The Claim: Lockdown2000 Is A Firewall.



Who Makes The Claim:

Where It's Said:

  1. http://lockdown2000.com/Lockdown2000.html
  2. http://www.lockdown2000.com/index.html
  3. http://lockdown2000.com/praise.html
  4. http://lockdown2000.com/manual/index.html
  5. http://www.digital-dialog.no/lockdown2000/lockdown2000_security.html
  6. http://www.rocsoft.org/lockdown/index.htm
  7. http://www.wolfcomputer.com/Lockdown2000.html
  8. http://shop.flash.net/~dallaset/info.html
  9. http://207.36.214.243/firewall.htm
  10. http://w1.445.telia.com/~u44502391/index.htm
  11. http://w1.445.telia.com/~u44502391/document.firew.htm
  12. http://w1.445.telia.com/~u44502391/document.removers.htm
  13. http://davecentral.com/8471.html
  14. http://www.hackgeeks.com/security.html
  15. http://www.titan.co.nz/ferita/page24.html
  16. http://lockdown2000.com/praise2.html
  17. http://www.alternetive.asso.fr/securite/anglais/lockdown.htm

What Exactly Was Said:

[1] Page titled "Lockdown 2000 - The Complete Fire Wall For Windows!": "...Lockdown 2000 will act as a FIREWALL between your computer and the Internet." (The word "FIREWALL" links to {this image} which incidentally does not illustrate a firewall nor anything else I can identify.)

[2] The main Lockdown2000 homepage titled "The Complete Fire Wall For Windows: LockDown 2000!". Quote attributed to "HelpNet Security News": "LockDown 2000 is one of the best programs I've come across. It works like a firewall..."

[3] Quote attributed to "HelpNet Security News": "...LockDown 2000 is one of the best programs I've come across. It works like a firewall..."

[4] From the online Lockdown manual: "Lockdown 2000 will act as a FIREWALL between your computer and the Internet."

[5] "...Lockdown 2000 will act as a FIREWALL between your computer and the Internet."

[6] "...Lockdown 2000 will act as a FIREWALL between your computer and the Internet."

[7] Page titled "Lockdown 2000 - The Complete Fire Wall For Windows!": "...Lockdown 2000 will act as a FIREWALL between your computer and the Internet."

[8] "LockDown 2000 will act as a true , unbreakable FIREWALL between your computer and the Internet."

[9] Page titled "Firewall protection from highspeed hackers": "Click on the button above and get your protection firewall immediately! [link to http://lockdown2000.com/]"

[10] Page titled "Ultra Secure - Internets most specialised security site." Beneath a banner ad for Lockdown: "Lockdown is a firewall. This application is one of the best trojan removers today..."

[11] Page titled "Firewalls": "Lockdown 2000 is the ultimate security application. It's not only a firewall, but also the perfect trojan scanner."

[12] Page titled "Trojan Removers": "Lockdown 2000 is the ultimate security application. It's not only a firewall, but also the perfect trojan scanner."

[13] "LockDown 2000 will work with a firewall or as an Internet firewall for your PC or network."

[14] "LockDown2000. Awesome firewall. Removes trojans and logs connection attempts."

[15] "Lockdown2000: this is a firewall trojan scanner all in one, very good scans up to 88 trojans."

[16] Quote attributed to J. Schaetz of Abbeville, SC: "Lockdown 2000 is a WONDERFUL firewall..."

[17] Page titled "<- @lterNETive - SÚcuritÚ & Piratage ->": "In the final analysis LockDown 2000 constitutes small really effective Firewall, I to you strongly advise it!! Function under Win95, Win98 and WinNT"

What Was NOT Said:

Despite careful searches, I have been unable to find any instance anywhere, wherein Michael Paris or any principal or seller of Lockdown2000 has ever qualified, corrected or refuted any claim that Lockdown2000 is a firewall. Instead, they deliberately promote the notion, saying themselves that it is a firewall, and quoting others who say it.

