sygate hacked

sig, maybe you are right or maybe you are wrong,

if you install a firewall: first of all it should be able to block all access which you did not allow, if it does not so, we all have a big problem for worldwide security.

In case of sygate it is unfortunately the case, that it is extremely vulnerable and leaky. I never allowed to pass port xxxx, I installed a Trojan just to test the efficiency of the wall, but not Sygate reacted instead of this Armor2Net was efficient. Sygate said absolutely nothing to the trojan connection. Armor2Net recognized each attack except firewall bypass because Internet Explorer was allowed.

I am really disappointed of Sygate because I always thought it would be really safe, but this is really not the case in my opinion. Too often I saw the firewall on but it acted like it wouldn´t be on.

 

"Sygate is a rule and application based firewall so yes and no"

That's was my understanding. But some Sygate users keep mentioning rules and tightening them up so I thought perhaps that could play a part as well.

I haven't tried Sygate myself simply because I use a local proxy app (and Sygate has the piggyback loophole). Also, I've been told that Sygate allows apps server rights by default, which doesn't make sense to me as a default setting.

MEGA: I agree that doesn't sound good at all. If it were an exotic Trojan that bypasses the firewall by design at some deep level of the OS, that would be disconcerting enough. But if the same trojan is readily disallowed internet access by other firewalls, even new ones, that certainly would cause me to question the efficacy of Sygate's outbound blocking. Although I haven't seen any other such reports like this (that I can recall at least).

It would be interesting if some Sygate users could respond or if anyone else has tested it in a similar manner, since Wilders has reviewed Sygate and given it top marks.

 

Hmm... Maybe I should switch firewalls? outpost free maybe? *sigh* all this crap about it leaking, and everything else kind of annoys me, seeing as I just got Sygate configured kinda properly

 

These are all personal opions, u should make your own mind up. I have tried others but feel sygate is better for me so i stuck with it.

 

I used Sygate for quite some time before we replaced it with a network firewall on our new servers. IMO its inbound blocking cannot be bettered by any other personal firewall, *but only if you have its ruleset configured properly* (then again, this applies to any rules-based firewall). I tried all the other personal firewalls out there, and none of them were as secure inbound as Sygate. When people post that Sygate is leaky inbound, it is a consequence only of their own poor rulesets, not an inherent deficiency in Sygate itself.

That said, Sygate's *default* settings are somewhat mystifying. By default, all new apps are allowed server rights, and this can catch you out if you are not aware of it. When a new app is detected by Sygate (it notifies you of this), you need to go and disable its server rights. It's easy enough to do, but an incovenience and unexperienced users will get caught out.

The root of all this is Sygate's somewhat schizophrenic design. On the one hand it is a standard rules-based firewall, and on the other an application-based firewall (a la ZoneAlarm). You can configure it using both approaches, but to do so is confusing and it is easy to come up with a configuration that leaks. I found it was best to use rules *only*, and set all applications to disable (as both client and server, etc.) - eveything then is controlled by rules (which take precedence over app configurations) and you get to control all traffic in exactly the way you want.

Sygate's one big deficiency, though, is its outbound blocking when you use a local proxy. Basically, any app that uses the proxy to communicate out will not be seen by Sygate. I (and others) reported this to them on numerous occasions. A year ago, when Sygate was at version 5.0, the manufacturers said a fix for this would be in version 5.1. It was not added to 5.1. Now they are beta-testing 5.5 and there is no sign of a fix.

The configuration we have here now uses (as mentioned above) a network firewall on our server. On the clients, we use local proxy filters (AdSubtract) and a firewall for application control - basically, we don't need inbound protection on the clients, but we do control apps' outbound access and hijacking. We have found Outpost 2.0 the best personal firewall for our needs in this respect.

 

i have been using Sygate (free) for almost 2 yrs but i cannot comment on the "inbound" connections so much as i also use a router. But as for the outbound connections, all the applications that have wanted to access the internet have been applications that i have started up and initiated the connections (with the exception of a few which were blocked when i was first securing my computers). All the applications that i use are set to "Ask" for permission, and they do not have "server rights".

i also like that Sygate is both an application-based and rules-based firewall, as it allows me to use the application rules first while i learn how to set up rules for it. It does take some time to learn how to set up rules for a firewall, so Sygate meets this learning curve for new users by offering the application-rules option.

One of the other features i love about Sygate is the "full packet log" feature. i can say i have probably learned more about my own system and the connections to and from the internet from viewing the packet logs.

Comp01 - most applications you will use that need to "connect" to the internet will require them to "act as a client". A good example would be your browser. If it is not acting as a client...you won't be able to connect to this forum, or anywhere else. This is something you can go through with each application. Uncheck the application in the Advance section and see if it works (connects to the internet)..if it doesn't...then you know you will need to make it "act as a client".

regards,

snap

 

Yeah, I'll probably keep Sygate, Because I am just now learning to configure the rule based parts (Although I have a few made specifically, to blocks some traffic on some of my trusted apps)

 

Funny, how the new Kerio 4 is following EXACTLY the same route

 

Yea I was talking to a person on the security forum I run (I'm not gonna spam it), and he said that he could shutdown syagtes firewall in 15 seconds. Im gonna let him try tonight and see how it goes. I'll post tomorrow about it.

 

S how did it go?, am I right in thinking he didnt manage to get past SPF or should I assume the worst.

Thanks