I would like to know if anyone that uses SPF Free or Pro have ever been hacked, the reason is - that there are not a lot of forums that have many people claiming to have been hacked, is this because it is really that solid a firewall or is it not getting used that much, and also how does it compare to the rest.

Thanks

Hey manythanks

The issue is normally with improper user-configuring…

Regards,

So the issue is not that the firewall is weak but of a user granting incorrect rules or apps.

Thanks

I'm curious to know if SYGATE PF5.0 b1175 has some serious and known vulnerabilities, assuming that my configuration is ok.

I would also like to understand why at the wilders freetool page the sygate pf has lost the 5 stars.

I suspect that SYGATE PF has some vulnerabilities. No software is perfect. It is important to know such a thing.

Yeah, I'd like to know to, I use Sygate :-\

gerico: I see 5 stars at Wilders for sygate's free firewall: http://www.wilders.org/firewalls.htm

I wonder how people turn the lack of reports of being hacked while using Sygate into a suspicion that Sygate is not a secure firewall? Perhaps instead the lack of such complaints is evidence that it is secure. Sygate's a popular firewall and many people prefer it to ZoneAlarm another popular firewall.

The only potential issue I'm aware of with Sygate (that I've not heard has been addressed to date anyway) is that when using a local proxy server (like Proxomitron, WebWasher, AdSubtract which are web/ad/popup filtering apps) on outgoing it is possible for other programs to piggyback on the local proxy connection and thus evade the firewall, in a manner of speaking.

Again, this is on outgoing only when using a local proxy app and is potentially only an issue if someone downloads a trojan and if it manages to make an outbound connection through the local proxy without the firewall noticing it.

That said, I know people who use such local proxies with Sygate and have never had a problem.

Also, like ZoneAlarm, Sygate can give or not give server rights to an application, or so I am told. Unless an app requires internet server rights to function, it should not be allowed internet server rights. So that's a potential area where a user might misconfigure either ZoneAlarm or Sygate. But that's a user issue, not an inherent problem with the firewall itself.

I believe Sygate has support forums, does it not? Why not check them out if you haven't already and see what users are saying about their experiences?

Yeah, I'll check out there forums :p

gerico and Comp01

As sig mentioned, the only thing to be aware of with Sygate is that loopback traffic is hardcoded, so users of software proxies should keep this in mind. And all application rules should be checked to make sure they do not have server rights (allow inbound).

There are no major vulnerabilities with Sygate that I am aware of.

Regards,

CrazyM

I dont use a proxie so, meh... and never allow anything for server rights (Although i never got a prompt for it) the only things I have allowed for internet is MSN messenger, Trillian, mIRC, my email client, and iSP software, all my update feature (for antivirus, adaware, spybot, etc) are on 'ask' so... I feel relatively safe, safer then if I had no firewall..

Hi Comp01

In regards to server rights, have you checked your rules? Sygate used to allow server rights by default. Not sure if that has been corrected.

Regards,

CrazyM

It still gives all apps server rights, but if you are aware of this it can be corrected by the user so it is not a major prob. The reason I ask the original question is that you always hear about Symantec or Zone Alarm having a hole or something wrong but never Sygate.

Thanks

-{ Quote: "It still gives all apps server rights, but if you are aware of this it can be corrected by the user so it is not a major prob. " }-
Hmm.. How would I correct such a problem? lol

By disabling server rights.

-{ Quote: " quoting: manythanks link=board=23;threadid=14113;start=0#msg89693 date=1064432893]
By disabling server rights.
" }-

Got any screen shots of that to maybe help Comp01 in where to look?

Getting hacked by far is due mostley to loose rules and not understanding how to set up your filewall to your needs. I have done lots of reading in the last few months and am still learning, but thanks to CrazyM and BlitzenZues I have become more compitaint in making rules and understanding them.

