Kerio Firewall.

[cibaker]

Hi all, Ive just downloaded Kerio Personal Firewall 4, and ive noticed it doesnt ask me if i want to permit or block applications when i start programs, like Zonealarm and other software firewalls do. I have enabled the option "Use existing system security rules, or ask me" option under "When an application is about to start".

But it doesnt ask me when i start new applications, it just doesn't feel safe, What if a virus or a dialer trys to connect to the internet, it will let it.

Any ideas how to fix this?

[ronjor]

cibaker

It's been awhile since I tested KPF4. If it were me, I would download the manual or check the help file closely.
It should alert when apps try to open other apps.

Kerio

[bigc73542]

It absoluty should alert you.

[Kerodo]

Quote:

Originally Posted by cibaker

Hi all, Ive just downloaded Kerio Personal Firewall 4, and ive noticed it doesnt ask me if i want to permit or block applications when i start programs, like Zonealarm and other software firewalls do. I have enabled the option "Use existing system security rules, or ask me" option under "When an application is about to start".

But it doesnt ask me when i start new applications, it just doesn't feel safe, What if a virus or a dialer trys to connect to the internet, it will let it.

Any ideas how to fix this?

You might want to consider another firewall. Kerio 4.1x is quite buggy still. I'd give it another 3-6 months before they get things stabilized. I played with several of the beta's before the 4.1 release and there were many bugs. Then they rushed right into release, with many things unfixed.

Check Kerio's forums for more info and see some of the problems others are having..

[Amerk_5]

Kerio v2.1.5 is an excellent choice. I still use it among many people who tried Kerio v4.x and couldn't stand it.

[Kerodo]

Quote:

Originally Posted by Amerk_5

Kerio v2.1.5 is an excellent choice. I still use it among many people who tried Kerio v4.x and couldn't stand it.

Kerio 2.1.5 is definitely the best of the two. Doesn't seem like 4.x will survive.

[no13]

kerio 4.0.x is better and less buggy.

[Kerodo]

Quote:

Originally Posted by no13

kerio 4.0.x is better and less buggy.

That's probably true.. 4.0.16 might be ok. 4.1.x is a mess...

[dlhan]

Quote:

Originally Posted by cibaker

Hi all, Ive just downloaded Kerio Personal Firewall 4, and ive noticed it doesnt ask me if i want to permit or block applications when i start programs, like Zonealarm and other software firewalls do. I have enabled the option "Use existing system security rules, or ask me" option under "When an application is about to start".

But it doesnt ask me when i start new applications, it just doesn't feel safe, What if a virus or a dialer trys to connect to the internet, it will let it.

Any ideas how to fix this?

Just to make sure (because I forgot to) you did place a checkmark in the "Enable System security Module" at the top of the applications page.

[Jimbob1989]

I have heard great things about the firewall however problems can occur with any software.

Jimbob

Quote:

Originally Posted by Kerodo

Kerio 2.1.5 is definitely the best of the two. Doesn't seem like 4.x will survive.

Except kerio 2.1.5 doesnt handle fragmented packets which is very serious

[no13]

hey james2323... care to explain "fragmented packets" and their mishandling? What kind of hacker would implement THAT attack on a poor home user? Maybe such an attack from usual website is more probable (just as a result of poor programming)

[Kerodo]

Quote:

Originally Posted by james2323

Except kerio 2.1.5 doesnt handle fragmented packets which is very serious

Yes, this is very true.. I have stopped using 2.1.5 because of this problem. Not only fragmented packets, but it looks like it doesn't handle TCP with certain flags also. A lot of Kerio 2.x users are going to be very unhappy about this. The sad thing is, I'm betting that a lot of people are just going to ignore it too.

See the thread below for more details:

http://www.dslreports.com/forum/rema...7449~mode=flat

Quote:

Originally Posted by no13

hey james2323... care to explain "fragmented packets" and their mishandling? What kind of hacker would implement THAT attack on a poor home user? Maybe such an attack from usual website is more probable (just as a result of poor programming)

LOL, it does not take a hacker to craft fragmented packets.

Altough Kerodo apparantly just discovered it ,it is actually very old news. Search this forum for details.

Quote:

Originally Posted by Kerodo

Yes, this is very true.. I have stopped using 2.1.5 because of this problem. Not only fragmented packets, but it looks like it doesn't handle TCP with certain flags also. A lot of Kerio 2.x users are going to be very unhappy about this. The sad thing is, I'm betting that a lot of people are just going to ignore it too.

See the thread below for more details:

http://www.dslreports.com/forum/rema...7449~mode=flat

LOL, sure they will ignore it, they have ignored it for years... Search this forum for instance and you will see it is periodically mentioned.

Quote:

Originally Posted by Kerodo

The sad thing is, I'm betting that a lot of people are just going to ignore it too.

Here's a tip, most people have no idea at all about TCP/IP at all. SYN, ACK,FIN etc just greek to them.

To many, a good firewall is something that gives them a stealth rating at grc, and one that blocks leak test

[Kerodo]

Quote:

Originally Posted by james232r

Here's a tip, most people have no idea at all about TCP/IP at all. SYN, ACK,FIN etc just greek to them.

To many, a good firewall is something that gives them a stealth rating at grc, and one that blocks leak test

Very true..

[no13]

hmm... so is it impossible for us to "break into" kerio's "hiden" default rules that show up in the logs but not in the ruleset listing? Kerio 4x IDS may be manipulated (its snort based), but I was told that the rest is encrypted. So can we? Shouldn't a 3rd party program exist for this?