quote:

quoting: optigrab link=board=19;threadid=15280;start=0#msg95765 date=1066996020]
I have found that Sygate Online (stealth scan option) tells me I've got several ports 'Blocked' but not 'Stealth'. But every other scan I've done (PC Flank, GRC, Sygate quick scan) tells me I'm 'All Stealth'. Question: Does anyone suppose that these results are reliable - that is, Sygate found a problem others didn't?

Regards, Optigrab

HI again

I now spend most of my time on Opera, and Opera doesn't even allow me to enter the 'start procedure' on Sygate tests. Opera behaves like this only on Sygate site, displaying a message it doesn't allow the procedure for security reasons.

Not sure why, but I think it might be because the site tries to unsecurely access the browser on port 443 when this port should be reserved for secure connections only.

Beyond that, the Sygate scan site has a rather uneven reputation, to say the least. On the other hand, their firewall has a rather good reputation and seems to almost always be part of the top four list of free FW's on the market (OutPost, LookAndStop, Kerio2.15 and Sygate).


If I recall, it had already been discussed some time ago... To get to the desired thread(s), you may click on my name ('View profile of Crockett'), ask for some of the first posts I had on Wilders and see which messages lead to threads which can give you some various opinions about the site.

Feel free to PM if you can't find the desired threads you're looking for.

Rgds, Crockett

[optigrab]

Hi Crockett

I see (said the blind man)! Thanks for the wealth of knowledge. As is usual for me I'll have to read through a couple of times before it all sinks in my primitive brain

I'll also go back to Holmes (to test my mettle) and Sygate (to unravel the bugger).

Many thanks, and I'll be in touch.

Best regards
Optigrab

[CrazyM]

Quote:

quoting: optigrab link=board=19;threadid=15280;start=0#msg95765 date=1066996020]I have found that Sygate Online (stealth scan option) tells me I've got several ports 'Blocked' but not 'Stealth'. But every other scan I've done (PC Flank, GRC, Sygate quick scan) tells me I'm 'All Stealth'. Question: Does anyone suppose that these results are reliable - that is, Sygate found a problem others didn't?

For the scan at Sygate Blocked = Stealth

From their site:
"Ideally you should receive "Blocked." This indicates that your ports are not only closed, but they are completely hidden (stealthed) to the world."

Regards,

CrazyM

[spydespiser]

GRC for me

speed,convenience and easy to remember/type in when i mess something up/have to switch browsers/configurations dont go as planned
when all clear from there, then try others and try additional tweaks from there
but thats me Simple

SpyD

[JayK]

Quote:

quoting: Crockett link=board=19;threadid=15280;start=0#msg95889 date=1067039528]
Hi Optigrab


More recently, I decided to try the FireBird stand-alone browser, and again went through many tests, always succeeding... But again, I went to Holmes, and with JavaScripts enabled, it was able to see which previous site I was connecting from. That puzzled me, since I had history and referrers disabled in the browser AND referrers disabled in WebWasher (web filter). I then tried with a former version of FBird (i.e. Phoenix) and got the same troubling result. I then switched to Opera, which appeared not to suffer from the flaw. I then tried Beonex (a third stand-alone browser based on the Mozilla engine), and it didn't suffer from the flaw either...

Rgds, Crockett

That's strange, did you ever figure out why? The current build of FB 0.7 don't have this problem.

[optigrab]

Quote:

quoting: CrazyM link=board=19;threadid=15280;start=0#msg95975 date=1067058019]For the scan at Sygate Blocked = Stealth

From their site:
"Ideally you should receive "Blocked." This indicates that your ports are not only closed, but they are completely hidden (stealthed) to the world."

Regards,
CrazyM

You are correct, CrazyM, of course. My mistake. I meant "Closed, not Blocked/Stealth".

WEB-80-CLOSED, POP3-110-CLOSED, IDENT-113-CLOSED, NetBIOS-139-CLOSED, HTTPS-443-CLOSED, 445-CLOSED, 1080-CLOSED, 1245-CLOSED.

This is for "Sygate Stealth Scan" only; Sygate Quick, and most other scans say I'm stealth. Just beginning my investigation to find the cause.

Best regards
Optigrab

[crockett]

Hello

Went back and checked ShieldsUp again... Of course I agree this is one of the top ones also.

https://grc.com/x/ne.dll?bh0bkyd2

Rgds, Crockett

[crockett]

Among other things, the Browser Header scan is very nice...

Crockett

[optigrab]

Quote:

quoting: optigrab link=board=19;threadid=15280;start=15#msg96033 date=1067088029]"Closed, not Blocked/Stealth".

WEB-80-CLOSED, POP3-110-CLOSED, IDENT-113-CLOSED, NetBIOS-139-CLOSED, HTTPS-443-CLOSED, 445-CLOSED, 1080-CLOSED, 1245-CLOSED.

This is for "Sygate Stealth Scan" only; Sygate Quick, and most other scans say I'm stealth. Just beginning my investigation to find the cause.

I figured out the Sygate Stealth Scan that previously gave me the above result. Seems the scan calls the browser to send a DNS request to a different server (other than my ISP). Created a new rule in my firewall and now I am stealth on all Sygate scans. I now have an enhanced respect for that clever site.

[crockett]

Hi JayK

Sorry for late answer...

Quote:

quoting: JayK link=board=19;threadid=15280;start=15#msg96014 date=1067073391]
That's strange, did you ever figure out why? The current build of FB 0.7 don't have this problem.

I just redid the same test with FireBird and came to the same conclusion...

[crockett]

You can try it yourself if you want...

I start from this post: http://www.wilderssecurity.com/showthread.php?t=15280;start=msg95416#msg95416

Click on the link to leader.ru/who...

See screenshot for the settings I use in FB

[crockett]

Please also note that, in addition, I use a specifically dedicated filter to block referrers and prefixes, among other things...

[crockett]

Of course, no cookie allowed...

But I'm afraid I still get the same surprising result:

Holmes just knows where I'm coming from...