Re: a couple of questions from a newbie to this group

From: *Vanguard* (no-email_at_post-reply-in-newsgroup.invalid)
Date: 04/01/04 

Date: Thu, 1 Apr 2004 15:39:30 -0600

"Rambler" said in news:h5go60h81vd9ohgha501695m18o3m4pmb3@4ax.com:
>
> Agreed - the main thing I like about Sygate is its logging
> capabilities - with careful rule selection you can filter and log just
> about anything. Another excellent feature is its ability to allow
> trusted applications/services access, and just as easliy block them.
> Much easier than fiddling with port tables. It doesn't go crazy when
> my DSL connection has a heavy I/O load either.
>
> I agree with the Colonel re. grc.com too - lots of hype and hysteria,
> not much substance. Hardly surprising that Mr.Gibson heartily
> recommends ZoneAlarm, when he owns the company that markets it, though
> he pretends he's just an enthusiastic user.

Aw, did your feelings get bruised about a product that's not even yours? Sounds like a defensive developer when you tell them there's a bug in their code. So in your accusation that Steve Gibson owns ZoneAlarm, just where did you discover this? From some other Gibson basher? I don't see him listed on the board of directors at http://www.zonelabs.com/store/content/company/aboutUs/board.jsp. Don't see him listed on the management team at http://www.zonelabs.com/store/content/company/aboutUs/management.jsp. Don't see him listed as an investor at http://www.zonelabs.com/store/content/company/aboutUs/investors.jsp. Gee, I suppose if we follow the chain far enough down then we would find Gibson - as a customer! But then we'd find him a customer of BlackIce, Sygate, and several other firewalls.

If Gibson owned ZoneAlarm, why doesn't he have a link to it, especially on his sell page at http://grc.com/purchasing.htm? Why, for those developers that fixed their leaky firewalls, does he applaud Sygate, TPF, and some others? ZoneAlarm was the one that from the start of his testing proved not to be leaky. So because he applauded ZoneAlarm first for passing his LeakTest that makes him an owner of ZoneAlarm? Gee, I must own a lot of companies. Better hurry, "I like Microsoft." Great, now I'm as rich as Bill. "I like Adobe." Great, now I own that one, too.

Yep, "lots of hype and hysteria" - by idiots claiming to know something they don't. Let's see your proof! If you have independent proof showing Gibson owns ZoneAlarm as you claim, yeah, that will color my opinions of his testing. Otherwise, stop polishing your bishop. As I recall, Gibson found Sygate leaky and then they fixed it and he applauds it, so why are you so upset? Because he was brazen enough to announce their *** up in the first place?

> I used to believe that grc.com did a good job, but no longer. I notice
> that Mr.G "reveals" that your browser "can send any information it
> likes about you or your computer". Oh yeah? Like your credit card
> number, maybe? No, the best example he can come up with of a "security
> breach" is your screen resolution!

And your testing had the browser running AFTER your firewall, right? The browser test is just that, a *browser* test. If your firewall is blocking Referrer than obviously Gibson's test, or anyone else's, won't see it. Boy, do you stretch the truth - to the point of a lie! Your browser can send information that IT has. Obviously all the HTTP headers are available because YOU connected to HIS web site. So when you go to his Shields Up web page and click on the button to interrogate what your browser will reveal itself (which your firewall may or may not block some of it), just where on that page do you see him discuss credit card information?

Fact is, his browser test isn't very complete. He is just showing you what every web site can see in your HTTP headers when you connect to them. http://bcheck.scanit.be/bcheck/ provides a much better test but it goes beyond just what your browser will report; it also checks its "features". In fact, when running their test, Windows Media Player loaded (twice) because they tried to proffer audio content (and I have IE configured to NOT play music within it but instead using WMP separately) and another time to run a script through it (failed). I also got a prompt window to push a .vbs download to my host (obviously a security issue but the prompt blocks the auto-download attempt, so make sure your Internet security zone is properly configured). The test also opened the Search frame within IE, changed window focus, and other nasty effects. Based on this test, and because I had already read the KB article on how to add the "My Computer" local zone to the security zones displayed in Internet Options -> Security, I changed the setting from Enabled to Prompt for active scripting. That eliminated the high security threat they noted on my system. However, it also means that I have to keep answering Okay to a prompt when, for example, I open a help file and navigate around the help file by using links presented in a topics list. I'm not sure yet what to do about their medium security risk assessment regarding javascript and the the Search bar. The Search bar did appear but nothing got ran, or it was one of those prompts to ask me to run something that I clicked Cancel or No. You can find more browser security checks, like http://browsercheck.qualys.com/index.php, by doing a Google search on "browser security". Gibson's test just shows the HTTP headers that are available to any web site that wants them. He does NOT say your credit card information is at risk. He doesn't test for it. 

-- 
______________________________________________________________________
Post replies to newsgroup.  Share with others.  E-mail not accepted.
______________________________________________________________________