Is kerio 2.1.5 firewall effective

Hi

I use the old kerio firewall
A lot of new firewalls have a lot of fancy features.
my questions
1. is my trusty old kerio firewall effective enough to prevent programs to phone home ?
2. do I need the fancy features and need to upgrade to a new firewall ?
3. Can my kerio be bypassed by a program.


all I want to do is prevent unauthorized applications to not be able to phone home.

Thanks

 

Kerio 2.1.5 is probably not quite as effective at stopping outbound as some of the newer and more modern firewall/HIPS type apps, but that depends a lot on your rule set also. Kerio should stop most "normal" outbound apps from phoning home, but malware is another story. Do you need the fancy features of the new firewalls? I don't know. Do you? In answer to your question #3, Yes, Kerio can be bypassed by a determined piece of malware. Almost all of them can. So it really just depends on what your needs are as to whether Kerio is still good enough for you.

This is my understanding of the situation at any rate. Perhaps some of the more experienced and veteran users can chime in with more on this....

 

If you're referring to legitimate software and system components, Kerio is completely sufficient, and will remain so as long as IPv4 is in use. It won't work with IPv6.

If you're referring to malicious code that manages to hijack existing apps that are already given internet access, it will depend on the method used and the specific application being exploited. If malicious code can gain access to your default browser for example, Kerio will not control it.

Kerio differs from the newer firewalls in that Kerio is strictly an internet firewall. Ideally, it should be considered part of a security package. The "firewalls" of today are security packages consisting of several applications. A lot of the "features" found in the newer firewalls are also available as separate programs. There's pros and cons to both integrated packages (firewall suites) and separate components. Myself, I prefer a separate HIPS instead of one that's bundled with a firewall. There's several available if you decide that you want one. Software restriction policies can also prevent most malicious code from executing.

What you need is a question you have to answer for yourself. The answer will depend on how you use your system, the specific OS you're using, how knowledgeable you are about how your system works, and the basic security policy you have or want to implement.

 

Look'N'Stop is (in effect) THE kerio-type "pure" firewall for the present age.

However, LnS ain't HIP (as Matousec's pseudo-tests point out).

Now then . . . run LnS in conjunction with (say) Malware Defender (which is very HIP) and you create (in effect) *born-again kerio 2010*. Not a leak in a carload.

 

ok so kerio can be bypassed by malware

what is hips ?
may i ask which hips do you prefer ?

 

Malware Defender and SpyShelter are good free solutions.

 

HIPS is short for Host Intrusion Prevention System. HIPS can be described as a firewall that controls applications, system processes, and their activities. Before the term "HIPS" was coined, they were called application firewalls. The one I prefer is System Safety Monitor, aka SSM. It's one of the originals, predating the term "HIPS". Like Kerio, it's no longer being developed. Like Kerio, it's a finished, stand alone program that will continue to work without vendor support. It's often described as a classic HIPS, much like Kerio is a classic rule based firewall. The 2 complement each other very well. I use the combination to enforce a default-deny security policy in which all processes, their activities, and internet access is blocked by default and only what I specify is allowed. The result is near bulletproof security that's light enough to use on the oldest hardware.

The learning curve for classic HIPS is pretty steep. Until you get a ruleset built, classic HIPS give a lot of popup alerts asking if you want to allow or block a specific process or activity. In order to build an effective ruleset, you have to understand (or be willing to learn) what each process is for, what it's doing, and whether it's necessary. For the average user, it's completely overwhelming. For someone who knows or enjoys learning the nuts and bolts of their systems and wants to get as close as possible to having total control over it, it's an ideal option.

 

thats me . trying system safety monitor now..

 

@chesss - i appreciate your post to bring up the fact
that Kerio is still extremely useful, even if it might be "long in the tooth"

and .... though there's quite a few "experts" here,
nooneparticular is the perfect person to give Help
on this topic - including System Safety Monitor (SSM)!

i'd advise searching for all his posts & studying them,
i guarantee you'll shorten your learning curve tremendously ...

 

It may work just fine on your system but it is not without potential problems and quirks on some systems. In addition to what's been mentioned:

-it doesn't stop some inbound fragmented packets. This may not be important to you but something to keep in mind if it is.

-the driver can be problematic with some systems. (ie. BSOD)

-there is a bit of a bug with the rules when you use network/mask...I'm not sure if you will be able to find the details of it easily on the internet but you might want to avoid using network/mask when creating rules.

 

The learning thread for Kerio 2.1.5 covers a lot of deatils regarding configuring rulesets. The network/mask issue is also addressed in the last few pages.