I absolutely love this FW, always have and it's the one I always go back to. The only thing that bothers me is it still safe to use it? I'm on a XP machine that is well hardened, running minimal services but not behind a router. My rules are tight and I also run Avira and Threatfire. I've read some older threads on the subject, however i'd like opinion whether this great FW is still relevant today, in the here and now. I almost forgot to add, I have no concern for leatests/advanced outbound.
Many people still run it on XP for basic control, for the most part I rarely get prompts unless I have a new program, or I update a program. I don't care enough to mess with a new firewall, and have to deal with 20 prompts on a daily basis at this time setting one up while learning its quirks/bugs/limitations at this time. I've said it before, it has as 'simple complexity' where it was easy to make a simple or complex configuration from one interface, not spread out over multiple modules which might have higher priority than others. Nice clean rules, and only one set of rules....
I tried many Firewalls but always come back to Kerio 2.1.5 I have a router and I use it for basic control with XP. I also love this Firewall, easy to use and not bother with constant prompts like some other Firewall. Before I had my router, I also use Kerio 2 without any problems.
Spot on there BZ. I've flirted with just about all the other well known FW's. But, nothing compares to the simple complexity (great phrase) of Kerio. I was just a little concerned about running it on a direct connection. However, my system is well protected and my rules tight. I even get all closed at GRC without a FW. So I don't really know what i'm worried about!
Kerio 2.1.5 is fine, there is nothing like it's elegant rules interface IMO. I used to love it. So there's no reason why not to use it even though it's now dated, as long as you're not looking to it to stop every leak-test known to man...
I ran Kerio 2 without a router or firewall for about 2 years with absolutely no problems. Several of my clients also use it. None have been compromised because of a firewall related issue. It works as well now as it did when it was new. With or without a hardware firewall, I consider it a necessity. I like its ability to give detailed control over loopback connections. Rick
Kerio 2.1.5 has a great design, but a serious flaw in my opinion: the one concerning not filtering fragmented packets.
The fragmented packet vulnerability is more theoretical than real. As far as I know, there are no instances of it being sucessfully used outside of a lab. With XP, this can be fixed with a registry tweak instructing your system to drop fragmented packets. The built in windows firewall will also do this. I haven't seen any instances of Kerio and the XP firewall conflicting. The problem facing an attacker is causing those fragmented packets to be reassembled in a way that would do something useful, some type of command. On a system where Kerio 2 is the entire security package, it's theoretically possible. On PCs with a reasonable security package, other apps can prevent a malicious command from executing. Many AVs would see the command as potentially malicious. A decently configured HIPS would intercept the command. The net result is that even if it can be done, either your systems configuration or another part of your security package should stop the command or the packets themselves. You're also looking at a theoretical vulnerability that affects an older version of one firewall. The attack would have to be specifically designed for Kerio 2 and the OS it's running on, not something that's done by malware. That requires a live person with a specific interest in your system, highly unlikely unless you've given someone a reason to try to hack you. In such a case, you'll need more than just Kerio to protect you, especially if you use XP. Rick
The fragmented packet issue can be exploited to sneak UDP packets in thru Kerio regardless of your OS registry tweak. I watched it happening here for many months before I finally figured it out. But as you say, the odds are nothing truly harmful can be done. If I wanted to use Kerio 2 now without any other protection, I'd go ahead and do it.