Is ShieldsUp a useful tool?

I did a search and found many threads but no concrete answer.

First let me say I think the shieldsUp test is a great tool and use and recommend others use it just to be sure their security is doing its job.

Now the main reason for my post. I frequent MSI HQ forums and the server admin there claims ShieldsUp and Steve Gibson are a joke. Now I never claimed to be a expert on anything but I'm no dummy either. From my point of view this guy is giving out bad information. Now I know I could just stop going there but I worry about my fellow man. Maybe I'm all wet and this guy is a god?

Could someone in the know check out 2 threads on the MSI HQ forums and let me know if he is nuts or not? his name is BAS, I'd guess it stands for Big ahole.
http://forum.msi.com.tw/index.php?topic=113161.0
http://forum.msi.com.tw/index.php?topic=114384.0

Thanks for your time.

 

So a windows based PC can be completely safe without some sort of firewall if correctly configured? What about vulnerabilities MS and the god setting up the PC do not know about. I would guess more time is spent finding these vulnerabilities than is spent fixing them. Even if this is not the case there would be substantial lag time before a fix is found. Would this not cause a security risk. So I have a hard time believing a windows PC could ever be safe without a firewall of some kind to plug the holes in the OS and or user error.

The way you handled your reply to my post was done in a very professional manner and what you said will not cause potential problems with the way the average user perceives your answer. This is unlike BAS. He just wants to pick a fight over the matter and says things in a way IMO should never be said by anyone yet a forum/server admin.

Again thank you for your thoughts on this subject.

 

With a bit of tweaking, Windows can be configured to have no listening services waiting for incoming packets, so all ports would show up as closed in ShieldsUp. A closed port can't be exploited.
To achieve the stealth status (if this concerns you), a simple NAT device (modem or router) or the Windows built-in firewall is enough.

 

Stealth means that your port just isn't responding. The argument for having stealth ports is that people won't know that your computer is there and therefore your computer is more secure. The problem with this argument is that a closed port isn't actually less 'secure' as there is nothing that can be done to it.

As for Steve Gibson, he is not a computer security 'professional'. He doesn't have industry experience analyzing malware as an AV researcher would for example. He doesn't implement serious cryptographic systems etc.

He is however, a computer enthusiast. He seems to have read widely on computer security. He knows how to code etc. A lot of the criticism of Steve Gibson is that in the past he has stepped out of his depth e.g. when he 'developed' an anti-synflood protocol he called GENSIS and when the claimed that the WMF vulnerability was deliberate.

 

Windows XP and Vista already have a firewall. Having these turned will get you a stealth rating at GRC. This means that exploits where vulnerabilities in specific windows servers are protected against. There was a recent exploit that used the IGMP protocol that windows firewall did not protect against. Generally however, after SP2 in XP where the firewall was turned on by default, crackers have concentrated for more on exploits in browsers, email clients and social engineering to gain access to people's computers.

 

Shieldsup is a tool that will scan your IP to check for open/closed/filtered ports/services. This you must realise is only a very basic scanning technique, there are many other, more advanced forms of scanning.

Shieldsup as been discussed many times on this forum, simply do an advanced search with keyword "Shieldsup" and show as posts.

It can be done, but there can be some problems with some ports/services. Simple example would be port 445, which to actually disable the listen can mean the disable of netbios driver (non pulg/play ~netbios over TCP), which can lead to problems with DHCP, but there are workarounds with available (free) applications which will close the port rather than disable the driver/service.

As you post concerning scans, then I presume you talk of vulnerabilities against services open to unsolicited inbound. See above.

As for "Stealth", well, this again as been discussed, my personal thoughts, well, if it gives users a warm fuzzy feeling, then why not. As mentioned by myself and others, the fact your IP does not give (from routing) a port/destination unreachable will show you are there, and other forms of scans can show you there. Only have main concern with any "Open" ports, Closed ports are closed.

As for discussing comments/statements on other forums, for me, no.

If you have specific questions from yourself, then please do ask,

Also, please note, I would not advise anyone to go online without a firewall.

Regards,

 

@Stem: How should I interpret this? I have a modem/router with firewall (blocking all inbound connections) and WinXP firewall on. Does this setup fall under your 'recommendations' or do you mean a software firewall (like OA/Comodo etc) by 'a firewall'?

 

Hi Stijnson,

From the firewall side, my main concern is that unsolicited inbound is blocked, certainly against any services. So with an hardware firewall you are covered in that area.

Just remember that is only one layer of defense, there are other considerations.

 

Hi Stem, thanks for your answer. I know there are other considerations, but perhaps you'd like to share some of them with me?