Kerio 4.06 released - Less secure

Discussion in 'other firewalls' started by BlitzenZeus, Oct 27, 2003.

Thread Status:
Not open for further replies.
  1. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Kerio Personal Firewall 4.0.6 has been released.
    You can download it at http://www.kerio.com/dwn/kpf4-en-win.exe or check for updates from KPF admin.

    MD5 hash of the package:
    FDD77C6F9E49962146FB0A4B23B2B513 kerio-pf-4.0.6-en-win.exe

    Changes since 4.0.4:
    - fixed registration on WIN 98, ME
    - fixed bug when Group name contains '&'

    + czech localization
    + password protection
    + remote administration
    + added ability to inspect gzipped http
    + logging and alerts can be turned on/off directly by clicking on rule line in network/system security
    + firewall can now be exited when popup window is shown


    Serious Security problem! When you give a program permission to launch other programs, those programs are now launched, and automatically allowed to start without user input. So if a trusted program launches a malicious program it will be started by default!!! Now any script ran from a trusted application will be able to run loose on a system! Thanks for making the system security module useless Kerio!

    1: You allow explorer.exe to launch other programs.
    2: A script tells explorer.exe to launch malicious.exe, and malicious.exe is set to be allowed to start by default.
    3: Malicious.exe is launched without user input.

    Password protection, and Remote admin apparently are part of the paid version, which is not even mentioned in the help file correctly with association with the free version.

    I've done minor testing so far, but the fact that they crippled the system security module makes this a horrible release. I didn't think it could get any worse... I was wrong...
     
  2. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Rats!!!! I want to use the new version so badly because no other firewall feels right to me anymore. I sure hope they get that fixed before the 11/10/03 release date scheduled. o_O
     
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @BZ
    Since I regard you as one of the leading experts on Kerio [as well as one of its major supporters] what you have said is serious stuff, indeed. If they have good sense, they will heed the critique of a good friend like yourself.

    I shall watch closely for your future reports. Thanks for the information.
     
  4. controler

    controler Guest

    Hello

    I am not understanding what you are saying about allowing one APP to launch another APP with Kerio. In mY screen shot it shows the chioce to allow or ask. Are you saying this feature really doesn't work? It seems to work for me with most APPS
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.