Old, out-dated, no longer maintained -- BUT I like it!

Discussion in 'other firewalls' started by bellgamin, May 26, 2015.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I was a happy PFW user for several years. A while back, I did some changes to the Hips settings, but they didn't take. Tried again. No joy. Downloaded PFW again, & re-installed. Tried again. No joy. All else worked perfectly. It coulda been me. It coulda been a PFW idiosyncracy for just the particular action I was trying to do. I decided to switch to SunFW.

    I just this minute checked at http://www.privacyware.com/personal_firewall.html & see that Greg Salvato has updated PFW to be okay with Win10, in addition to 8.8, Vista (yuck) & XP. So (much as I like SunFW) I shall give PFW another try in a week or so -- perhaps the glitches I encountered have faded into the gauss. Obviously, PFW is not abandonware (SunFW is abandoned, sad to say). Further, PFW is MUCH more current than SunFW. Warrants another look.

    THANKS constantine76 for causing me to give PFW another look-see. Aloha from Hawaii.
     
  2. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    371
    Location:
    DownUnder
    Hi Bellgamin! Your post caught my interest as I have been using the old version (7.0.30.3 dated 23 November 2014) of PFW in Windows 10 Pro since August without any issues.

    I downloaded the latest version from the link you provided – and noticed that it's the same version\file despite the Windows 10 notation at the site. (haven't actually installed it as yet)
    Not sure what's new – but I'm certainly OK with my old version!

    Cheers!
     
  3. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    PFW still work great for me with XP!!
     
  4. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I dropped PFW some time late in 2013. Can't recall which version it was. So a version dated 23 Nov 2014 is an "update" in my book. As stated previous, I shall give it another try soon.
     
    Last edited: Oct 3, 2015
  5. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    I'm not sure I understand.
    PFW latest release was in dec. 2013, and I didn't see anything on Privacyware's website about a forthcoming new version in nov 2015.
     
  6. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Krysis' post says that version 7.0.30.3 is dated Nov 2014, not Nov 2015 as your post says. I myself haven't yet found time to install PFW; ergo, I lack direct info wherewith to clear the fog.
     
  7. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    I never said 7.0.30.3 was dated from nov 2015, did I?
    Furthermore here's what's showed on their website:
    CURRENT VERSION - 7.0.30.3, posted 12/19/2013:
    So where does that nov 2014 info come, I don't know.
     
  8. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I believe you but couldn't find it. Link, please.
    Nor do I. In any event your issue seems to stem from Post #52 by Krysis, so why not PM him vice any further wrestling with phantoms?
     
  9. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    371
    Location:
    DownUnder
    The 23 November 2014 date I mentioned was the date I downloaded 7.0.30.3 (as per Properties > Details) – no idea when it was actually released. Hope that clears the fog!
     
  10. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    According to https://www.privacyware.com/PF_support.html
    PFW version 7.0.30.3 was issued Dec.19, 2013, Release notes Dec.19, 2013.
    Undated Win10 note is at the bottom of the page - just scroll down to "Support Resources" for details.
    It's not certified for Win10, but apparently runs for several users here.
     
  11. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Yes but if your car breaks you still have mechanics that are able to fix it.

    What if old Firewalls have unfixed exploits? Heck, even Kaspersky was vulnerable to remote attacks recently. In such case, your old and unmaintained Firewall will be like if your car couldn't be fixed at all since the mechanic can't get into it (can't look at the source code of the Firewall).

    I still don't see an advantage of using old and not maintained products, specially security related.
     
  12. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    amarildojr,
    What maintenance (other than bloat) do you speak of exactly as it relates to
    a) packet filtering (other than IPv4 limitations such as in Kerio 215), and
    b) processes seen by the HIPS/Behavior sections
    Can you provide specific details for both a and b.
    Perhaps other than exploits which can be handled by MBAE or other means (Just FYI, Sunbelt, the old unmaintained firewall, does see exploits).

    There's a danger this discussion will derail from what's available to what's good for you, but I thought I'll ask just once and hope Bellgamin won't mind.
     
  13. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    The main advantage is that they are still compatible with older systems. Newer software might work with these systems but it often slows them down to the point they are unusable.

    There is also security by obscurity. There are so few people using these old apps that is probably not worth anyone's time to reverse engineer them so possible exploits for them are likely to remain undiscovered.