I can say this.. for a beginner it is probably best to get a Permit/Deny firewall up and running like ZA free untill you understand and are comfortable with making rules of your own. :P

~FIREDANCER~

Go here http://home.bellsouth.net/p/s/community.dll?ep=16&groupid=60610&ck=&userid=1&userpw=.&uh=1,0, King's website you will find all the info you need, sorry I cant give any info on how to disable server rights I cant remember myself (using ZAF) but soon to change back to SPF Free - I think you go APPLICATION, SELECT APPLICATION, ADVANCED, DISABLE SERVER RIGHTS. Hope this helps.

Thanks

Tools-> applications-> advanced-> disabled server rights. I have a q? y would a programe need server rights? all mine by default have server rights but do they need them and if so under what cirumstances (updateing versions or patches?).

-{ Quote: " quoting: BWMerlin link=board=23;threadid=14113;start=15#msg89735 date=1064462322]I have a q? y would a programe need server rights? all mine by default have server rights but do they need them and if so under what cirumstances (updateing versions or patches?)." }-

"Server rights" (as the term is used today in a few software firewalls), if allowed means that the firewall will allow unsolicited inbound connections to ports that an application is listening on. Most of the network aware programs you are probably using won't require server rights because they aren't server applications.

An example of a true server program is a webserver. It would run on your system and most likely listen on TCP port 80. If you are providing that webserver to people out on the Internet, then you would want to allow unsolicited inbound connections (for them to be able to browse your website). So, you'd allow server rights for that application.

Client programs such as your email or browser applications don't need server rights, they need outbound access permissions to go get things from the Internet. So, no, in most cases you don't want to give programs server rights. In fact, even if your firewall pops up an alert saying a program wants server rights, start by blocking it and see if the program (and your system) works okay without those rights. If something doesn't need that type of access don't give it.

As an additional point of information, on my system I have 51 programs in my software firewall's application list, not one of them, including some Windows core components, have server rights allowed.

Yeah, I always wondered how secure Sygate is, though, (In example, is it like Spyware? or something? :-\) but I guess its secure, I've passed Shields up, and Symantec.com's tests, with it, and now that I know how to disable server rights :-\

Sygate is extremely vulnerable, it has been totally inactivated on my pc, but also when it worked it was leaky, I made some port/trojan tests and it was open like a huge door, another firewall warned me but sygate did nothing, you can easily go through it as it wouldn´t be there.

-{ Quote: " quoting: LowWaterMark link=board=23;threadid=14113;start=15#msg89868 date=1064519294]
-{ Quote: " quoting: BWMerlin link=board=23;threadid=14113;start=15#msg89735 date=1064462322]I have a q? y would a programe need server rights? all mine by default have server rights but do they need them and if so under what cirumstances (updateing versions or patches?)." }-

"Server rights" (as the term is used today in a few software firewalls), if allowed means that the firewall will allow unsolicited inbound connections to ports that an application is listening on. Most of the network aware programs you are probably using won't require server rights because they aren't server applications.

An example of a true server program is a webserver. It would run on your system and most likely listen on TCP port 80. If you are providing that webserver to people out on the Internet, then you would want to allow unsolicited inbound connections (for them to be able to browse your website). So, you'd allow server rights for that application.

Client programs such as your email or browser applications don't need server rights, they need outbound access permissions to go get things from the Internet. So, no, in most cases you don't want to give programs server rights. In fact, even if your firewall pops up an alert saying a program wants server rights, start by blocking it and see if the program (and your system) works okay without those rights. If something doesn't need that type of access don't give it.

As an additional point of information, on my system I have 51 programs in my software firewall's application list, not one of them, including some Windows core components, have server rights allowed.
" }-

So would i have to give a game sercer rights if i wanted to host it because the players would need to contact me for map info etc.

-{ Quote: " quoting: BWMerlin link=board=23;threadid=14113;start=15#msg89959 date=1064549584]So would i have to give a game sercer rights if i wanted to host it because the players would need to contact me for map info etc." }-

Yes. A game server is a good example of a type of server application you would run on your system to which you'd want to allow unsolicited inbound connections from the Internet. Allowing server rights is what let's people initiate on their own the connections from their game client into your game server.

