The Claim: Lockdown2000 Is The World's Most Effective Security System, Offering Absolute Security And Complete Privacy



Who Makes The Claim

Where It Was Said

  1. http://www.lockdown2000.com/index.html
  2. http://www.lockdown2000.com/Lockdown2000.html
  3. http://www.lockdown2000.com/faxsheet.html
  4. http://www.lockdown2000.com/security3.html
  5. http://www.lockdown2000.com/download3.html
  6. http://www.digital-dialog.no/lockdown2000/lockdown2000_security.html
  7. http://shop.flash.net/~dallaset/info.html

What Exactly Was Said

[1] Page titled "The Complete Fire Wall For Windows: LockDown 2000!": "Lock Down 2000 is now the world's most effective and complete security system available for Windows 95, 98, and NT. LockDown 2000 automatically disconnects, traces and identifies unauthorized users in electronic seconds. With LockDown 2000 you will never have to worry about Hackers invading your privacy, deleting your files, attaching a virus or a trojan horse program without your knowledge."

[2] Page titled "Lockdown 2000 - The Complete Fire Wall For Windows!": "LockDown 2000 was designed and developed to protect Internet users from being hacked by even the most sophisticated Hacker. LockDown 2000 provides complete security and privacy whenever you go online. LockDown 2000's new and advanced features will block everyone out of your computer. With LockDown 2000 protecting you, no one can read or delete any of your important files."

[3] Page titled "Reseller Fax Sheet": "The world's most effective Security System. LockDown 2000 ... provides absolute security and complete privacy whenever you go online."

[4] Page titled "Internet Security News": "LockDown 2000 provides absolute security and complete privacy whenever you go online. LockDown 2000's new and advanced features will block everyone out of your computer. With LockDown 2000 protecting you, no one can read or delete any of your important files."

[5] Page titled "Download Lockdown 2000! Internet Protection For Windows": "LockDown 2000 was designed and developed to protect Internet users from being hacked by even the most sophisticated Hacker. LockDown 2000 provides absolute security and complete privacy whenever you go online."

[6] Page titled "The Complete Fire Wall For Windows: LockDown 2000!": "LockDown 2000 was designed and developed to protect Internet users from being hacked by even the most sophisticated Hacker. LockDown 2000 provides complete security and privacy whenever you go online. LockDown 2000's new and advanced features will block everyone out of your computer. With LockDown 2000 protecting you, no one can read or delete any of your important files."

[7] Page titled "LockDown2000": "The world's most effective Security System. LockDown 2000 was designed and developed to protect Internet users from being hacked by even the most sophisticated hacker. It provides absolute security and complete privacy whenever you go online. LockDown 2000's new and advanced features will block everyone out of your computer. With LockDown 2000 protecting you, no one can read or delete any of your important files."

What Is NOT Said

There is no mention of trojans Lockdown cannot sense or remove, anywhere on any Lockdown webpage or manual. Yet many of them do exist. Are we to suppose that someone who has researched hundreds of Internet trojans is completely unaware of them? Worse, Lockdown purports to remove trojans it cannot remove, such as the Kuang2 trojan/virus -- which can infect hundreds of files on a system within minutes. Lockdown can only detect Kuang2 after it has run! At which point it is much too late.

No mention is made anywhere on the Harbor Telco sites of the dozens of security risks that exist on the Net which Lockdown doesn't begin to handle.

Your Internet browsing is NOT private, which fact carries its own risks; and about which Lockdown does nothing whatsoever. Aside from this normal non-private behavior of your browser and the network, a variety of exploits exist which can grant access to private information on your system by way of some browsers. New exploits, some of them potentially serious, are discovered frequently. Lockdown is irrelevant to any and all of these.

As one example, Java applets exist which can sometimes destroy or snoop data. Lockdown has no slightest capacity to sense or stop them.

ICQ, mIRC and other similar chat/mail applications have numerous loopholes, with potential ranging from minor loss of privacy, through identity spoofing, to serious intrusion or data loss. Commonly-used Web and FTP servers, increasingly popular among individual Net users, can sometimes be exploited. The list goes on. Lockdown is helpless against virtually all such exploits.

Remote-access trojans, those Lockdown purports to handle, are only a subset of trojan horse programs. Many trojans exist which run only briefly, offer Lockdown (and the user) no clue of their activities, and may do untold, permanent damage to data or security in mere moments. Lockdown doesn't address these, of which there may be thousands.

Michael Paris has known, at least since my review posted in December of last year, that Lockdown does not adequately protect shared files. Shared files can be easily deleted despite all Lockdown can do. To this day nothing has been done to correct this crashing vulnerability in Lockdown itself. (New info: Paris has now admitted that he's known about this vulnerability since Lockdown first appeared as Hackerproof98, in early 1998. Now read again his claims which I quote above.)