Is Lockdown2000 A Firewall?

What Is A Firewall?

If you don't already know, read this page to learn what a firewall really is.

Let's see how Lockdown's functions compare to those of a firewall...

1. Is Lockdown Positioned to Control Network Traffic?

NO.

Lockdown resides in the Application Layer and is wholly dependent upon lower network layers. It receives all its information from other processes (Winsock, etc.) and it does not stand between those processes and the network interface devices in any way.

Lockdown can send commands to network processes (such as to kill a connection to a shared resource) and it does monitor shared resources (a specific and limited part of network activity) by way of those processes. But it does not directly prevent or monitor any network traffic. For instance, Lockdown doesn't head off unwanted connections to shared resources before they happen like a firewall can easily do. It can break connections only after they are made, and because this involves inevitable delay, it may in fact do so only after files are deleted or transferred.

2. Does Lockdown2000 Perform Packet Filtering?

NO.

Lockdown does absolutely no packet filtering of any kind whatsoever.

When its "IP Filtering" feature is used, Lockdown presents the illusion of acting like a packet filter from the user's viewpoint, in that it is causing share-access disconnections using a limited set of "policies" based upon IP address. However, it controls access indirectly, very belatedly, largely unsuccessfully and only in the very limited sphere of NetBIOS resource sharing. It operates at the application layer, far removed from the Network Layer which is the bailiwick of a packet filter.

3. Does Lockdown2000 Act as A Circuit Relay?

NO.

Lockdown does not validate connections or control ports used by other applications nor does it monitor their data transmissions in any way whatsoever.

Lockdown is only handed packets by the existing Transport Layer software in connection with whatever port(s) it may open. Lockdown2000 2.5.4 opens only one port: 12345, the default listening port of NetBus. There are 65,535 possible ports!

File sharing is a special case, not itself an Internet Protocol function but rather based upon a different type of networking (NetBIOS). NetBIOS is "ported" to the Internet via certain standard ports which have been assigned specifically to NetBIOS functions (ports 137, 138 and 139).

Lockdown2000 does monitor shared resources on the local machine but it is again dependent upon lower-level Windows processes for its control of those shares. It does not mediate the actual networking communications with those shares and cannot directly block access.

Applications running on the host system can very effectively bypass Lockdown's weak file sharing controls, simply by using other means of access.

Any application can send any file over the Internet to a remote system by virtually any method; and because this operation will have nothing to do with the NetBIOS file sharing on the local network, Lockdown will never notice:

Does Lockdown2000 Act as An Application Level Gateway or Proxy?

NO.

Lockdown has nothing to do with other applications' networking or their activities unless file sharing is involved. It is not a proxy. It is both uninvolved in and unaware of other applications' network communications.

Conclusion

LOCKDOWN2000 IS NOT A FIREWALL.

Analysis: Why Is Lockdown Called A Firewall by Its Sellers?

This isn't difficult to figure out.

The whole substance of Lockdown2000 is marketing, not true security or functionality. (This conclusion is unavoidable when the facts are known. Actual inspection and test of the Lockdown software continues to reveal its fatal shortcomings, long since pointed out by me and others and never corrected despite a year of sales and many version updates. Any informed comparison of the product with the sellers' glowing claims shows conclusively that the hype and the reality are universes apart.)

The word firewall is poorly understood by the general public but very attractive as a buzzword because it strongly implies real computer security.

The term is simply and only being used as a marketing tool.

People will happily spend $99 for a FIREWALL, especially when they've been frightened silly by news of a horrifying newly-discovered major gaping Internet security hole whereby "people around the globe who connect to the Internet using Windows 95, 98 & NT can no longer be sure that their computer data is safe," and to which "all users have become easy prey."

On the other hand, they will not spend $99 for a weak share monitor they don't need; a port monitor for one port that does almost nothing to protect and which they can find elsewhere (and a much better one at that) for free; and a trojan detector that is easily, utterly fooled.



Home