Is it fair to say that the free version of Sunbelt Kerio offers more advanced protection than the free version of ZA?

I have played with both of them and Kerio seems to be more effective for application control i.e. programs launching other programs and also has network intrusion detection which I now understand (from recent posts about the WMF exploit) that the Kerio IDS uses SNORT - is that correct? I'm not technical enough to understand much about SNORT but I have read that it is one of the foremost IDS.

As far as free firewalls are concerned these two are my shortlist. In terms of GUI, useability, system performance and compatibility with my other security apps I like them both pretty much equally, so my decision is based on which offers the strongest overall protection.

I didnt know Sunbelts Kerio was free, thought it was a paid version.

-{ Quote: "I didnt know Sunbelts Kerio was free, thought it was a paid version." }-


There is also a free version, just like when Kerio offered a free and paid. One advantage is that Sunbelt sells the paid version for $19.95 (USD) and until March 31 you can get it for $14.95.

There is info and comparison between free and paid here:

http://www.sunbelt-software.com/Kerio.cfm

For now I would say ZoneAlarm. I first need to see how Sunbelt can keep the development of Kerio PF up. Because maintaining somebody else his program can be really difficult.

(Maybe the develloper comments are even written in Czech, and the Sunbelt company is American.)

-{ Quote: "There is also a free version, just like when Kerio offered a free and paid. One advantage is that Sunbelt sells the paid version for $19.95 (USD) and until March 31 you can get it for $14.95.

There is info and comparison between free and paid here:

http://www.sunbelt-software.com/Kerio.cfm" }-

Ok now my Q here is do you actually download the paid one first and after 1 month that becomes free and some of the options are disabled or somthing like that.

-{ Quote: "Ok now my Q here is do you actually download the paid one first and after 1 month that becomes free and some of the options are disabled or somthing like that." }-

Download Sunbelt Kerio,it is the full version,at the end of the trial period either buy/register or continue with the free version.....just some features stop working.At $14.95 for the full version why not have all the features?

-{ Quote: "Download Sunbelt Kerio,it is the full version,at the end of the trial period either buy/register or continue with the free version.....just some features stop working.At $14.95 for the full version why not have all the features?" }-

I'm interested in free version (of any firewalll) as apart from my own main PC there are 5 other PCs in my household and with that many $14.95 adds up !!

The features that stop working is the web filtering (which I don't use) and the HIPS - which is a nice feature but I am considering KAV2006 when it is released and that has HIPs features anyway - no need to buy HIPS twice !!

-{ Quote: "Is it fair to say that the free version of Sunbelt Kerio offers more advanced protection than the free version of ZA?

I have played with both of them and Kerio seems to be more effective for application control i.e. programs launching other programs and also has network intrusion detection which I now understand (from recent posts about the WMF exploit) that the Kerio IDS uses SNORT - is that correct? I'm not technical enough to understand much about SNORT but I have read that it is one of the foremost IDS.

As far as free firewalls are concerned these two are my shortlist. In terms of GUI, useability, system performance and compatibility with my other security apps I like them both pretty much equally, so my decision is based on which offers the strongest overall protection." }-

To directly answer your question, SB Kerio 4.23 in free mode will offer more protection than the latest release of ZA free. ZA free offers no "advanced" protection at all. SB Kerio free will still offer network and application protection while dropping the HIPS protection as well as web annoyance filtering.

Thanks. I was reasonably sure that it was the case but it's good to have someone else agree.

My experience has been as follows:

1) XP built in firewall has not caused any noticable slowdown
2) Zonealarm Free - Very responsive as well
3) Netveda Safety.net - Also very good

I tried sunbelt's (kerio) firewall and it installs fine, but I notice a slowdown in loading pages, especially graphically intense pages such as Newegg's homepage, etc..

