BlitzenZeus
October 27th, 2003, 12:51 PM
Kerio Personal Firewall 4.0.6 has been released.
You can download it at http://www.kerio.com/dwn/kpf4-en-win.exe or check for updates from KPF admin.
MD5 hash of the package:
FDD77C6F9E49962146FB0A4B23B2B513 kerio-pf-4.0.6-en-win.exe
Changes since 4.0.4:
- fixed registration on WIN 98, ME
- fixed bug when Group name contains '&'
+ czech localization
+ password protection
+ remote administration
+ added ability to inspect gzipped http
+ logging and alerts can be turned on/off directly by clicking on rule line in network/system security
+ firewall can now be exited when popup window is shown
Serious Security problem! When you give a program permission to launch other programs, those programs are now launched, and automatically allowed to start without user input. So if a trusted program launches a malicious program it will be started by default!!! Now any script ran from a trusted application will be able to run loose on a system! Thanks for making the system security module useless Kerio!
1: You allow explorer.exe to launch other programs.
2: A script tells explorer.exe to launch malicious.exe, and malicious.exe is set to be allowed to start by default.
3: Malicious.exe is launched without user input.
Password protection, and Remote admin apparently are part of the paid version, which is not even mentioned in the help file correctly with association with the free version.
I've done minor testing so far, but the fact that they crippled the system security module makes this a horrible release. I didn't think it could get any worse... I was wrong...
You can download it at http://www.kerio.com/dwn/kpf4-en-win.exe or check for updates from KPF admin.
MD5 hash of the package:
FDD77C6F9E49962146FB0A4B23B2B513 kerio-pf-4.0.6-en-win.exe
Changes since 4.0.4:
- fixed registration on WIN 98, ME
- fixed bug when Group name contains '&'
+ czech localization
+ password protection
+ remote administration
+ added ability to inspect gzipped http
+ logging and alerts can be turned on/off directly by clicking on rule line in network/system security
+ firewall can now be exited when popup window is shown
Serious Security problem! When you give a program permission to launch other programs, those programs are now launched, and automatically allowed to start without user input. So if a trusted program launches a malicious program it will be started by default!!! Now any script ran from a trusted application will be able to run loose on a system! Thanks for making the system security module useless Kerio!
1: You allow explorer.exe to launch other programs.
2: A script tells explorer.exe to launch malicious.exe, and malicious.exe is set to be allowed to start by default.
3: Malicious.exe is launched without user input.
Password protection, and Remote admin apparently are part of the paid version, which is not even mentioned in the help file correctly with association with the free version.
I've done minor testing so far, but the fact that they crippled the system security module makes this a horrible release. I didn't think it could get any worse... I was wrong...