MEGA: If Sygate is rules based (as it sounds like it is) then it's only as secure as the user's rules allow it to be. So I'm just guessing (since I haven't heard such comments from fairly adept Sygate users) that your rules sets were not tight and needed better configuration.

As previously mentioned, rules based firewalls require more user proficiency and input to be secure than simple application based firewalls such as ZA.

Yeah, also, should I disable "act as client" ? and is it safe to disable it when in screensaver mode?

-{ Quote: " quoting: sig link=board=23;threadid=14113;start=15#msg89972 date=1064554284]
MEGA: If Sygate is rules based (as it sounds like it is) then it's only as secure as the user's rules allow it to be. So I'm just guessing (since I haven't heard such comments from fairly adept Sygate users) that your rules sets were not tight and needed better configuration.

As previously mentioned, rules based firewalls require more user proficiency and input to be secure than simple application based firewalls such as ZA.
" }-

Sygate is a rule and application based firewall so yes and no

-{ Quote: " quoting: MEGAFREAK link=board=23;threadid=14113;start=15#msg89934 date=1064541019]
Sygate is extremely vulnerable, it has been totally inactivated on my pc, but also when it worked it was leaky, I made some port/trojan tests and it was open like a huge door, another firewall warned me but sygate did nothing, you can easily go through it as it wouldn´t be there.
" }-

Could you please post here some detailed examples of the tests you've done with SPF?
I would like to know if SPF is really vulnerable or not.
Thanks!

sig, maybe you are right or maybe you are wrong,

if you install a firewall: first of all it should be able to block all access which you did not allow, if it does not so, we all have a big problem for worldwide security.

In case of sygate it is unfortunately the case, that it is extremely vulnerable and leaky. I never allowed to pass port xxxx, I installed a Trojan just to test the efficiency of the wall, but not Sygate reacted instead of this Armor2Net was efficient. Sygate said absolutely nothing to the trojan connection. Armor2Net recognized each attack except firewall bypass because Internet Explorer was allowed.

I am really disappointed of Sygate because I always thought it would be really safe, but this is really not the case in my opinion. Too often I saw the firewall on but it acted like it wouldn´t be on.

"Sygate is a rule and application based firewall so yes and no"

That's was my understanding. But some Sygate users keep mentioning rules and tightening them up so I thought perhaps that could play a part as well.

I haven't tried Sygate myself simply because I use a local proxy app (and Sygate has the piggyback loophole). Also, I've been told that Sygate allows apps server rights by default, which doesn't make sense to me as a default setting.

MEGA: I agree that doesn't sound good at all. ;) If it were an exotic Trojan that bypasses the firewall by design at some deep level of the OS, that would be disconcerting enough. But if the same trojan is readily disallowed internet access by other firewalls, even new ones, that certainly would cause me to question the efficacy of Sygate's outbound blocking. Although I haven't seen any other such reports like this (that I can recall at least).

It would be interesting if some Sygate users could respond or if anyone else has tested it in a similar manner, since Wilders has reviewed Sygate and given it top marks.

Hmm... Maybe I should switch firewalls? outpost free maybe? *sigh* all this crap about it leaking, and everything else kind of annoys me, seeing as I just got Sygate configured kinda properly :-\

These are all personal opions, u should make your own mind up. I have tried others but feel sygate is better for me so i stuck with it.

-{ Quote: " quoting: sig link=board=23;threadid=14113;start=15#msg90242 date=1064641687]It would be interesting if some Sygate users could respond or if anyone else has tested it in a similar manner, since Wilders has reviewed Sygate and given it top marks.
" }-

I used Sygate for quite some time before we replaced it with a network firewall on our new servers. IMO its inbound blocking cannot be bettered by any other personal firewall, *but only if you have its ruleset configured properly* (then again, this applies to any rules-based firewall). I tried all the other personal firewalls out there, and none of them were as secure inbound as Sygate. When people post that Sygate is leaky inbound, it is a consequence only of their own poor rulesets, not an inherent deficiency in Sygate itself.

