Re: black ice defender

From: Joseph V. Morris (jvmorris@erols.com)
Date: 08/16/02 

From: "Joseph V. Morris" <jvmorris@erols.com>
Date: Fri, 16 Aug 2002 16:19:33 -0400

"NeoSadist" <robertdelahunt@hotmail.com> wrote in message
news:ulja8p6lig95ea@corp.supernews.com...
| This post is from the web site of http://www.grc.com, or Gibson
Research.
| They have a port-probing utility that tests to see if your system is at
| risk, etc. I found this blurb about Black Ice on their site (the link
to
| download LeakTest)

There is so much obsolete information on the grc.com website that Steve
Gibson has failed to remove or update that few knowledgeable people pay
much attention to it anymore.

Remember RAW SOCKETS (in Win XP)? That was supposed to bring the Internet
to its knees with the massive acceptance of the new operating system.
Damn, I just managed to publish, didn't I? And raw sockets support is
still there! Absolutely friggin' incredible, given that Win XP has been on
the market for about a year now. (And if there was anything that could
have been used to launch a wide-spread exploit after 9-11, raw sockets
would have been the obvious source, especially after all the publicity
Steve gave it.)

Remember UPNP (in Win XP, also, and since provided in earlier operating
systems)? Ditto. Damn, I'm STILL writing this newsgroup message!

Remember Leaktest? (the capability of a nasty to replace an
Internet-enabled application without sufficient authentication) Ever
heard of such an exploit? Ever _seen_ one documented at CERT or in CVE?
How about on BugTraq or NTBugTraq? (Gee, I can't find one either.) But
there ARE instances of exploits replacing _basic_ Windows core
functionality which HAVE BEEN reported from time to time; well, Steve sort
of missed that in his 'warning'. And the various software firewalls are
only now beginning to address _this_ issue.

Okay, let's talk about Black Ice. Let's start by going back a ways. It
was STEVE GIBSON that started calling BID a firewall when he was
unabashedly _recommending_ it back in early 1999. NetWorkICE didn't refer
to it that way. People actually _tried_ to explain to Steve that BID was
an IDS, not a firewall, but he wouldn't or couldn't understand the
distinction. So, ... NetWorkICE started referring to BID as a firewall.
(What the hell did you _expect_ them to do in light of all the favorable
publicity from Steve, the Carl Sagan of computer security (that's a slur
on Carl Sagan, which I deeply regret)? Tell you that he was full of
***?) In late 1999, Steve 'discovered' that BID wasn't a firewall
_at_all_. He didn't simply quietly drop them for something else, he
slammed them. AND HE SLAMMED THEM BECAUSE HE DIDN'T ORIGINALLY UNDERSTAND
THE DIFFERENCE BETWEEN AN IDS AND A FIREWALL. Steve _couldn't_ have made
a mistake; it must have been someone else's fault -- it must have been
that NetworkICE MISLED him! (If you can find one single instance in which
Steve Gibson has been proven wrong and _he_ has acknowledged it (on his
website) on any issue of which he's made a big deal, please post it.
Inquiring minds would like to know . . . )

Yes, Steve is indisputably a major source of information for novice users
when they first become concerned about internet security. He has, again
indisputably, taught many people to disable file and printer sharing
enabled in Microsoft operating systems. He is also self-promotional to a
degree unheard of in this field, and is apparently innately incapable of
admitting that he sometimes is wrong and acknowledging this.
Consequently, he will leave inaccurate information on his site for YEARS
without correction. Not to worry, however; that's simply because he's
working on something REALLY IMPORTANT at the moment. (Apparently, this is
a degree of latitude that sycophants are only willing to permit Steve, not
his compatriots in Internet security.)

Ever hear of EICAR? Ever hear of some _other_ AT vendor doing the same
thing with Leaktest? Ahh! But if you do it with Steve's product (and
you're NetworkICE) you're slamming him! I don't think so, I don't think
so at all.

Steve has many problems. It would be nice if he would acknowledge when
he's wrong. As far as I can tell, he's incapable of doing that.
Consequently, I put very little faith in his publications on his website.
(And, yes, in case you're wondering -- I've made many mistakes in advising
people about computer security; the difference is that I _will_
acknowledge those mistakes when I find them whereas Steve Gibson is
apparently _incapable_ of doing so.) 

--
Regards,
    Joseph V. Morris
    jvmorris@erols.com
    ICQ #29438199

This is a NEWSGROUP message; except for privacy reasons, please respond
therein; an e-mail COPY is always appreciated, of course.
Almost all electrons used in the creation of this message were recycled.
No electrons used in the production of this message were harmed or
mistreated in any manner.