Recently upgraded to Win 2000 and BlackIce Defender 2.5 but have wondered why there have been few BlackIce attack warning beeps over last few days when on-line. So I did one of my periodic "IP_Agent.exe" checks at Steve Gibson's "Shields Up!" site on GRC.com.

His site is down; he's in trouble and, if you can wade through his long tirade, it would seem that a lot of us may eventually be in trouble too. His explanation is very technical and beyond me, however! Maybe there are others here who can understand it.

If you favour Zone Alarm to protect you from attacks from the Internet, don't feel complacent; there are problems there too.

But it's only Win 2000 and Win XP apparently. It's a code "fault" that Microsoft know about.

If you're afraid of viruses, this'll make you really paranoid. Perhaps it's the version of BlackIce that is the problem. It's working, but not as convicingly as before. Let's keep a listening watch.

Crike's! http://www.pprune.org/ubb/NonCGI/eek.gif

Well at least I have Zonealarm on my PC plus a good AV. Even so intersting reading!!

Anbody who doubt's how vunarable an undefended PC is should go to Steve Gibsons 'Shields Up' @WWW.grc.com. (http://grc.com)

OzPax1 http://www.pprune.org/ubb/NonCGI/cool.gif

[This message has been edited by OzPax1 (edited 12 June 2001).]

I think this reinforces the message that BlackIce Defender has little or no value in protecting you.

Stick to Zone Alarm.

Interesting link, fobotcso. What is truely worrying is that

(a) All this functionality is built in to Windows (and much more to come) without any of the safeguards that UNIX provides to stop it being abused.

(b) 99+% of people treat their PC as no more complex than a toaster and never bother to understand what it does.

(c) The ISP's don't seem to give a damn.

(d) Always-on ADSL is just around the corner...

For a more thorough security test than GRC, I suggest http://www.securityspace.com/smysecure/basic_index.html

This particular test is free, though there are more complicated ones available at a price.

Im still waiting for Steves Optout (spyware detection) update. Seems that Doubleclick and those other sh*ts have found a way to circumvent Optout.

Evo7,

You say:

"(a) All this functionality is built in to Windows (and much more to come) without any of the safeguards that UNIX provides to stop it being abused."

I think you may have misunderstood Steve Gibson's claim about the functionality Microsoft has added to Windows 2000 and XP... sure they're changing the API at the winsock level, but this doesn't compromise the machine any more than any other IP-enabled Operating System. Previous Win32 O/S's could be compromised by writing the virus/trojan to talk "below" the winsock layer, thus masking the source address that way. Secondly, ALL Unix operating systems implement the "full" version of the sockets API and have therefore been available for years to this type of attack.


"(b) 99+% of people treat their PC as no more complex than a toaster and never bother to understand what it does."

You're absolutely correct - unfortunately. However, it should be the joint responsibility of the PC manufacturer, the operating system supplier and the ISP to ensure that 99+% of people are secure in an "off-the-shelf" deployment.


(c) The ISP's don't seem to give a damn.

Again quite true, unfortunately. http://www.pprune.org/ubb/NonCGI/frown.gif


(d) Always-on ADSL is just around the corner...

It's already here :) -- I'm currently writing this via a Freeserve ADSL connection. However, I do have the knowledge and resources to secure my PC (actually two of them connected via private IP addresses).


I was trying to think of a good analogy... the first one that sprung to mind was buying a car: you wouldn't expect to have to go to numerous 3rd party vendors to make the car safe -- it comes crash-tested with seatbelts, airbags, etc, etc. I think the PC industry has a lot of catching up to do in this respect.

I just logged into grc.com without any trouble at all.

Sites do have a problem from time to time just as PPRuNe does.

Anyway Steve is still doing grand job.

Thank you PPP; believe me, he was very distressed indeed but seems to have recovered quickly.

The topic of protection from intruders is going to preoccupy us all in the years to come, when more of us are on-line permanently. But, for the moment, let's just enjoy it.

FlyingGiraffe

I don't think I misunderstood it, although I may have phrased my comments poorly.

UNIX has, indeed, allowed raw socket access for years (always?), but only to root. Log in as a normal user and you only have limited socket access - most importantly, you do not have the level of access to spoof IP packets.
If J. Random Hacker gets root access on a UNIX box then it is the ultimate DDoS tool, but getting root access is hard, keeping it is also hard, and the key to a DDoS attack is that you have lots of machines available to attack with. That's a lot of work for JRH to do, and he's up against skilled sysadmins while he is doing it. Well, at least some. The UNIX world isn't perfect, either. The popular Linux distributions become pretty easy to hack after a while if you don't keep pace with security patches as the loopholes become more widely known. At least security patches are readily available, widely advertised and people using Linux generally have some technical ability.
Unpatched Linux boxes are a problem.

Now, it looks like the picture is changing. Windows is not as secure as UNIX, period, and that is particularly true of the home flavours which have never escaped the fact that they are single-user systems at heart. As Gibson points out, the saving grace so far is that, without raw socket access, you cannot spoof IP packets. You can do DDoS attacks, but in a more limited form. That's about to change.

We're about to see many more computers permanently connected to the internet, as ADSL and the like take hold (I know you can get it now, but, at least in the UK, it is limited to the fairly serious user).
These computers are increasingly going to be owned by people who don't understand them, and are not worried about keeping them secure. Microsoft themselves don't help that much. Owned by people who get email containing unknown attachments which they run. Microsoft dont help that either. And now, these computers will be able to do things that were previously limited to root-compramised UNIX boxes. I can see why Gibson is worried.

There is nothing new here, I agree. However, doing it is going to become a whole lot easier, so that novice 13 year old h@xx0r-d00dz are going to get to play. At least up until now it took a bit more skill, which might make you think about what you are doing. Now, our 13 year old h@xxor can kill Amazon if he get's upset that his book is a day late.

Maybe there should be an operating system for people who can't work VCR's, but you need Microsoft to play ball and right now they are busy implementing raw sockets into home versions of windows. Joe Sixpack really needs that ;)

Just in the middle of reading the Denial Of Service report on http://grc.com/dos/grcdos.htm

Scary stuff indeed and well worth reading.

Mutt.