Did not seem bad on resources, but I have two P4's and an AMD machine and all were noticeably slower in loading pages. That said, there are some tweaks as I noticed it had cookie and ad filters, among others. Even after unchecking those, my browsing did not seem as "snappy" as when using the other programs.

By itself, I'd say ZA 6 Free offers more protection b/c of it's HIPS. however, if your going to be using a seperate HIPS then i'd go with Sunbelt free. I've used Kerio in the past and liked it, and never had a problem with browsing slowdown (to the person who had slowdowns, did you make sure to clean out your registry after uninstalling your previous browser? many Firewalls leave behind crap in the registry that can interefere with future firewalls).

-{ Quote: "By itself, I'd say ZA 6 Free offers more protection b/c of it's HIPS. however, if your going to be using a seperate HIPS then i'd go with Sunbelt free. " }-

Are you sure you didn't intervert their name here?? ???

Hi,
Some people mentioned HIPS, IDS, filtering etc.
A firewall is supposed to be traffic and maybe application monitor. It's true test is the quality of closing / stealthing ports, adaptability to a variety of protocols, like ICS on LAN, P2P etc, and the ability to handle heavy traffic.
If you want web-filtering and HIPS, there are better dedicated solutions for that.
If you close your firewall, you lose both firewall, HIPS AND filtering. If you use 3 separate programs (not necessarily with more cpu usage etc), you still have 2 vital protection rings.
Go for ZA free, Proxomitron web-filter and DefenseWall HIPS and you won't be disappointed - very low footprint and excellent defense.
I tried both Kerio and ZA - I think ZA is a bit better - MIND, this is personal opinion. Kerio 4.2 also had a bad start reputation, with bugs and bloats.
Mrk

-{ Quote: "By itself, I'd say ZA 6 Free offers more protection b/c of it's HIPS. however, if your going to be using a seperate HIPS then i'd go with Sunbelt free. I've used Kerio in the past and liked it, and never had a problem with browsing slowdown (to the person who had slowdowns, did you make sure to clean out your registry after uninstalling your previous browser? many Firewalls leave behind crap in the registry that can interefere with future firewalls)." }-

Kerio free (after expiry of full version) does not have HIPS but it does retain its NIPS and application behaviour functions (not to confuse application behaviour with application outbound control) and it is these two functions that ZA does not have in its free version, only its paid-for versions such as Pro or suite.

-{ Quote: "Kerio free does retain its NIPS and application behaviour functions (not to confuse application behaviour with application outbound control) and it is these two functions that ZA does not have in its free version, only its paid-for versions such as Pro or suite." }-

Yep for ZA, but about Kerio, NIPS are exclusive to the paid version :) , you only keep behaviour blocking in the free one.

Cheers,
nicM

-{ Quote: "Yep for ZA, but about Kerio, NIPS are exclusive to the paid version :) , you only keep behaviour blocking in the free one.

Cheers,
nicM" }-


This is not correct.............

http://www.sunbelt-software.com/Kerio.cfm

This page has alist of the features in each version of Sunbelt Kerio

-{ Quote: "This is not correct.............

http://www.sunbelt-software.com/Kerio.cfm

This page has alist of the features in each version of Sunbelt Kerio" }-

Duh, you're right, I did intervert the names, this time ;D : yes, you keep intrusion detection (NIPS, what I did intervert with HIPS), I did post too fast, thinking q1aqza was taking about HIPS. Nips, Hips, damn names...::).

Thanks, and sorry.

