Y
D
DC
Blinky said:
With a name like that, I'll bet there's a 5 drink minimum, too. }%OD
S
Steve H
Indeed they are - for me it's enough to simply see which app is logged
on.
As far as I can see there only one 'exploit' listed ( shell exploit ),
the rest of the features seem to be concerned with AOL features,
network enhancements and interface tweaking.
This is essentially its weakness, plus the issue of programs
masquerading as allowed applications.
I think ZA sets a nice balance between a reasonable amount of
protection and ease of use - providing you're aware of its
shortcomings.
Looks complicated! How much of a risk are they to me ( in simple terms
)?
Regards,
M
Mel
YK said:
I have tried an earlier Kerio V4 beta, The user interface reminded me
somewhat of Zonealarm's, although slightly better.
Apart from that it looked promising
), (being a beta it left a port openand needed help uninstalling so I didn't keep it too long).
I understand Kerio abandoned development on the earlier Kerio V3.0
and moved on straight to V4.
Does anyone know if Kerio plan to release V4 with the same terms as
the current version - i.e. free for personal use?
A
Aaron
Actually, they are working on a completely new version. There was a 3.0
beta series but that was stopped. Currently ,they are working on the 4.0
series and are up to beta 7.
Aaron
A
Aaron
Are you telling me you are trying to use it exactly like in ZA free? You
let kerio tell you when a app is trying to connect outwards and you then
allow it to go outwards without specifying either ip address or port
number? And would a newbie know what "server" rights in ZA translates to
in Kerio terms?
That MIGHT work, altough, ZA being a application based firewall is far
more suitable for that, as compared to a rule based firewall. (I used to
think that a rule-based firewall was far superior to a app based
firewall, but I understand the former has some advantages.)
I'm not sure how you can figure out whether to allow ICMP pings, which I
think ZA handles automatically? Do you use proxomitron or something
similar? That adds another complication together with Kerio, wrongly
configured it will almost totally defeat the purpose of using a firewall
for outbound filtering.
Unfortunately, in many cases ignorance is not bliss.
Anyway The 2 major features added are
IDS
"Application firewalling" -to guard against leak tests.
The latter is similar to what the newer Tiny (which intergretes TTT)
already has, and controls what processes can run, and what they can
spawn/open. Technically not the job of a firewall but necessary to defeat
leak tests. If you use SSM (sam-security monitor) you will have an idea
of how it works.
Not strictly necessary, but they will borther the heck out of you each
time any process starts on your computer. This is far worse since this
occurs a lot more then when any proccess merely connects outwards.
I can forsee, people just clicking yes for everything.
Aaron
M
Mel
Steve H said:
The Zonealarm release history seems a bit vague on exploit fixes but
"Advanced Hardening of Operating System & NetworkVulnerabilities"
looks significant to me.
As long as you completely avoid any dubious software, Trojans etc - None whatsoever.
(unless there are any inbound ZA issues - which I'm not aware of)
However in the past I have installed several apparently nice freeware utilities
which (even after a scan with Ad-aware etc) my firewall has caught unexpectedly
trying to send out data.
Catching spyware was the main reason I started using Zonealarm in the first place,
and if I'm going to the trouble of running an app to provide some security, I want
the best possible for the money
The "Outbound" type issue looked very serious to me, by using low level access a
Trojan could completely bypass a vulnerable firewall.
See -
http://www.pcflank.com/art21.htm
J
John Fitzsimons
< snip >
Thanks John.
A
Aaron
I'm actually talking about the firewall ips blocked. Those are extremely
troublesome to remove. You could disenable the firewall temporarily, but
that defeats the purpose of using a firewall. Removing a specific entry
takes about 4-5 clicks minimum.
Aaron
B
Blinky the Shark
Ah! I thought it was about the third-party hosts files, like Martin's.
Gotcha. I never blocked sites with my firewall unless I caught them
myself (unlike with the the hosts file).
G
George
If it ain't broke then why fix it ?