 

Is Lockdown The World's Most Effective Security System?

This review in its entirety is the complete answer to this question. But for the record, I can point to more effective options.

If you want to exceed Lockdown's "absolute security," a combination of:

... would comprise security vastly superior to blind faith in Lockdown alone, at a small fraction of the cost.

Usually within a few months of their first appearance, remote-access trojans are incuded in scan signatures by antivirus vendors. Even though newer trojans will always exist which are missed by AV scanners, if users on your system follow simple guidelines for safe computing, there's very little chance you'll ever fall victim.

Assuming you were to fall victim to a trojan despite all care -- always a possibility -- there exist anti-trojan tools with real features that actually work and which far exceed Lockdown's capabilities. Jammer (free/$20), monitors your dial-up connection in the true fashion of a firewall, whereby it effectively monitors virtually all 65,536 ports for hostile scans. Although its trojan removal to date is specific to BO and NetBus, it removes some variants Lockdown can't see, it monitors the Registry at least as effectively, and unlike Lockdown, it provides a view of network connection status.

If for some reason you feel you must specifically address remote-access trojans with a sledgehammer, TDS (shareware, $50) contains a wealth of features, totally eclipsing Lockdown's every anti-trojan capability at half the price.

 

Conclusion

NO. Lockdown2000 is NOT the world's most effective security system, and it does not offer "absolute security."

In fact, because of the irresponsible claims made for the product, Lockdown has the very real potential to seriously compromise its users' security.

Users of Lockdown surely exist who accept the claim of total security. If these people incautiously run programs from questionable sources, believing Lockdown will protect them reliably from such folly, some of them are certainly in for serious reverses. If they entrust their shares to Lockdown's protection with poor passwords or none at all, their data will be open to malicious deletion at very least, and perhaps to comprehensive intrusion.

As for privacy, there are many well-known issues of privacy on the Internet. Users are often tracked as they browse, sometimes directly identified, and considerable amounts of data may be gathered, usually for marketing purposes, about their interests and preferences. Personal information of various kinds is often widely available against the wishes or without the knowledge of individuals. One's own computer, browser or other applications, may reveal more information than the user realizes. Aside from its inadequate protection against direct intrusions, Lockdown addresses none of these issues and has no effect upon a user's privacy.

 

Analysis: Absolute Security?

To be blunt, anyone who claims he or she can establish total security against all intrusion into networked computers is either grossly exaggerating or deluded. This applies to home systems connected to the Net as well as to LANs.

Reputable and responsible security firms and expert individuals never, ever make such a claim. Quite the contrary. Throughout their promotional materials, essays and articles, the real experts warn there is no such thing as absolute security and caution against any expectation of achieving it.

Competent analysts approach security on a cost-vs-benefit basis, and place at least as much importance on the human element as they do on security software. Unlike Harbor Telco, professionals openly admit that no program is perfect. They recognize that things like user error or neglect of basic procedure can compromise any security application. And they never extend claims of protection to encompass all future threats.

Examples of responsible commentary on "absolute security" exist on the Web by the thousands. Here's a handful I found in a brief search.

http://www.gds.ch/privacy.htm Encryption, Authentication, Transaction Security: Absolute security does not exist.

http://www.wlana.com/resource/whitepaper.html WLANA Security White Paper: Itıs important to point out here that absolute security is an abstract, theoretical concept - it does not exist anywhere. All LANs are vulnerable to insider curiosity, outsider attack, and eavesdropping.

http://www.cosc.georgetown.edu/~denning/infosec/USAFA.html Protection and Defense of Intrusion: Security is a bottomless pit. It is often said that the only way to make a system secure is to pull the plug. It is not practical, and usually impossible, to achieve 100% security. Not only is it too expensive, it is unachievable because not all weaknesses and attacks can be anticipated.

http://www.pilot.net/services/serv-firewall.html Pilot's Network Services: ...absolute security does not exist...

http://www.sbaer.uca.edu/docs/proceedingsII/98sri294.txt WORLD WIDE WEB NETWORK AND ITS SECURITY ISSUES by David C. Yen, Miami University: WWW security is about risk management, not absolute security...

http://www.usnetworks.net/secure.htm Internet Security: Internet security is a path, not a destination.

http://www.orbs.org/envelopes.cgi ORBS: There is no such thing as a perfectly secure computer, unless it is switched off, melted down, encased in concrete, then tossed into a deep ocean trench. Even then, someone may work out how to manipulate gravity waves to get at it. Never assume any security measure covers all future possibilities, as this will result in great embarrassment at some point in the future. Anyone who offers a 100% security guarantee is either a fraud or a fool.



Home