Press Release: March 2, 2001 

For immediate distribution.... 

Steve Gibson, self-appointed Internet security guru, has apparently 
decided to take on yet another crusade.... 

This time, instead of attacking the various personal firewall products 
and their capabilities, he has settled his crosshairs on Brady & 
Associates, LLC., creators of the very popular personal firewall 
reporting utilities ClearICE Report Utility for BlackICE Defender, 
ClearRoute Report Utility for WinRoute Pro and ClearZone Report 
Utility for ZoneAlarm and ZAPro. 

Gibson, owner of the Shields Up web site where over 7 million users 
have 'tested' the security of their computers, has authored a series 
of email messages to Ben E. Brady of Brady & Associates, demanding 
that Mr. Brady make changes to his software that would disable the 
reporting of attacks that have emanated from the Shields Up web site. 
Stating that users of the popular reporting utilities are 'harassing' 
him and his ISP by submitting 'attack' reports, Gibson threatened to 
make public statements of a derogatory nature regarding the utilities, 
in order to deliberately discourage the use of them and damage the 
reputation of the products. 

In a message to Mr. Brady on January 7, 2001, Gibson said ... "I and 
my ISP (Verio) are being SPAMMED with eMail generated by idiot users 
of your tools which are using ShieldsUP! then, apparently, simply 
sending "attack" reports without examining them." 

In response to the message, Mr. Brady immediately revised the Online 
Help for the various utilities to make it clear to users not to report 
attacks from the Shields Up web site. 

http://www.firewallreporting.com/clearice/usingclearice.htm 

http://www.firewallreporting.com/clearroute/usingclearroute.htm 

http://www.firewallreporting.com/clearzone/usingclearzone.htm 

Gibson contends that the software is 'defective' because it allows the 
user to send attack reports intercepted by the user's personal 
firewall program without 'filtering' for Gibson's IP address ranges as 
false alarms to Gibson's ISP, Verio, Inc. 

Brady has stated "The the utilities do nothing more than paste the 
pre-formatted attack information parsed from the various attack log 
files from BlackICE Defender, WinRoute Pro and ZoneAlarm into the 
Windows clipboard.  It is up to the user to invoke the email client of 
their choice, paste the message into the body of the email and send it 
to the appropriate email address of the attacker's ISP.  I encourage 
all users to use common sense and discretion in reporting attacks, 
otherwise the result would be like the little boy who cried wolf." 

Brady has offered to make changes to the programs, in a manner that 
would not filter the information but still discourage the user from 
reporting Shields Up attacks, provided Gibson pays for the development 
and testing of the modification.  Gibson has refused to contract for 
the changes. 

Brady states, "It is a matter of principle. Steve wants me to make a 
change that I feel would compromise the integrity of the information 
contained in the log files by filtering any attack that is received 
from his range of IP addresses.  The problem is that it would become 
very attractive for hackers to impersonate Gibson's IP addresses in 
order to attack other computers.  I have offered to create a 
'solution' that would not filter the content of the logs, however, 
Steve is trying to force me into making the changes, using threats of 
making disparaging public statements about my products, because he 
thinks the changes would be more in line with the 'wishes of the users 
of my products'." 

Among the threats he has used, Gibson has assumed the position that 
unless Brady & Associates changes their products, he will require that 
anyone subscribing to his yet-to-be-released 'pay for play' firewall 
security scanning service remove the reporting utilies from their 
computers and that if any subscriber to the service were to submit a 
report of an attack from the Shields Up service their subscription 
would be terminated. 

Gibson stated in an email dated March 2, 2001, "As you may know, the 
next generation of my work will include a subscription service which 
autonomously and continually (daily) checks the security of a user's 
system. At the user's paid request this will *significantly* increase 
the incidence of unexpected packets arriving from the GRC domain. 
Since I anticipate a corresponding increase in the level of harassment 
from your defective utilities, if you do not PREEMPTIVELY repair your 
broken products, I will be forced to make it very clear -- up front in 
every presentation of the service's subscription agreement -- that the 
receipt of an intrusion report generated by any of your utilities will 
result in the immediate termination of the user's subscription and a 
refund of their unused balance. The subscription agreement will 
require them to agree to uninstall and NOT USE any of your products 
until the defects in those products have been cured" 

Gibson also stated in an additional email to Brady, "I am, therefore, 
giving you formal notice -- WELL IN ADVANCE -- that unless you amend 
your products to prevent the generation of the eMail my ISP and I have 
been receiving as a result of the receipt of TCP packets from machines 
within my domains, all suspense of the use of your products WILL BE A 
LICENSE REQUIREMENT for the use of my future software and services" 

Brady said "I have a great deal of respect for Steve, he's done a 
great service to the Internet community at large, to a great degree he 
has made the various manufacturers of personal firewall products 'toe 
the line' with respect to producing a quality product.  What he is 
trying to do here is nothing short of forcing my utilities into 
censorship on the net."  He added, "What Steve doesn't seem to 
understand is that when he professes to be the best gunfighter in the 
west he had better be prepared to back it up... and be able to defend 
himself against anyone that would try to shoot him out of that 
position. He's made himself out to be a very big target.  I have urged 
all users of ClearICE, ClearRoute and ClearZone to act in a 
responsible manner with regard to using my products, this has been 
clearly evidenced in the Online Help file that is available to each 
and every user of the products."