Is ShieldsUp a useful tool?

Discussion in 'other firewalls' started by WonderWrench, Feb 14, 2008.

Thread Status:
Not open for further replies.
  1. WonderWrench

    WonderWrench Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    25
    I did a search and found many threads but no concrete answer.

    First let me say I think the shieldsUp test is a great tool and use and recommend others use it just to be sure their security is doing its job.

    Now the main reason for my post. I frequent MSI HQ forums and the server admin there claims ShieldsUp and Steve Gibson are a joke. Now I never claimed to be a expert on anything but I'm no dummy either. From my point of view this guy is giving out bad information. Now I know I could just stop going there but I worry about my fellow man. Maybe I'm all wet and this guy is a god?

    Could someone in the know check out 2 threads on the MSI HQ forums and let me know if he is nuts or not? his name is BAS, I'd guess it stands for Big ahole.
    http://forum.msi.com.tw/index.php?topic=113161.0
    http://forum.msi.com.tw/index.php?topic=114384.0

    Thanks for your time.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    To step back first to this main question. In the most basic terms, ShieldsUp is simply a port scanner. It runs a few different scans on the ports it says it will scan, and then provides an easy to read graphic showing the state of the responses made by the machine at the scanned IP address. In that regard, it can be considered useful.

    However, all the verbiage around the GRC report pages, (i.e. the statements it makes about whether your machine is safe or at risk, and so on), remain open to debate. The whole "stealth" concept remains disputed as to its true value. There are good points on both sides of that debate. Some of them are mentioned in the threads you linked.

    A point from the linked threads... Can a PC be configured such that it can safely use the Internet without firewall protection, (either running on the OS itself, or on an external device like a router or firewall)? Yes, it can. But, it can be a bit of work that not everyone wants to do. It's easier to get a router and let that protect you from unsolicited inbound connections, or, enable the Windows firewall or some iptables rules on UNIX.
     
  3. WonderWrench

    WonderWrench Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    25
    So a windows based PC can be completely safe without some sort of firewall if correctly configured? What about vulnerabilities MS and the god setting up the PC do not know about. I would guess more time is spent finding these vulnerabilities than is spent fixing them. Even if this is not the case there would be substantial lag time before a fix is found. Would this not cause a security risk. So I have a hard time believing a windows PC could ever be safe without a firewall of some kind to plug the holes in the OS and or user error.

    The way you handled your reply to my post was done in a very professional manner and what you said will not cause potential problems with the way the average user perceives your answer. This is unlike BAS. He just wants to pick a fight over the matter and says things in a way IMO should never be said by anyone yet a forum/server admin.

    Again thank you for your thoughts on this subject.:D
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    With a bit of tweaking, Windows can be configured to have no listening services waiting for incoming packets, so all ports would show up as closed in ShieldsUp. A closed port can't be exploited.
    To achieve the stealth status (if this concerns you), a simple NAT device (modem or router) or the Windows built-in firewall is enough.
     
  5. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Stealth means that your port just isn't responding. The argument for having stealth ports is that people won't know that your computer is there and therefore your computer is more secure. The problem with this argument is that a closed port isn't actually less 'secure' as there is nothing that can be done to it.

    As for Steve Gibson, he is not a computer security 'professional'. He doesn't have industry experience analyzing malware as an AV researcher would for example. He doesn't implement serious cryptographic systems etc.

    He is however, a computer enthusiast. He seems to have read widely on computer security. He knows how to code etc. A lot of the criticism of Steve Gibson is that in the past he has stepped out of his depth e.g. when he 'developed' an anti-synflood protocol he called GENSIS and when the claimed that the WMF vulnerability was deliberate.
     
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Windows XP and Vista already have a firewall. Having these turned will get you a stealth rating at GRC. This means that exploits where vulnerabilities in specific windows servers are protected against. There was a recent exploit that used the IGMP protocol that windows firewall did not protect against. Generally however, after SP2 in XP where the firewall was turned on by default, crackers have concentrated for more on exploits in browsers, email clients and social engineering to gain access to people's computers.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Shieldsup is a tool that will scan your IP to check for open/closed/filtered ports/services. This you must realise is only a very basic scanning technique, there are many other, more advanced forms of scanning.

    Shieldsup as been discussed many times on this forum, simply do an advanced search with keyword "Shieldsup" and show as posts.

    It can be done, but there can be some problems with some ports/services. Simple example would be port 445, which to actually disable the listen can mean the disable of netbios driver (non pulg/play ~netbios over TCP), which can lead to problems with DHCP, but there are workarounds with available (free) applications which will close the port rather than disable the driver/service.

    As you post concerning scans, then I presume you talk of vulnerabilities against services open to unsolicited inbound. See above.

    As for "Stealth", well, this again as been discussed, my personal thoughts, well, if it gives users a warm fuzzy feeling, then why not. As mentioned by myself and others, the fact your IP does not give (from routing) a port/destination unreachable will show you are there, and other forms of scans can show you there. Only have main concern with any "Open" ports, Closed ports are closed.

    As for discussing comments/statements on other forums, for me, no.

    If you have specific questions from yourself, then please do ask,

    Also, please note, I would not advise anyone to go online without a firewall.

    Regards,
     
  8. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    @Stem: How should I interpret this? I have a modem/router with firewall (blocking all inbound connections) and WinXP firewall on. Does this setup fall under your 'recommendations' or do you mean a software firewall (like OA/Comodo etc) by 'a firewall'?
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Stijnson,

    From the firewall side, my main concern is that unsolicited inbound is blocked, certainly against any services. So with an hardware firewall you are covered in that area.

    Just remember that is only one layer of defense, there are other considerations.
     
  10. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Hi Stem, thanks for your answer. I know there are other considerations, but perhaps you'd like to share some of them with me? :)
     
Loading...
Thread Status:
Not open for further replies.