If there is one single web site that causes none Microsoft laden administrators, and some hardened Microsoft administrators, to laugh out loud is is "Shields Up!" from grc.com.
The sheer scale of hyperbole on there aimed not at seasoned professionals but at the all American everyday common and garden Microsoft Windows users is simply stunning. Every facet of that web site is designed and created to scare the Hell out of Microsoft Windows users. Take a look at a snippet of text taken from within the "Shields Up!" process and you will see exactly what I see and that is pure unadulterated hyperbole.
"Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a
connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community." (any and all links removed to protect the innocent).
Now, I run a Usenet news service so of course 1 port is open otherwise noone would be able to connect to it and what is the use of a server if that be the case? So, that said I fail, with huge red banners proclaiming my failure. This is ridiculous but surely scares the uninitiated. If the average person sees something on a web site self proclaimed as the leader in all things security related says you failed the most basic of ping tests what are they going to do? Panic. That is what and that is what Mr Gibson wants them to do.
Some will say that the web site is not aimed at battle hardened administrators but that itself belies what the web site is all about and that after all is securing a connection. All over the site, which is designed in such a way as to scare people, he makes claims and points out what people should do and some of that advice is plain wrong or if not wrong then ill-advised. As an example he states that to achieve true stealth mode one should disable pings. This is bad practice for anyone connected to the Internet be it via a router or a modem within a computer. A ping test ensures that the Internet runs smoothly, by turning off pings it creates the illusion that there are huge black holes all over the place when in fact the computer or router is sitting there connected to the Internet.
Hyperbole is what it is all about. The information a tools available should be taken and used with a large dollop of salt. We seasoned and in some cases, mine included, professionals know to ignore the advice given. It would be better for the whole Internet is the web site did not exist but it does and while it does we will continue to laugh.
I suppose it serves a purpose for the paranoid but other than that I see no reason for its existence unless of course it is meant to be a joke in which case the joke is on us.
Be careful out there.
The sheer scale of hyperbole on there aimed not at seasoned professionals but at the all American everyday common and garden Microsoft Windows users is simply stunning. Every facet of that web site is designed and created to scare the Hell out of Microsoft Windows users. Take a look at a snippet of text taken from within the "Shields Up!" process and you will see exactly what I see and that is pure unadulterated hyperbole.
"Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a
connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community." (any and all links removed to protect the innocent).
Now, I run a Usenet news service so of course 1 port is open otherwise noone would be able to connect to it and what is the use of a server if that be the case? So, that said I fail, with huge red banners proclaiming my failure. This is ridiculous but surely scares the uninitiated. If the average person sees something on a web site self proclaimed as the leader in all things security related says you failed the most basic of ping tests what are they going to do? Panic. That is what and that is what Mr Gibson wants them to do.
Some will say that the web site is not aimed at battle hardened administrators but that itself belies what the web site is all about and that after all is securing a connection. All over the site, which is designed in such a way as to scare people, he makes claims and points out what people should do and some of that advice is plain wrong or if not wrong then ill-advised. As an example he states that to achieve true stealth mode one should disable pings. This is bad practice for anyone connected to the Internet be it via a router or a modem within a computer. A ping test ensures that the Internet runs smoothly, by turning off pings it creates the illusion that there are huge black holes all over the place when in fact the computer or router is sitting there connected to the Internet.
Hyperbole is what it is all about. The information a tools available should be taken and used with a large dollop of salt. We seasoned and in some cases, mine included, professionals know to ignore the advice given. It would be better for the whole Internet is the web site did not exist but it does and while it does we will continue to laugh.
I suppose it serves a purpose for the paranoid but other than that I see no reason for its existence unless of course it is meant to be a joke in which case the joke is on us.
Be careful out there.
No comments:
Post a Comment