Sygate Firewall

  • Thread starter Thread starter Richard Steinfeld
  • Start date Start date
sabato 15/mag/2004 _scroob_ ha scritto:


Why? ISTM it's working well in my Win XP Home ed.
Click to expand...

Some, but very few XP users have found crashes with Kerio - one
installation I had problems with - and even reinstalling XP made no
difference.

It works for me now, but have gone back to sygate as I find it easier
to configure

cheers
 
Am I the only person on this board using Sygate firewall?
I'd appreciate a few others chiming in with articulate
descriptions of their experiences.
Otherwise, I feel like a wolf howling alone in the night....
"Ahooooooooooooo. Ahoooooooowooooooo."

Richard
Click to expand...
Good firewall though not recommended if you use any software that acts like
a local proxy like proxomitron ,naviscope,webwasher etc as it has the
problem of allowing any process on your system to use the proxy (and
therefore its ruleset) to send traffic out.An example of this is if you use
AVG antivirus and a local proxy , then sygate WILL NOT attempt to block the
outgoing avginet.exe command , which in my opinion is a major problem that
could possibly be exploited.As far as i know sygate has not fixed this
problem.
me
 
| On Fri, 14 May 2004 09:09:32 +0100, Steve
<[email protected]>
| wrote:
|
| I see little difference in Sygate Personal and Kerio 2.1.5. I
like them
| about equally, but use Kerio right now.
|
| Bob
|

One profound difference between them is direct usability. Sygate
allows a novice end user to easily set up his own rules. It
displays which application on your box is phoning out. Sygate
also displays a more meaningful URL of the traffic's other end
(not just the "true" URL, which is just a bunch of numbers), and
has seamless traceroute and whois functions. In other words, it
allows you to almost instantly find out who's probing you.

I'd say that the difference between the two programs is profound!

But is Sygate spyware???
Click to expand...

A major difference that is perhaps not apparant, yet which really makes a
difference for security is the loopback problem in Sygate. AFAIK it still
isn't fixed and yet as major security implications if you are using a
local remote web proxy like Proxomitron.



Richard
Click to expand...



Aaron (my email is not munged!)
 
sabato 15/mag/2004 _Alastair Smeaton_ ha scritto:
Some, but very few XP users have found crashes with Kerio - one
installation I had problems with - and even reinstalling XP made no
difference.

It works for me now, but have gone back to sygate as I find it easier
to configure
Click to expand...

Thanks, Alastair.
You make me desirous to try Sygate :)
 
Good firewall though not recommended if you use any software that acts
like a local proxy like proxomitron ,naviscope,webwasher etc as it has
the problem of allowing any process on your system to use the proxy
(and therefore its ruleset) to send traffic out.An example of this is
if you use AVG antivirus and a local proxy , then sygate WILL NOT
attempt to block the outgoing avginet.exe command , which in my
opinion is a major problem that could possibly be exploited.As far as
i know sygate has not fixed this problem.
me
Click to expand...

I'm afraid you are correct bassbag.
I've collected this info from Sygate forum's

When will SPF support the ability to control application access to "local
proxy"

With the current SPF 5.x architecture, support for the loopback adapter
or "local proxy" does require major changes to one of the core product
engines. This is considered a high risk fix with both high development
costs and resource requirements. However, be assured that we are making
progress towards addressing the local proxy issue. Sygate apologizes for
the delay but has chosen the path towards fully addressing the issue,
rather than issuing a patch or partial fix.

I don't use any proxy and therefore I cannot test this myself but
how about in your AVG example, create a rule that prevents your proxy
from accessing AVG servers?
I think that you could check your log for invalid traffic and add a rule
that prevents your proxy from doing that. Just a thought...

Also, when you say Sygate's good but not recommended when you use a
proxy, what firewall do you recommend instead?
I'm not switching but I really would like to know your opinion.

Thanks bassbag for pointing the local proxy issue.
 
