Shields Up test

[cc1]

Hi folks.

 

I saw Shields Up recently mentioned in this thread, so I ran the File Sharing and Common Ports tests, as recommended on that site.

 

I passed the File Sharing test, but failed the Common Ports test because my system replied to pings.

 

On my XP Pro machine, the only firewall I use is Windows Firewall; I?ve been satisfied with it.

 

I?m not too knowledgeable about how significant it is that my system failed the ?ping? portion of the Common Ports test. Nor do I know if Windows Firewall can be tweaked to remedy this issue.

 

I welcome your comments.

 

Chris

[Alan_B]

PING will tell any casual searcher, and any malevolent hacker, that you exist at the chosen IP address.

I think PING causes no harm other than the hacker can focus his tools on your IP because he knows you are present,

and saves him wasting effort on computers that are not present.

 

Because you respond to PING you may be subject to more attacks than those in stealth mode.

 

Google search gives About 262 results (0.18 seconds) when looking for "icmp malware"

Remove the quotes for About 618,000 results (0.16 seconds)

 

PING uses ICMP protocol.

Since your XP responds to PING it may well respond to ICMP MALWARE.

 

XP Firewall does not control outgoing,

therefore if you have malware that loggs keystrokes or financial data it will be free to "phone home".

 

I suggest you really need a software firewall to take over from Windows Firewall.

I prefer Comodo C.I.S. for myself.

 

You may be better off looking in and posting in the companion forum Windows Security

http://forum.piriform.com/index.php?showforum=11

[hazelnut]

If you have file and printer sharing enabled then you will respond to ping.

[DennisD]

These are my results running Windows Firewall (XP)

 

File Sharing test:

 

 

 

Common Ports Test:

 

 

 

All service ports test:

 

 

 

And it also passed the "Messenger Spam" test.

 

Personally, I most definitely would never change Windows Firewall for any "two way" variety as I've used it since 2006 and it's never let me down.

 

I've tried a number of two way firewalls very briefly during that time, and some of them consistently failed the "Shields Up" stealth tests, and caused a noticeable slow down on my PC.

 

Windows Firewall and Avast Home Antivirus make a perfect partnership on my PC, and have done for years.

 

I really don't care who is trying to call out, because there's always something phoning home from your computer, and the important role of a firewall is to prevent any response in the downward direction, which Windows Firewall does, and it does it very well.

 

Some time ago hazel linked to an exellent set-up guide for Windows XP Firewall, which is well worth reading ...

 

Set up Windows Firewall: (Wilders Security)

 

Hope this info is useful.

[Guest]

How relevant is Shields UP today? I remember running the test more than 5 years ago and I know it was around for quite some time before that.

[redhawk]

I think pings and script kiddies checking your open ports is the least of your problems.

Malware, scareware, giveusyourmoneyware and identify theft are more relevant these days.

 

Richard S.

[Andavari]

A common way for PING to get through is if you don't have the hardware firewall turned on in your broadband modem.

 

For instance Qwest DSL doesn't have it on by default, however after enabling the firewall it will pass the GRC tests when used along with Windows Firewall, etc, note that I didn't know that the first two years using Qwest yet nothing bad happened however I like having the firewall on for an extra layer of security.

[DennisD]

Steve Gibsons "Shields Up" has been around for a lot of years, and it's relevance and accuracy has been debated for a lot of years, and there are a great many people who've come down on both sides of the fence.

 

Whether your a fan or not, I don't think we should put XP users off from using it.

 

"Shield Up" is free, harmless, and giving it a run is a damn site better than blindly trusting your installed Firewall.

 

Personally, I still like it, and too many people think security is all about preventing stuff coming down through your browser. Steve Gibsons "Shields Up" is probably an eye opener for a lot of users.

[Andavari]

Steve Gibsons "Shields Up" has been around for a lot of years, and it's relevance and accuracy has been debated for a lot of years, and there are a great many people who've come down on both sides of the fence.

I always use Shields Up if wanting a quick test done, I follow up with more extensive tests on PC Flank: http://www.pcflank.com/

Neither are probably perfect, however for end-users that need to quickly know how their firewall stacks up at least they're both the safe way to find out.

[cc1]

I have had lots of family stuff to attend to since my original post yesterday, so I haven't had much opportunity yet to thoroughly vet the responses. (They are much appreciated! ) But I did carve out a little time late last night to check my file and printing sharing setting and I also read the Wilders post. I then made some tweaks to Windows Firewall based on that information, but my machine continues to fail the Common Ports test for the same reason as before: ping response.

 

I'm thinking the next step is for me to explore Andavari's comment ("A common way for PING to get through is if you don't have the hardware firewall turned on in your broadband modem"). I have a Westell Versalink 327W router. I'm assuming it doesn't matter that it's a router versus a modem, and that I still need to check to see if the hardware firewall is turned on. Hope to be able to delve into that tonight.

