I don't know if there's anything wrong with Sheildsup (other than my recollection of it being a pretty run of the mill tool for reporting open ports), but the guy who makes Shieldsup is, in my opinion, basically a charlatan. He writes loads and loads of technical-sounding blather on his website that is very transparently designed to make him look like an expert on security to people who don't know any better. He's made a career out of selling tools people don't need but which are hyped up to make them sound critically important.
Here's an example of some hype I just found about a device he "invented" that is supposed to really put home routers through their paces, because he's the only one looking out for us. [1] Of course, it maybe doesn't exist, and his claims of what it's going to do sound far-fetched and misguided, but it sure does seem aimed to make him sound like a real security expert. Not sure if he ever made any claims about having evaluated any routers with it.
I feel like what you're describing is just marketing, in the sense of exaggerating the necessity of a product that works but which you really can do without. Or do you mean Gibson's products don't really work?
Sure, it's "just marketing," but it's particularly egregious marketing because it relies heavily on fear and borderline lies about his expertise. And he puts out baloney like the "CSPRNG" in the OP that's not even sound. You may note that it's been 5 years since he was notified of the flaws in it, but it's still promoted in exactly the same irresponsible way.
One of his most infamous crusades was how he yelled about Windows XP raw sockets -- a fake problem that he hyped up as if the sky was falling -- well after Windows XP was EOL'd.
My apologies for misstating this. According to the internet archive, he stopped complaining about this problem sometime in 2008, a mere four years after the raw sockets restrictions were added to XP.
Do keep in mind, however, that his entire reason for continuing to publicize this was because it allowed him to continue making foolish claims like "Microsoft Does Not Understand Security," and to pretend that the eventual restrictions (not removal) of raw sockets in XP were proof that he was right. They were not.
In fact, the entire issue was over his own misunderstanding of security. You can't secure a network by asking client operating systems to restrict their own behavior on some kind of honor system (guess what: the bad guys' computers will not have these restrictions). The use of raw sockets did not disappear and the internet still exists. The claim that this was "a tremendous threat to the global Internet" basically amounted to "the sky is falling and only I can see it because none of the other security experts 'get it' like I do." Which is entirely bogus.
I always imagine all the Gibson haters are still stuck on this drama from the XP days. Not sure why it was so polarizing, but for what it's worth I don't think "Microsoft understands security." It's not any one person or one thing, it's the culture. It's the laissez-faire attitude. It's the lack of investment. And the ubiquity of their software compounds all of it.
I've always been curious why people so fervently dislike Gibson. I think the most genuine criticism is that Spin-Rite is not a backup solution and people may rely on it as such. Ideally, no one should need it since all data should be replicated and backed up. Any drive can fail at any time for any reason and it may be totally unrecoverable.
[Side Note: He also once claimed in a "testimonial" that a special ops team recovered data off of a hard drive during a mission in which they hit a terrorist with a computer.]
That being said, he produces a free security podcast which is quite good. He knows his stuff.
> Any drive can fail at any time for any reason and it may be totally unrecoverable.
While in principle this is true, I have been using hard drives for more than 30 years now in PCs and I have never had one fail. I still back things up to separate drives since there's always a first time, but I've never used SpinRite or any other extra "protection" over and above what my OS provided.
There are stats on failure rates and bathtub curves. Consumer hard drives these days have an AFT of ~1.41%. Never used SpinRite and I don't know if there is evidence for it but I suggest you backup your data.
The podcast is great. Provides great information and is more than happy to provide corrections when some calls him on it. Takes a very scientific approach to issues.
I agree. Not sure why all the hate. I’ve used SpinRite to recover some bad drives of mine and friends/family over the years and it’s worked quite well. Had one Windows box that was failing to boot before the login screen, ran SpinRite and it found / fixed some issues. Rebooted and the machine was fine. At least fine enough to copy everything to a new drive and ditch the old one. Haven’t tried it on an SSD though.
You can take or leave the relevance of this "old" information, but there are dozens of pages on his current website that speak for themselves.
Most of it is just self-aggrandizing technobabble trying to appear authoritative and "educate" people on security issues with hilariously dumb content like the page that recommends checking Facebook's cert hash on his site before trusting it. His number one goal appears to be to convince people he is an "influential voice" in the security community (he uses that phrase to describe himself repeatedly). I just find it sad when I encounter people who buy it. Luckily, it mostly seems to appeal to a certain kind of misinformed enthusiast that I rarely encounter these days.
Note that this isn't to say all his info is bad. I particularly like stuff like his explanation of how NAT works. That's great content. If it wasn't mixed in with the chicken little snake oil stuff, I'd actually refer people to it.
Here's an example of some hype I just found about a device he "invented" that is supposed to really put home routers through their paces, because he's the only one looking out for us. [1] Of course, it maybe doesn't exist, and his claims of what it's going to do sound far-fetched and misguided, but it sure does seem aimed to make him sound like a real security expert. Not sure if he ever made any claims about having evaluated any routers with it.
[1] https://www.grc.com/r&d/assimilator.htm