I'm afraid you are correct bassbag.
I've collected this info from Sygate forum's

When will SPF support the ability to control application access to "local
proxy"

With the current SPF 5.x architecture, support for the loopback adapter
or "local proxy" does require major changes to one of the core product
engines. This is considered a high risk fix with both high development
costs and resource requirements. However, be assured that we are making
progress towards addressing the local proxy issue. Sygate apologizes for
the delay but has chosen the path towards fully addressing the issue,
rather than issuing a patch or partial fix.

I don't use any proxy and therefore I cannot test this myself but
how about in your AVG example, create a rule that prevents your proxy
from accessing AVG servers?
I think that you could check your log for invalid traffic and add a rule
that prevents your proxy from doing that. Just a thought...

Also, when you say Sygate's good but not recommended when you use a
proxy, what firewall do you recommend instead?
I'm not switching but I really would like to know your opinion.

Thanks bassbag for pointing the local proxy issue.
Click to expand...
Its probably easy to create rules to stop packets to/from known addresses
however many update components such as avgs avginet.exe conect to akamai
servers and change frequently.Obviously i wouldnt want to block "good"
programmes like avgs updater but it does illustrate the point .I cant really
advise you on what to use as diferents setups behave differently .I use
outpost pro which isnt free.There is a free version which works very well on
my 98 system however it doesnt support ics sharing.Out of the free firewalls
i.e outpost version 1 , kerio , zonealarm , i believe sygate is the only
firewall with the loopback issue (which isnt an issue if you dont use any
local proxy programmes).I would suggest to try each of them and see which
you like best and most suits your needs.
me
 
Am I the only person on this board using Sygate firewall?
I'd appreciate a few others chiming in with articulate
descriptions of their experiences.
Otherwise, I feel like a wolf howling alone in the night....
"Ahooooooooooooo. Ahoooooooowooooooo."

Richard
Click to expand...

Tried it once. Didn't really like it much. Went back to ZoneAlarm.
 
"Aaron" <[email protected]>

| "Richard Steinfeld" <[email protected]>
|
| >
| > "Bob Adkins" <[email protected]>

| > <[email protected]>
| >| wrote:
| >|
| >| I see little difference in Sygate Personal and Kerio 2.1.5.
I
| > like them
| >| about equally, but use Kerio right now.
| >|
| >| Bob
| >|
| >
| > One profound difference between them is direct usability.
Sygate
| > allows a novice end user to easily set up his own rules. It
| > displays which application on your box is phoning out. Sygate
| > also displays a more meaningful URL of the traffic's other
end
| > (not just the "true" URL, which is just a bunch of numbers),
and
| > has seamless traceroute and whois functions. In other words,
it
| > allows you to almost instantly find out who's probing you.
| >
| > I'd say that the difference between the two programs is
profound!
| >
| > But is Sygate spyware???
|
| A major difference that is perhaps not apparant, yet which
really makes a
| difference for security is the loopback problem in Sygate.
AFAIK it still
| isn't fixed and yet as major security implications if you are
using a
| local remote web proxy like Proxomitron.
|

Hey, Aaron,

Please explain "the loopback problem" in detail, and "and yet as
major security implications..." I'd like to know what you're
talking about. Really.

I do get interference between the two programs, although I'm not
aware of any security breach as a result. The observable effect
is almost rhythmic hard disk "blipping." It would be good to know
exactly what the issues are. I'm using Windows Me (soon to
"graduate" to XP).

The reason is simply that Proxomitron is one of those
masterpieces of small programs that some of us (me!), once having
felt the serenity of its benefits, find it hard to live without.
So, it comes down to a choice, I think: do I give up Proxo, or do
I give up Sygate?
What then? The free Agnitum Outpost? I see even less traffic on
this board for that than for Sygate!