Because as time goes by bugs or actual problems with the original
"engine," may come to light that would make the old version a security
risk. If I remember correctly this did happen recently with ZoneAlarm.
D
donut
Old thread - I know. Kerio is mature software. It is still patched if any
issues come up, but the last one was over a year ago.
D
donut
Yet, others are perfectly happy to accept ZA, even though they have no clue
what the firewall is passing and what it isn't, or what that strange module
might be doing in the background. The argument doesn't make sense in this
light.
I use Sponge's level 3 ruleset. The only changes I make are adding rules
for software that I use, and turning off the popup boxes in favor of
logging.
Very easy to turn the Microsoft rules on and off as needed. I guess it all
boils down to whether you trust Uncle Billy or not. I don't.
Most of the disallow rules in Sponge's set are for ad and spyware. You
might be very surprised at what sites have Gator or Alexa on them, or are
loaded with adware. You'll find out soon enough if you run Kerio with
Sponge's Level 3 ruleset.
D
donut
L
Leo R.
Thanks for that, will go and have a look
TTFN
leo
TTFN
leo
A
Aaron
Actually i'm not sure what argument you are making, since we are talking
about kerio not ZA free for newbies.
All i can say is, i tried a early version of sponge's list and there were
a few errors in his list which i reported (and he acknowledged). The
setup was also fairly specific for his setup and i had to modify it quite
a bit. After a while i got tired of just scrolling through pages and
pages of his list to unblock a certain site, because he seemed to block a
lot of sites.
But if you know what you are doing and it works for you , i have no
problems.
If you use windows , you got to trust MS. Or do you think you can surivie
without the critical updates just using the firewall all the time?
I did. And i surf to such sites all the time, without getting infected
with Gator,Alexa etc and guess what? most people are immune too (if you
are running some heavy duty sponge fw list, the chances that you wont be
protected again such obvious tricks is close to zero)
If you are doing this as some kind of social protest of course then it's
a different matter, but security wise such sites are harmless if you take
precautions.
Some sites were totally innocent but were caught by the broad range of
his ips rules. You really need to update quite often and I find the
security gain (over other apps like spywareblaster,proxomitron,
spybot,hosts etc) is really pretty insignificant for the trouble.
But then again, who am i to argue against a usenet security demigod like
sponge?
Aaron
A
Aaron
Er, no. The latest update 2.15 was in June 2003, abt 2-3 months ago.
Aaron
J
John Corliss
Aaron said:
That was my point.
I agree. At any rate, I rarely use betaware.
D
donut
I think the new beta is something completely different from Kerio Personal
Firewall. My understanding was they were going to develop a firewall with
sandboxing capability. I'm not involved in beta testing this one, as I was
in KPF, but from what I see they are having a lot of problems with it.
A
Aaron
How many users would use kerio with sponge's list AND wouldnt have used
spybot S&D and/or spywareblaster? I submit this number is very very
small, almost zero.
If we are talking about casual users and spyware, i would recommend
spybot and spywareblaster rather then recommending sponge's list with
kerio which at best is a overly complicated way and not too reliable way
of fighting spyware and at worse leads to additonal complications. Asking
a casual user to start with a rule based firewall like kerio is asking
for trouble.
Spybot s&D, adaware at least works like a AV which most people are
familar with. Using a rule based firewall with a long list of blocked ips
is not what most casual users would be ready for at first.
My argument is as follows
1) Casual users wont benfit much from Sponge's list since there are more
direct and easier ways of handling spyware.
2) An "expert user" who is loaded up with the usual protective gear,
wouldnt be troubled at all by websites that tried to peddle such wares.
So any gain from using Sponge's list is minimal.
The paranoid of course could and would use sponge's list.
Relevance? A firewall without Sponge's list would have informed you
something is amiss as well.
IMHO, sponge's list might be useful in that if any spyware tries to phone
home, the rules could trigger telling you specifically where it was going
to. But of course you could do a reverse dns lookup anyway yourself.
But when sponge's list blocks websites from displaying that are
essentially harmless when you are well protected, it's value is much
less.
Aaron