...a little more...
this from grcsucks.com:
* The statements 'is now secure', 'is very secure', 'is highly secure' and 'is insecure' on the pages are misleading and wrong. They mislead trusting users into believing everything is a-OK with their system while it's not.
* The techniques and technologies used to do the scan are misrepresented. Where grc uses some common approaches, Steve hypes them into something special, better, more powerful. He does this by renaming things (he calls ICMP and SYN probes nanoprobes, for example, or calls the Net BIOS back end a Hidden Internet Server) or by misrepresenting facts, such as claiming to scan for ports to be "Stealth" where all he can detect is if there is a response and if it's a DROP, DENY or ACCEPT.
* Several scans of the same system failed to yield the same results. That is not even theoretical acceptable. Scans of common ports were completed but the result was displayed wrong, so did the program tell me, my Port 80 (HTTP) was closed or even "stealth", when - in fact - I had a web server running there. It also told me my Net BIOS port was closed or "stealth", when - in fact - I had open shares exposing my whole system to the 'net.