Richard
 
| Richard Steinfeld wrote:
| > Am I the only person on this board using Sygate firewall?
| > I'd appreciate a few others chiming in with articulate
| > descriptions of their experiences.
| > Otherwise, I feel like a wolf howling alone in the night....
| > "Ahooooooooooooo. Ahoooooooowooooooo."
| >
| > Richard
|
| Richard...if it works for you keep it. I heard great things
about it (over
| ZA at the time, and installed it). It worked great for about a
year (that
| was on Win 98). Then I stopped being able to get to the
internet. Very
| important in my life. ;) Played around and the only solution
was to stop the
| firewall to get to the internet and of course that wouldn't do.
So at the
| suggestion of some I installed (at the time Kerio 2.1.4)...this
was still on
| Win 98. In April of last year I bought and installed XP home
and just
| re-installed 2.14. Soon thereafter I think they came out with a
small
| security patch and it became 2.1.5, which I've got today.
|
| I should explain I'm no expert, one is as good as the other but
since Sygate
| had problems (maybe my mix of software, maybe not), but Kerio
had none of
| that on two os's so far, so I'm sticking with that. AFAIKT
Sygate is
| probably fine, I just had problems with it. That's kind of the
way with
| software. If you're thinking of switching I'd also recommend
yosponge's
| page, I don't have a link but I think if you type yosponge into
Google or
| Yahoo you'll find it.
|

Sponge provides a really great service, especially for novices.
He writes nicely, too, so people can learn from his pages. My
hat's off to him.

But Sponge's site is wrapped around Kerio. There's nothing there
about other firewall tools. If I use Kerio, I have to either
become a raving expert with all that expertise entails, or depend
on Sponge for his fine default files. The thing that I found so
good about Sygate is that the user can build his own ruleset
without having to be an expert in the first place. It's also very
logical to use, the opposite of much softeware, both commercial
and free.

And what about Agnitum Outpost?

Richard
 
| sabato 15/mag/2004 _Alastair Smeaton_ ha scritto:
|
| > Some, but very few XP users have found crashes with Kerio -
one
| > installation I had problems with - and even reinstalling XP
made no
| > difference.
| >
| > It works for me now, but have gone back to sygate as I find
it easier
| > to configure
|
| Thanks, Alastair.
| You make me desirous to try Sygate :)
| --
| Maria Luisa C - 15/05/04 19.44.27

But there's still that nagging issue of some sort of
incompatibilty between Sygate and The Proxomitron. Proxo has
restored a lot of sanity to my life by blocking most forms of web
advertising: knocks 'em dead.

Richard
 
| >> Am I the only person on this board using Sygate firewall?
| >> I'd appreciate a few others chiming in with articulate
| >> descriptions of their experiences.
| >> Otherwise, I feel like a wolf howling alone in the night....
| >> "Ahooooooooooooo. Ahoooooooowooooooo."
|
|
| Nope! Not at all. I use it too... Ahooooooooooooo.
Ahoooooooowooooooo.
| LOL

Wanna sing duets?

| > I've been using Sygate personal for the last 6 months or so &
am very
| > happy with it. One of the best things about it is that you
can save
| > the traffic/security logs, or copy & paste blocks of them
into a
| > document. I've caused a few port scanners originating from
my own
| > ISP to have their accounts terminated recently by sending the
details
| > to abuse (I really, really hate that red icon that starts
flashing in
| > my system tray when somebody's tried to scan me - at least it
proves
| > that the firewall is working & to be sure it can be fully
tested at
| > the Sygate site to verify).
| >

Yes.
I got one ISP in Alaska to suspend one of his subscribers with an
infected computer by sending him a Sygate log (cut/paste in this
case). Sygate facilitates taking various forms of action. Kerio
just won't make this easy!

|
| One thing that I would like to ask: is there any way to export
the traffic
| log well formated? The columns don't get well aligned in the
end.
| Also, is there a way to export just some fields and select only
one
| type of traffic at a time to export?
|

It is possible to rearrange the fields onscreen, then cut/paste
the desired range into an email.
There are certain settings that can be changed regarding what's
displayed in the logs. I doubt htat what you want is possible,
but you may want to take a look. Having said that I like the
Sygate interface, there are parts of it that aren't as logical
and easy as others. Overall, I'd say that it's a good job.