@ q1aqza:
you could consider to wait a month and go for KIS2006, you'll have a nice firewall together with that HIPS and IMHO that's the best suite I've ever seen!
Personaly I would go for Kerio too regarding the free firewalls

-{ Quote: "@ q1aqza:
you could consider to wait a month and go for KIS2006, you'll have a nice firewall together with that HIPS and IMHO that's the best suite I've ever seen!
Personaly I would go for Kerio too regarding the free firewalls" }-

I have certanily considered it and have played with the beta versions and was impressed by it, but I'm 90% certain I will renew my KAV 5 licence for KAV2006 (only 90% coz I have the chance of using McAfee Enterprise 8.0 through work) but I'm quite sure I won't upgrade to the suite . I feel there are too many good free firewalls out there (of which ZA and Kerio are my favourites) to warrant paying the extra for KIS2006.

i would say kerio is better ( i use it atm). its very user friendly and at the same time flexible! i've had no problems with kerio so far so its working perfectly. for me, it does use up quite a bit of memory (around 20 mbs) but so does ZA and i dont really mind. anyway i prefered kerio since it provides better protection in its free version and previous use of ZA PRO (latest version) have led so several problems & annoyances...also ZA free has super limited protection as seen here:http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?dc=12bms&ctry=US&lang=en&lid=ho_za

I wouldn't want to run a firewall that apparently phones home without permission

"Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software - even though instructions to contact the servers were set out in the program’s XML code."

http://labnol.blogspot.com/2006/01/zonelabs-zonealarm-internet-security.html

-{ Quote: "Hi,
Go for ZA free, Proxomitron web-filter and DefenseWall HIPS and you won't be disappointed - very low footprint and excellent defense.
Mrk" }-

I have not come across DefenseWall before, but just had a quick look at their site. Just wondering if this would already be covered by BOCLean and PG (paid). Don't really want to add superfluous functions.

-{ Quote: "I wouldn't want to run a firewall that apparently phones home without permission

"Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software - even though instructions to contact the servers were set out in the program’s XML code."

http://labnol.blogspot.com/2006/01/zonelabs-zonealarm-internet-security.html" }-
Yep,that's why I'm here looking around.Tried to stop ZAP from phoning but couldn't,even with the hosts file.

Got a hardware firewall so only really need program control.Will go and have a look at Online Armour.

I tried Sunbelt Kerio over the weekend, and didn't like it. First, I thought that I would be able to try out HIPS, but it was disabled right out of the box...not a big deal since the rest of the experience wasn't great. System resource usage, compared to ZA Free was "pretty bad". I don't have my notes in front of me, but Kerio used twice as much memory (on my system) than ZA Free does. The deal breaker was not being able to pass the Shields Up! firewall leak test. I know $15 is a good deal, but not when it means failure in leak tests AND using more system resources....All in all, it's good to try out different products, but uninstalling ZA Free, installing Kerio, then reinstalling ZA Free was mostly a waste of time for me...

-{ Quote: " First, I thought that I would be able to try out HIPS, but it was disabled right out of the box...not a big deal since the rest of the experience wasn't great. System resource usage, compared to ZA Free was "pretty bad". I don't have my notes in front of me, but Kerio used twice as much memory (on my system) than ZA Free does. " }-

There was probably something wrong with that installation.



-{ Quote: "The deal breaker was not being able to pass the Shields Up! firewall leak test" }-

Here again, there was something wrong with your setup, because Kerio free does block it without a glitch! The full version does even block most of the leaktest , I've just tested it yesterday: the very few to bypass Kerio were only two tests from AWT (thoses using "create thread", giving Kerio 6/10), and DNSTester. With maybe one of the 4 tests included in WallBleaker, but I'm not sure about this result.

Looks like you were running the free version, with something wrong in its settings :)

Cheers,
nicM

-{ Quote: "There was probably something wrong with that installation.





Here again, there was something wrong with your setup, because Kerio free does block it without a glitch! The full version does even block most of the leaktest , I've just tested it yesterday: the very few to bypass Kerio were only two tests from AWT (thoses using "create thread", giving Kerio 6/10), and DNSTester. With maybe one of the 4 tests included in WallBleaker, but I'm not sure about this result.

Looks like you were running the free version, with something wrong in its settings :)

Cheers,
nicM" }-

Well, maybe I'll give it another try...but I didn't change any of the settings after install--HIPS was grayed-out, and when I tried to activate it, I got a message saying it's only available on the paid version. All I did after install was re-boot, and allow access for a few programs, i.e., Firefox, Outlook. Not sure how I would get a faulty install....

