Wednesday, 11 November 1998
Updated Wednesday, 25 November 1998
Updated Friday, 27 November 1998
Updated Saturday, 28 November 1998
Updated Monday, 7 December 1998
(I've tested it now! -- 9 Dec)
I was recently asked to comment on my site about Lockdown 2000 -- by an unidentified person using a Hotmail address. So I visited their gaudy website in an effort to find out more.
The site presents a badly-written morass of overstatement, many inaccuracies and endless fear-mongering about system security, coupled with outrageously overblown claims for their product.
There are a lot of things there that ring loud alarms with me:
They want a shocking $99.95 for a product they won't even really tell you about.
They do not identify themselves adequately.
They charge outrageously for a program whose functions can be obtained elsewhere in better forms for less or for free.
They answer even sales calls with automated voicemail using a computerized voice.
Their address is a PO box in New Hampshire. Their phone numbers are in a Florida area code.
Their site is lacking any genuine security data about the attacks they purport to combat, and also lacks decent info about their product's actual functions and the specific vulnerability(ies) it addresses.
They claim NBC News was witness to their product's awesome powers, yet no mention of any such demonstration can be found on any NBC site.
They are, in short, obviously banking on the ignorance and anxiety of their audience to prompt them to buy.
Lockdown 2000 claims absolute security. Lockdown 2000 purports to be a "firewall." It claims to protect absolutely against Back Orifice, and any and all other programs of its type. Not even the most advanced firewall makes such claims.
(A "firewall" is an approach to network security that can indeed be very effective if well designed and set up properly by a knowledgeable person. I would never recommend against a firewall for those with important security concerns.)
The help info that accompanies the program makes no mention anywhere of Back Orifice nor any other trojan. None of the functions of Lockdown 2000, as evidenced by that help info, has any relation to the mode of operation of Back Orifice, nor does it seem to work even remotely like a real firewall (it makes no mention whatsoever of monitoring or blocking specific ports, for instance). Its functions clearly relate specifically and only to shared system resources, which are a near non-issue nowadays on networked Win95 boxes, and were never a significant security issue on non-networked Win95 machines nor on any other type system.
At one time it was easy to misconfigure shares on a Win95 machine which was connected to a LAN, so that shared drives were accessible over the dialup link. That has not been the case for at least two years now; and until recently, home users practically never used shares anyway. Only persons who have shares enabled and who have the oldest Win95 versions have any slightest cause for concern, and these people need only disable file sharing on the Dial-Up Adapter to permanently correct the problem.
I welcome facts to the contrary, but so far as I can see, Lockdown 2000 is totally incapable of detecting or thwarting a Back Orifice attack in any way. I strongly suspect they merely saw the opportunity to use widespread public concern about BO as a way to increase their own sales.
Does their product work at all? Within its apparently narrow capabilities, Lockdown 2000 probably works OK; that is, it probably monitors system shares. But only the rarest user could have any slightest use for this, and it obviously cannot possibly deliver on its outrageous promises of absolute security. If your system is outdated, on a LAN, connected directly to the Net through a modem, and has misconfigured file shares, LockDown 2000 can apparently alert you to the problem and/or maintain a watch on those shared resources. And there it seems to end. Spending $100 to thwart a security threat you can remove permanently with a few well-directed clicks of the mouse seems rather foolish to me.
It's evident from my own cursory browsings that actual hackers regard Lockdown 2000 and its precursor, Hackerproof98, with disdain. Don't mistake this as mere sour grapes or bravado. Believe it or not, most REAL hackers (I'm not referring here to the motley masses of morally-challenged Back Orifice users but to the real McCoy) regard security seriously, do not believe in doing damage, and want to see people better protected from malicious attacks.
There are strident claims by Lockdown 2000 (Harbor Telco), now posted to every page of the Hackerproof98.com site, that "Hackerproof98" was a stolen and inferior pre-release version of their own product. Contrary to those claims, it is evident that their two websites have contained substantially identical material. My guess is that "Lockdown 2000" is a name change effected in an effort to evade the accumulated bad repute of the product that was sold under the former name.
I downloaded the eval and inspected a number of its files, but I have not yet tested Lockdown 2000 and see little need to do so. (I've tested it now! -- 9 Dec)
Why? Well, Windows itself already contains most of the file-sharing control and access monitoring "features" claimed for Lockdown 2000 (Netwatch.exe). A good virus scanner such as AVP, kept religiously up-to-date; along with a little knowledge, appropriate caution and vigilance; add a tool or two like BODetect; and almost everyone is adequately secure without any product of this kind.
Further, I do no one any service by wasting my time testing a product I could never recommend anyway no matter how well it works! They make exaggerated claims for their product, present facts in a deceptive manner, and charge far too much for their product.