That said, Sygate's *default* settings are somewhat mystifying. By default, all new apps are allowed server rights, and this can catch you out if you are not aware of it. When a new app is detected by Sygate (it notifies you of this), you need to go and disable its server rights. It's easy enough to do, but an incovenience and unexperienced users will get caught out.

The root of all this is Sygate's somewhat schizophrenic design. On the one hand it is a standard rules-based firewall, and on the other an application-based firewall (a la ZoneAlarm). You can configure it using both approaches, but to do so is confusing and it is easy to come up with a configuration that leaks. I found it was best to use rules *only*, and set all applications to disable (as both client and server, etc.) - eveything then is controlled by rules (which take precedence over app configurations) and you get to control all traffic in exactly the way you want.

Sygate's one big deficiency, though, is its outbound blocking when you use a local proxy. Basically, any app that uses the proxy to communicate out will not be seen by Sygate. I (and others) reported this to them on numerous occasions. A year ago, when Sygate was at version 5.0, the manufacturers said a fix for this would be in version 5.1. It was not added to 5.1. Now they are beta-testing 5.5 and there is no sign of a fix.

The configuration we have here now uses (as mentioned above) a network firewall on our server. On the clients, we use local proxy filters (AdSubtract) and a firewall for application control - basically, we don't need inbound protection on the clients, but we do control apps' outbound access and hijacking. We have found Outpost 2.0 the best personal firewall for our needs in this respect.

i have been using Sygate (free) for almost 2 yrs but i cannot comment on the "inbound" connections so much as i also use a router. But as for the outbound connections, all the applications that have wanted to access the internet have been applications that i have started up and initiated the connections (with the exception of a few which were blocked when i was first securing my computers). All the applications that i use are set to "Ask" for permission, and they do not have "server rights".

i also like that Sygate is both an application-based and rules-based firewall, as it allows me to use the application rules first while i learn how to set up rules for it. It does take some time to learn how to set up rules for a firewall, so Sygate meets this learning curve for new users by offering the application-rules option.

One of the other features i love about Sygate is the "full packet log" feature. i can say i have probably learned more about my own system and the connections to and from the internet from viewing the packet logs. :)

-{ Quote: " quoting: Comp01 link=board=23;threadid=14113;start=15#msg89974 date=1064554704]
Yeah, also, should I disable "act as client" ? and is it safe to disable it when in screensaver mode?
" }-

Comp01 - most applications you will use that need to "connect" to the internet will require them to "act as a client". A good example would be your browser. If it is not acting as a client...you won't be able to connect to this forum, or anywhere else. This is something you can go through with each application. Uncheck the application in the Advance section and see if it works (connects to the internet)..if it doesn't...then you know you will need to make it "act as a client". ;)

regards,

snap

Yeah, I'll probably keep Sygate, Because I am just now learning to configure the rule based parts (Although I have a few made specifically, to blocks some traffic on some of my trusted apps)

-{ Quote: " quoting: Steve Moss link=board=23;threadid=14113;start=15#msg90279 date=1064654049]
-{ Quote: " quoting: sig link=board=23;threadid=14113;start=15#msg90242 date=1064641687]It would be interesting if some Sygate users could respond or if anyone else has tested it in a similar manner, since Wilders has reviewed Sygate and given it top marks.
" }-


The root of all this is Sygate's somewhat schizophrenic design. On the one hand it is a standard rules-based firewall, and on the other an application-based firewall (a la ZoneAlarm). You can configure it using both approaches, but to do so is confusing and it is easy to come up with a configuration that leaks. I found it was best to use rules *only*, and set all applications to disable (as both client and server, etc.) - eveything then is controlled by rules (which take precedence over app configurations) and you get to control all traffic in exactly the way you want.


" }-


Funny, how the new Kerio 4 is following EXACTLY the same route :)

Yea I was talking to a person on the security forum I run (I'm not gonna spam it), and he said that he could shutdown syagtes firewall in 15 seconds. Im gonna let him try tonight and see how it goes. I'll post tomorrow about it.

S how did it go?, am I right in thinking he didnt manage to get past SPF or should I assume the worst.

Thanks