It sounds like it was seen as installed previously so the 30 day time trial is considered up so you are stuck with the free version whcih doesn't include HIPS.

-{ Quote: "It sounds like it was seen as installed previously so the 30 day time trial is considered up so you are stuck with the free version whcih doesn't include HIPS." }-

I've never had any previous iteration of Kerio installed on my machine...at least since I reformatted a few months ago....Beyond that, I left everything to default "out of the box" settings & failed the Shields Up! test--I know such tests aren't the end-all, be-all, but I always at least consider such test results when deciding whether to purchase a SW firewall...

You got my interest... I downloaded Kerio 4.2.3, uninstalled my present firewall and installed Kerio. Shields Up gave all stealth on defaults and the HIPS was checked and not greyed out. Application Behavior Blocking is not checked by default. (It listed 29 days left in trial as well on the license page).

Don't know what to say in your case but I'm not sure I would take the time to try it again if you're happy enough with ZA.

-{ Quote: "Beyond that, I left everything to default "out of the box" settings & failed the Shields Up! test--I know such tests aren't the end-all, be-all, but I always at least consider such test results when deciding whether to purchase a SW firewall..." }-

Another thing: you did set it with the "easy" or "quick" mode (don't remember how they call it), during setup, right? that could explain the Leaktest result, you didn't get prompt for leaktest.exe; you should better use it with the "advanced" mode at setup ...if you ever try it again ;) .

Cheers,
nicM

^^Not saying I'm happy w/ ZA....In fact, I was surprised (disappointed) that Sunbelt Kerio didn't live up to expectations. I was hoping it was at least the equivalent of ZA, but it wasn't on my system. Maybe I'll try it again...I mean, all it will cost me is some time.

-{ Quote: "Another thing: you did set it with the "easy" or "quick" mode (don't remember how they call it), during setup, right? that could explain the Leaktest result, you didn't get prompt for leaktest.exe; you should better use it with the "advanced" mode at setup ...if you ever try it again ;) .

Cheers,
nicM" }-

I selected "advanced" mode during install.....

-{ Quote: "I tried Sunbelt Kerio over the weekend, and didn't like it. First, I thought that I would be able to try out HIPS, but it was disabled right out of the box...not a big deal since the rest of the experience wasn't great. System resource usage, compared to ZA Free was "pretty bad". I don't have my notes in front of me, but Kerio used twice as much memory (on my system) than ZA Free does. The deal breaker was not being able to pass the Shields Up! firewall leak test. I know $15 is a good deal, but not when it means failure in leak tests AND using more system resources....All in all, it's good to try out different products, but uninstalling ZA Free, installing Kerio, then reinstalling ZA Free was mostly a waste of time for me..." }-

The combination of Kerio Firewall resource usage and Counterspy's heavy footprint could could result in breathtaking numbers.

-{ Quote: "The combination of Kerio Firewall resource usage and Counterspy's heavy footprint could could result in breathtaking numbers." }-

I uninstalled CS a couple months ago b/c of that...I had it on a notebook w/ a 1.6GHz Pentium M & 2GB of RAM....It was a resource hog..

I recently trialed the new SB Kerio 5 and found that it and KAV 2006 beta do not play together very well. Every time I tried to launch MSN, my computer would crash hard with BSOD saying that the system was shut down for protection.

When I could get Kerio not to crash (by re-installing with the 'recommended' settings), Kerio seemed faster than Outpost Pro which I use now, but KAV and Outpost play together nicer.

Also, I have not found a better ad blocker than the one in Outpost. ZA and Kerio pale in comparision to Outpost in this area.

A good Ad blocker is important to me, but might not be to some in considering a software firewall.

Just my 2 cents.

Chaz.