However, I have every reason to expect the Lockdown hucksters to cry loudly, "He hasn't even tested it!!" To which I will respond by testing the damned thing. (I've tested it now! -- 9 Dec)
So just avoid Lockdown 2000. Do not send them money. Don't believe a word they say unless it's corroborated by independent and reliable sources (like NBC for instance) and placed in context and perspective.
Seek out real information about security from non-commercial sources. Find software products sold by people you can identify, who've been around a while, and whose prices are within reason.
If your security needs exceed those of the average Netizen and a firewall interests you, try Winfiles.com for a wealth of options. Here are a few likely prospects which I haven't tried but at better prices and from MUCH more reliable-looking companies:
http://www.digitalrobotics.com/ "Internet Firewall 98 For Personal Computers" (US$29.95 shareware)
http://www.cybermedia.com/company/pr/gddeluxe.html "Guard Dog Deluxe" (US$59.95 retail)
http://www.esafe.co.uk/products.html "eSafe Protect" (UKú29.95 shareware)
http://www.signal9.com/products/pcfirewall/pcfwintro.html "ConSeal PC Firewall" (US$49.95 shareware)
In the end, no software ever really substitutes for knowledge and awareness on the part of the user. There's lots of good info "out there;" and even just reading and using the information here on my site places you well on your way to better security, and a better ability to choose and use security tools that fit your needs.
I just happened upon a discussion on The Truth Tree's Message Board about Lockdown 2000 which dates from July 1998. It confirms 100% all my worst suspicions. Harbor Telco, owners of the Lockdown2000.com site, are clearly the original registrant of the Hackerproof98 site. It was never anyone but themselves who developed this ludicrous product. Furthermore, in that discussion, other technically-savvy persons clearly recognize and describe in detail the falsity of the Harbor Telco claims about a "security hole" -- in terms I couldn't improve upon. I invite you to read the thread yourself, starting here.
Within the past few days, probably in direct response to this webpage, Harbor Telco have added this disclaimer to their download page:
NOTICE: This Download Will Not Completely Delete Trojans Until An Unlock Code Is Purchased
Now, isn't that interesting? We must, or so they make it seem, pay to find out whether the product works. But that was the case all along, wasn't it? Well, I for one won't send these people a dime.
Not for one second do I believe LockDown 2000, with or without an unlock code, is the least bit effective against Back Orifice or any other trojan that isn't relevant to resource sharing. I challenge these people to prove this, or indeed any of their outrageous claims for this ridiculous "security" product.
I still haven't heard from them, which is interesting, since I even emailed them about this page. You'd think these people would try to set the facts straight. But these guys well know their claims don't stand up to examination.
Does any of their victims have an unlock code they'd like to donate? It might be fun to demonstrate the facts. (I've tested it now! -- 9 Dec)
Wow, those guys at Harbor Telco are SOOOO clever! In what is obviously yet another reaction to this webpage, they have just changed the content at Hackerproof98.com on at least a dozen pages to remove this disclaimer which says Hackerproof 98 was a stolen copy of a beta version of Lockdown 2000; and replace it with this, which simply says it's been "improved!"
If you read my first article above, you know that I pointed out that Harbor Telco has controlled both sites all along and that they were trying to evade Hackerproof98's bad reputation. Now, apparently, these people see the game is up and they think changing the site makes it all better!
Here's a page (and another) I just captured from Altavista which shows that various renditions of all these pages, including the "stolen beta" disclaimer and some history of the site's original content, are -- at this writing -- still represented in the Altavista database.
At the moment, hackerfree98.com (note the difference in the name) still contains a copy of the "stolen beta" disclaimer, identical to the one I've immortalized here. Whoops! Forgot that old site, guys! (Bet they'll rush to fix it now!) Interestingly, the Altavista record of that page reveals yet another rendition of the tale! When will they make up their minds? And oh-ho! What's this about "not fulfilling orders?!" Does this provide a new clue why they had to disclaim the thing?
Here are a few bits from the WHOIS database that show the connections, all going back to Harbor Telco's Florida operation, and their ownership of the hackerproof98.com site since well before the name change.
I received an interesting email from another Hotmail account on 6 December. This from a person who claimed to be merely a happy user of the Harbor Telco product.
This person went to great length to rebut my statements above, and claimed that Lockdown 2000 is effective against a variety of trojans, specific and non-specific. (In its updated form, made available only after my original article, it is now possible that it is useful in that respect. I don't yet know.) (I've tested it now! -- 9 Dec)
The writer made a number of statements I know to be incorrect, among them a series of statements closely in common with inaccurate claims found on the Lockdown 2000 site. Strangely, he attempted to cloud the issue of Harbor Telco's control of the erstwhile Hackerproof98.com domain and its ostensible owner, Byte Tight Security. Ludicrous, because the two (Byte Tight and Harbor Telco) once shared a street address! My guess is, he was a Harbor Telco employee or principal masquerading as a merely interested individual.
The email included implicit threats of legal action against me.
Because I don't have permission, I won't reproduce the email here. I responded with this email.
The Lockdown Website (Caution)