| One thing that I dislike is that the name of the rule on the
logs appears
| as something like normal_1xx starting from 100.
| It would be nice to call them (and easier to read) what I've
inserted in
| the rule description.
|
| Apart from that, Sygate's a very good firewall and I think I'll
never
| switch to other. As soon as you figure how to work with rules
which btw are
| very easy to create, you don't want anything else.
|

There are also custom rules that can be created; that's when
things get really, really cool. I believe that the free version
limits these to 20, but I have only set up three, if I recall. I
haven't seen any need to add to them.

One thing that's especially useful is that in the main
application-related list, you can choose from three settings for
each application: "Allow," "Block," and "Ask." This last one is
very beneficial. For example, I keep a tight rein on connecting
to sites when downloading Real Networks streams. The URL at the
other end is presented in this window as a plain "English" URL
(not a cryptic number, the way Kerio displays in its listings).
So, if you ask a site to download content and you're diverted to
a Real Networks site, you can kill that connection pronto. Like I
said, very very useful.

| Well, a freeware alternative to SPF Pro with all the features
and as safe
| as SPF Pro could make me think, I guess... :)
|
| A big Ahooooooooooooo. Ahoooooooowooooooo to all the fans and
users of
| Sygate out there.
|

Ahooooooooooooo. Ahoooooooowooooooo. Yip yip yip,
Ahooooooooooooo!

However, I'm sorry to put a wet blanket on this. You see, I used
to think that I'd buy the program (I didn't know about the free
alternative). I was using a crippled Sygate rendition included
with System Suite and wanted the "real thing." It was obvious
that this program was powerful and cool, but the only rules
possible in that "flavor" were application-based: no custom
rules.

You buy their program and Sygate then charges 75 bucks to talk
with you on the phone. If I pay money for a security package (or
for any program, really) I damn well need to have them available
on the phone in case my computer is so screwed up that I can't go
on line. All the free email support isn't worth Jack S**t if you
can't boot! What's even more astounding is that virus companies
don't know this. I mentioned this to one of them and they went,
"My god, we never thought of this!"

Richard
 
"Aaron" <[email protected]>

| "Richard Steinfeld" <[email protected]>
|
| >
| > "Bob Adkins" <[email protected]>

| > <[email protected]>
| >| wrote:
| >|
| >| I see little difference in Sygate Personal and Kerio 2.1.5.
I
| > like them
| >| about equally, but use Kerio right now.
| >|
| >| Bob
| >|
| >
| > One profound difference between them is direct usability.
Sygate
| > allows a novice end user to easily set up his own rules. It
| > displays which application on your box is phoning out. Sygate
| > also displays a more meaningful URL of the traffic's other
end
| > (not just the "true" URL, which is just a bunch of numbers),
and
| > has seamless traceroute and whois functions. In other words,
it
| > allows you to almost instantly find out who's probing you.
| >
| > I'd say that the difference between the two programs is
profound!
| >
| > But is Sygate spyware???
|
| A major difference that is perhaps not apparant, yet which
really makes a
| difference for security is the loopback problem in Sygate.
AFAIK it still
| isn't fixed and yet as major security implications if you are
using a
| local remote web proxy like Proxomitron.
|

Hey, Aaron,

Please explain "the loopback problem" in detail, and "and yet as
major security implications..." I'd like to know what you're
talking about. Really.
Click to expand...

Basically if you run any local web proxy like proxomitron, webwasher,
some adblockers etc, any other app can now access the net via loopback
without alerting you. I have mentioned this a few times on this group,
and lots of others have mentioned this on the www and even on sygate's
own forums.

With kerio, with specially crafted rules, you can avoid this.
I do get interference between the two programs, although I'm not
aware of any security breach as a result. The observable effect
is almost rhythmic hard disk "blipping." It would be good to know
exactly what the issues are. I'm using Windows Me (soon to
"graduate" to XP).
Click to expand...