[hazelnut]

When doing the test you have to make sure it is testing your machine and not the router.

[cc1]

A common way for PING to get through is if you don't have the hardware firewall turned on in your broadband modem.

For instance Qwest DSL doesn't have it on by default, however after enabling the firewall it will pass the GRC tests when used along with Windows Firewall, etc, note that I didn't know that the first two years using Qwest yet nothing bad happened however I like having the firewall on for an extra layer of security.

This evening I checked my router's hardware firewall setting. It was set to Low. When I changed it to Medium, my system fully passed Shields Up, including the ping test. However, that change to Medium interferes with my wife's laptop's ability to communicate with her employer's web site (she's a reporter and posts much of her work this way). Neither of us are too knowledgeable about this issue; she mentioned something about her laptop's VPN needing to communicate with the server through pinging. In any event, I had to change the router's firewall setting back to Low.

 

 

When doing the test you have to make sure it is testing your machine and not the router.

I wasn't completely certain how to do this. But I noticed one of the Firewall setting options in my router's configuration was "None - All traffic is allowed". So I selected that, thinking Shields Up would then be testing my desktop's Windows Firewall versus the router's. No joy though. Once again everything passed except the ping test portion of the Common Ports test. That result has me mystified because I can't think of anything in my Windows Firewall settings that's not locked down.

[Corona]

I'm a noob to this subject but I assume if you rely on WiFi or Blue Tooth for connectivity you're giving up some sort of security. I'm sure there's apps to help but I'd bet they're not as good as brick and mortar.

[Andavari]

Once again everything passed except the ping test portion of the Common Ports test. That result has me mystified because I can't think of anything in my Windows Firewall settings that's not locked down.

The PING getting through is probably as you've already discovered - the firewall settings in the router. If both or however many of your computers also have Windows Firewall or whatever other firewall software you use turned on I don't necessarily think anything bad will happen to your computers. Sure having the PING ability lets someone know your computer is there, however like I previously stated I didn't know anything about the hardware firewall built into my DSL modem for the first two years I had it and Windows Firewall alone protected me from anything bad - albeit with the hardware firewall turned on now my Windows Firewall log is always small now.

[redhawk]

I guess you can call a router a hardware firewall but it's really the behaviour of NAT that provides incoming traffic protection.

 

Richard S.

[Robbie]

Anyone who lives in the UK, is with BT Broadband and uses the latest version of the HomeHub router (Home Hub 3) will find that ShieldsUp reports that port 161 is open and therefore the computer fails the TruStealth Analysis. There has been a number of threads and posts about this at the BT Community Forums and the official BT explanation is that "BT use port 161 to carry out remote management on the Home Hub and the network." and they say further that "We manage customer devices so that they and any feature on them do not present any security issue.". It is also apparently impossible to close this port in order to pass the ShieldsUp test.

 

I've always liked to see my system pass this test but since I started to use the new Home Hub a few months ago I've been a bit concerned that my system no longer passes this test and I don't find BT's answer to be very reassuring!

[Alan_B]

"BT use port 161 to carry out remote management on the Home Hub and the network." and they say further that "We manage customer devices so that they and any feature on them do not present any security issue."

B.T. have control of your HUB and Network and Customer Devices and any features.

B.T. will do you no harm because it is an honourable organisation, just like Brutus was an honourable man ! !

 

No hacker can penetrate the B.T. back-door because the access details are probably on a need-to-know basis.

I think the term is Security through Obscurity.

 

When I think of all the B.T. engineers working in the rain at green roadside cabinets I wonder what it would cost to buy a secret ! ! !

[redhawk]

Although you cannot 100% stealth your IP address it's not possible for someone outside to make connections to your computer (unless you have port forwarding rules).

 

Richard S.

[Alan_B]

Although you cannot 100% stealth your IP address it's not possible for someone outside to make connections to your computer (unless you have port forwarding rules).

 

Richard S.

I remain uneasy.

I understand that there is malware that can penetrate using only port-less ICMP protocol.

If BT can manipulate their HUB then so can a hacker regardless of my firewall, and even when my system is off-line.

I would not like a hacker robot living between me and my telephone/Internet wires.

 

Also as a HUB it can connect to other things such as a printer and external drives.

These other things are outside my firewall protection.

 

If I had a B.T. HUB I would have a different technological nightmare every night ! !

[redhawk]

I don't know much about BT routers but I would imagine it has some layer of encryption or security to prevent hacking (unless someone at BT is doing the hacking).

As for outside connections including ICMP it's not possible to hack a computer with a NAT connection because the router doesn't know which port or packet goes to which internal IP address.

The only thing a computer hacker could do is Denial of Service attack on your IP address but it's not worth the time an effort knocking off one computer in a billion.

If anything the biggest threat to computer security is malware running on the host computer which was installed by, using cracked software, reading infected emails or accessing boobytrapped websites.

 

Richard S.