New kerio added new thing, what do you think about?

The links are from www.ezboar.com a spanish forum. so that you may take a look at the new kerio.

http://personales.ya.com/furtivo/kerio/kerio1.png

http://personales.ya.com/furtivo/kerio/kerio2.png

http://personales.ya.com/furtivo/kerio/kerio3.png

http://personales.ya.com/furtivo/kerio/kerio4.png

thanks

Very interesting and useful function. :)

Not much new there...
just code injection and buffer overflow protection... aka HIPS
NIDS was IDS before [which explains your shot of the logs screen]
and "app behaviour blocking" was previously called app control. Nothing new there.
Question: Can it block leaktests now, because it's seriously easier to use compared to tiny [just a couple of missing features, a slow logging window and the fact that it has some basic flaws - since patched - which meant I said G'bye to it.]

http://www.kerio.com/beta_kpf_history.html
This mostly confirmed whwatever I had said before ;)
Have fun.
-{ Quote: " Release History

Legend:
+ Added feature
* Improved/changed feature
- Bug fixed

*

Version 4.2.0 Beta 1 - January 24, 2005
+ added Host Intrusion Prevention System (HIPS). HIPS prevents attacks that reach vulnerable applications from succeeding by blocking any illegitimate behavior attempted by the affected applications.
+ simpler configuration window
- System Security was renamed to Behavior Blocking to meet current industry conventions.
- Intrusions were renamed to NIDS (Network IDS) to distinguish between network intrusions and new Host Intrusions (HIPS).
- New Intrusions pane was created. It includes three types of intrusion blocking - NIDS, HIPS and Behavior Blocking.
- 'System' log and 'Intrusions' log were renamed to be consistent with new Intrusions pane.

- dropped support for Windows 98, ME, NT4.
- improved parameters sanity checks of hooked kernel API functions
- fixed occasional unresponsiveness of logview
- minor gui bugs were fixed
" }-

sounds nice to me, curious though about the leaktest and "dll injection protection" cause that wasn't "dll injection protection" with the previous releases.

These new features, looks like they are responding to Jetico's 1.0 release.

@Kerio
two things I find worth mentioning
1. Betas take a LONG LONG time to develop
2. Kerio and Jetico have different audiences [Kerio v4 Free would still pose a challenge to JPF due to ease of use ;)]
I hope you understand what I want to say ;) ;D

@Infinity
DLL injection was always there with ZA Pro and Outpost Pro and Sygate Pro and TPF ...
About time they brought it up to speed... even the petite LnS and JPF were beating it EASY!!

Edit: "DLL injection" isn't specifically mentioned.... "code injection", however, is.
So all you "Grammar and punctuation" nuts, be gentle...please?

I may give it a try, but if they haven't fixed the completely bungled up network logging by this time then I refuse to use this firewall.

Well, I checked out the new 4.2 beta 1 and the duplicate logging problem still is not fixed. I just can't believe they haven't fixed this yet, even when many people have mentioned it in the Kerio forum. It's unreal.. Oh well... :P

I remeber back over a year ago when the first version 4 beta was out, the logging was screwed up way back then too which I don't think they fixed for the longest time either. It wouldn't log packets to unopened ports. Now its duplicate logging? Tiny/Kerio 2 never had any of these issues with logging and yet they can't seem to get it right in version 4. That is really messed up. The quality of there products seemed to have really gone downhill since the end of Kerio 2.

Now they have logging to unopened ports, but it's messed up. It's really a shame that they can't get something as simple as that straightened out, because otherwise I think it might be a pretty good firewall. The logging is very messed up in general. When using rules, you can't get them to log properly. If you have a rule say to block inbound tcp/udp to port 1026 and you enable logging, it doesn't log because it matches that rule, it logs because it matches an internal rule called "log packets to unopened ports". So you can't do things like create rules and then turn logging of that event off. It will always log any packet to an unopened port if you have that general option enabled. Pretty much sucks...

The logging to closed ports was added later as an afterthought I think. I don't know how they got things into such a design mess, but they did. And it shows...

I think its safe to say that version 4 has been just one huge mess. :) Its unfortunate that they didn't just stick with and complete version 3 a long time ago. I don't even remeber having any logging issues with that version at all and it was just a beta. Instead they had to create a new fancy GUI and add some web filtering and waist even more time creating version 4. Kerio version 3 beta's looked kind of similar to Jetico's layout with the tree structure which I prefer over there current bloated GUI.

If you look at the release history of version 4 its just pathetic all the stuff that they have had to fix. The quality in my opinion is just horrible. I have no plans on ever using Kerio again unless its there late great Kerio 2.1.5 version. I just don't have much faith in there current development team anymore. I prefer now to just watch firewalls such as Jetico, CHX-I, 8Signs, LookNstop, Tiny.

Yep, I totally agree...