No idea, don't use ME.


The reason is simply that Proxomitron is one of those
masterpieces of small programs that some of us (me!), once having
felt the serenity of its benefits, find it hard to live without.
So, it comes down to a choice, I think: do I give up Proxo, or do
I give up Sygate?
Click to expand...

It's not a specific problem with proxo, if you use Privoxy or even some
popupblockers you will have the same problem.


What then? The free Agnitum Outpost? I see even less traffic on
this board for that than for Sygate!
Click to expand...

So what? As good as this group is, most people here (myself included) are
not really qualified to rate how good security related apps are.





Richard
Click to expand...



Aaron (my email is not munged!)
 
One profound difference between them is direct usability. Sygate
allows a novice end user to easily set up his own rules.
Click to expand...

Amen... could never get the hang of Kerio ( it was my first try, i'm
new to this firewall stuff ). Sygate is so much easier It does not
matter how good a program is if you cannot use it.

Sygate I can leardn to run without a doctorate in rule formulation.
 
I've been using it for a bit but Spybot S&D 1.3 seems to break it in so
much that it "forgets" program permissions.
Click to expand...


No problems here, I use both... but, I'm a novice with Sygate
 
message
| | >
| > in
| > message
| > | | > | > Am I the only person on this board using Sygate firewall?
| > | > I'd appreciate a few others chiming in with articulate
| > | > descriptions of their experiences.
| > | > Otherwise, I feel like a wolf howling alone in the
night....
| > | > "Ahooooooooooooo. Ahoooooooowooooooo."
| > | >
| > | > Richard
| > | >
| > | I have posted this before, but here it is again.
| > | I stopped using Sygate because I kept getting a message
from
| > Sygate that
| > | read: "Port Scan Allowed".
| > | One morning, in the span of a half hour, Sygate reported 31
| > Port Scans that
| > | they allowed.
| > | Lou
| > |
| >
| > I've never had this experience in over a year of using two
| > different versions of Sygate Firewall. That's got me
wondering if
| > you had accidentally changed a setting in the program or set
up a
| > rule to allow the scan. Just a thought.
| >
| > Richard
|
| I never changed a single thing when I installed Sygate.

Perhaps that's the reason why scans are getting through. Let me
suggest that you study this app a bit. I think that you may find
it very easy to set up. When things happen that the program
doesn't know, it asks you for a "yea," "nay," or "ask me." I have
a hunch that you once, in a moment of idlebrainedness, allowed a
"yea" rule to be set up.

Richard
 
Its probably easy to create rules to stop packets to/from known
addresses however many update components such as avgs avginet.exe
conect to akamai servers and change frequently.Obviously i wouldnt
want to block "good" programmes like avgs updater but it does
illustrate the point .I cant really advise you on what to use as
diferents setups behave differently .I use outpost pro which isnt
free.There is a free version which works very well on my 98 system
however it doesnt support ics sharing.Out of the free firewalls i.e
outpost version 1 , kerio , zonealarm , i believe sygate is the only
firewall with the loopback issue (which isnt an issue if you dont use
any local proxy programmes).I would suggest to try each of them and
see which you like best and most suits your needs.
me
Click to expand...

I think the issue is not the address being changed frequently but the
range of their ip's being large.
My rules for MSN/ICQ are good examples.
207.46.104.20-207.46.108.254,
64.4.13.30,65.54.179.192,65.54.183.192,
65.54.225.240-65.54.231.254
etc... bla bla bla
Just keep adding more and more ip's to the rule :)

Sygate has the loopback issue but hey...no firewall is perfect.
The others have some issues too. Check secunia for this.

If you keep and eye on your logs/rules and
check your system online on sites like
http://scan.sygate.com/
http://www.grc.com/
once in a while, then I think you're in a good way to
ensure some protection on your system.

But who am I to give advices on this matter?

Thanks bassbag for the recomendations. I'll have a look.
 
Back
Top