Internet Connection Security for Windows Users
by Steve Gibson, Gibson Research Corporation

Examine the software licensing agreement accompanying
the security product you depend upon, and you'll find that
the vendor who took your money is not responsible for its
operation and/or performance.


Firewall Vulnerability Disclosure Policy

Our release of the first version of LeakTest caught the complacent PC security industry by surprise. It upset the users of insecure security products and the vendors of those products. And it is no surprise that these vendors were embarrassed by the sudden exposure of their products' extreme vulnerability to the light of public scrutiny. Neither is it any surprise that they reacted, in some cases, by defensively claiming that I had an obligation to secretly inform them in advance before revealing these facts to the public.

I disagree, but it's a point worth discussing.

It is not, and never was, my intention to embarrass or harass specific firewall vendors. My ShieldsUP! external security testing facility doesn't know or care which firewall you may or may not be using, and neither does LeakTest. All of my tests focus upon the technology of security. They don't play favorites. They are unbiased, and all firewall vendors are treated alike.

But . . .

Selling security is a serious business. Users depend upon
vendor representations. If the products being sold are
insecure, users deserve, want, and need to know.

No two firewalls are the same, but there is no way to know from the surface how they compare. Claims are just that. Users need to have the ability to test their systems and firewalls, both from the outside in (with ShieldsUP! and someday NanoProbe) and from the inside out (with LeakTest). Over time the user community and PC press need to develop a general awareness of which firewalls seem more secure and which seem to be less. But when pitted against vendors' massive marketing budgets, a general awareness of the truth would not be achieved by having me secretly whispering into the ears of those companies who were producing inferior firewalls. So I can't do that.

It's not my job to help them cover up their weaknesses.

My tests have been, are, and will always be generic and unbiased pure technology. After that, together, we will let the chips fall where they may.

Firewall vendors must accept responsibility for the
security of their products.  If they don't, who will?

To continue, please see: Hardware Firewalls/NAT Routers

You are invited to browse these LeakTest pages:

LeakTest
How to Use LeakTest 1.x

Personal Firewall Scoreboard

Firewall Vendor Responses

Vulnerability Disclosure Policy
Hardware Firewalls/NAT Routers

Tracking Firewall Updates

Frequently Asked Questions

LeakTest News & History

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Oct 06, 2003 at 14:29 (4,922.57 days ago)Viewed 5 times per day