I found that KAV 6 and Kerio appear to conflict with similar modules - Application Integrity Control in KAV and Application Behavior Blocking in Kerio. One or the other should be on but not both or a BSOD can result at times.

There is a known conflict between Kav and Kerio,and an answer to the problem was posted at the Kerio forum......http://forums.kerio.com/


Sadly Kerio announced this evening that the Forum is being closed as of 27/1/2006 at 5pm pst.

Anyone wanting to take a look at the posts better move quickly.
The messga from Kerio is short and sharp and does not offer forum members any alternative arrangement>:(

Maybe try the Sunbelt Kerio forum at Castle Cops?

http://castlecops.com/f208-Sunbelt_Kerio.html

Wow .. Thanks I was considering an alternative for ZoneAlarm for sometime now. Letme see if this is any good.

Since starting this thread a few weeks ago I have been using Kerio and it has worked flawlessly. It does use a few more MB of RAM than ZA 6 Free but system startup is a bit quicker than with ZA and browsing is not impaired at all - to be fair did not find browsing impaired with ZA either!

I've also tried P2P (EMule) and left my PC running with it for about 36 hours and it worked fantastically, no crashes or lock ups, memory use stayed constant - I'd read somewhere that Kerio can have issues with P2P but I certainly didn't notice anything.

So I have pretty much decided Kerio is now my free firewall of choice.

BTW no one has answered my question about SNORT IDS - I don't really understand what it is but I read somewhere (on Wilders I think) that Kerio uses SNORT - is it true? and if so what does SNORT actually do?

"What is Snort?

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient."

http://www.snort.org/


You can see the basis for the rules under Intrusions-> NIPS Advanced-> Details for each section.

-{ Quote: "Kerio free (after expiry of full version) does not have HIPS but it does retain its NIPS and application behaviour functions (not to confuse application behaviour with application outbound control) and it is these two functions that ZA does not have in its free version, only its paid-for versions such as Pro or suite." }-
Hi q1aqza,

Application outbound control is a feature of ZA free in addition to stealthing all of the ports - it prompts for Deny or Allow.

-- Tom

Comparing free to free , they are both good . Kerio , even in free mode , should do better on leaktests though .

-{ Quote: "Hi q1aqza,

Application outbound control is a feature of ZA free in addition to stealthing all of the ports - it prompts for Deny or Allow.

-- Tom" }-

Cheers Tom, I am aware of ZA's capabilities. What I think you may have not picked up on from my post is that Kerio has application behaviour control, in addition to outbound control. As hollywood said, it is this application behaviour control that (should) give Kerio free better performance on leaktests than ZA free - lets face it ZA free sucks on leaktests but ZA Pro is excellent with them, as is Kerio paid.

-{ Quote: "Cheers Tom, I am aware of ZA's capabilities. What I think you may have not picked up on from my post is that Kerio has application behaviour control, in addition to outbound control. As hollywood said, it is this application behaviour control that (should) give Kerio free better performance on leaktests than ZA free - lets face it ZA free sucks on leaktests but ZA Pro is excellent with them, as is Kerio paid." }-
Hi q1aqza,

Sorry - I mistook the two items referred to as application behavior and outbound control rather than NIPS and application behavior - mea culpa!

-- Tom

I thought that I had posted to your question. I guess not...

I really like Kerio 4.2; unless you are pretty astute at writing rules, you may want to read the thread linked below and import the BZ rules set. These are the rules that all of the 2.x Kerio devotees came up with. On my installation, there was one rule that did not apply or did not work, I just had to delete it. Once you get the apps. set up, and the rules going, you can uncheck the predefined rules that 4.2 comes with.

When this thread was originally posted, Kerio 4.x was buggy. Good now, but remember that the guy that made the rules was disgusted with Kerio's buggy 4.x when he and many like the 2.x firewall so much.

link:
http://www.dslreports.com/forum/remark,8023708~mode=flat