    Firewalls are pretty basic and low level as security software goes so an outdated firewall is still going to perform its basic function as long as the network structure and protocols it connects with are the same. An old AV or security suite, on the other hand, is going to be useless because the threat landscape it deals with has completely changed, not even taking possible exploits into account.
     
  14. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
    fail - wake up, dude.
    since xp has run out of service attackers and hackers are on the run to determine security flaws of it by comparison with newer patches.
    using vulnerable security software on a more vulnerable os - i would call the pretty stupid combination.

    if there exists some garage for a tech check (like we have with the TÜV here in germany) for windows xp it would be scrapped immediately!
    nevertheless the TÜV here is not also responsible for cars, it checks some more and also operation systems.

    people still using xp are the minority so i would recommend them - use it but dont bother responsible users with should or should not questions.

    Cheers.
     
  15. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Just a reminder of what this thread is about. Brummelchen I think you better go back to sleep. Seriously.

    XP Pro and Kerio 2.1.5 here. :) My first (and last) FW was Kerio, about a couple of years after I got my computer. I found about Kerio after researching because I got a dialer dumped on me from a driveby which came from a legit site I used to visit. Didn't understand the settings at the time and pretty much used BZ ruleset to start of with. It's the only time my system has ever been compromised in 12>13 odd years.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Kerio 2.1.5 was great, but it had one flaw. You can fire/send fragmented packets right thru it from the outside. This was all discussed to death ages ago. There are threads here and on DSLR with BZ, etc.. Just for reference... anyone using Kerio 2.1.5, it isn't bulletproof by any means.
     
  17. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    I didn't say anything was bullet proof as I'm not qualified to say that. Utilizing the layered approach increases your chances of staying safe. In general, it all depends on what our threat model is.
     
  18. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I don't remember what conclusions we all came to on Kerio, it was so long ago... I think we figured that nothing much could be done attack-wise anyway, regardless if fragmented packets were getting through or not. But at the time, I think it led a lot of people to drop Kerio for others. The newer Kerio 4.xx series was fixed in this regard, but it didn't have the original great Kerio 2 UI which everyone loved. Anyway, just making the point that if the job of a firewall is to prevent unsolicited inbound, then Kerio 2 fails at that. Whether it matters or not practically speaking is probably another matter...
     
  19. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Thanks for your thoughts Kerodo. I knew XP FW wasn't really a firewall because my understanding has always been it should deal with inbound and outbound. That's why I went for Kerio, plus it was so lightweight. I was in over my head for having a totally rules based FW but I didn't like the other offerings like Zonealarm, at the time. I guess Kerios just part of the furniture now. BTW I still don't profess to have a great understanding of FWs but it seems to work for me. Noone_particular and others at Wilders have been a great help allowing me to increase my knowledge level. :)
     
  20. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    I really don't agree with this, obviously. It really depends on who uses it and how it is used. Any OS can be used in an insecure fashion new or old. Xp in the right hands is just as secure as any other OS.

    Specifically, I was referring to reversing old firewalls like Kerio and Sygate for vulnerabilities, not the Xp OS. I never used Kerio but I still have some Xp machines running Sygate. What I find is that the basic function still works as well as ever, it is rock solid and reliable. Its control of outbound connections is admirable. With Windows 7, I use Windows Firewall Control for the same purpose but in Xp, it is the best option I've found. I tried finding a replacement for it a couple of years ago and after trying several other firewalls, I went back to the old version of Sygate. The only problem it gives me occasionally is an occasional false positive and complete traffic block when I change router settings. In other words, it errs on the side of caution when it messes up.
     
  21. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    My *real* FW is in my router. SunFW is for outbound. For instance, It stops Avast from its all its multifarious nefarious irritating unnecessary efforts to call home. Plus it has a cute icon (cute icons are really REALLY important when selecting security apps.)

    As for any vulnerability of XP (I'm quite sure that Vista Win8 & Win10 are all quite thoroughly bullet-proof) my *real* security is the fact that I clone to an external drive quite often and, LIFO, retain clones for lo these many moons. If worse comes to worse, I reload a Clean Clone (better known as a "CC" to all us security pros) and POOF! suddenly the sun shines once again, the calla lilies bloom, and all's well with the world. (^_^)
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
    and that is not possible - XP does not have the basics compared to vista or higher. ASLR is not available in XP and it was improved in windows 8.
    XP need to install 3rd-party software for it but it never wont be the same as in vista or higher.

    compared with old cars - i can install some airbags but it wont be the same as vendor do. (nevertheless i hate old cars comparison)

    i read here for the first sites
    https://www.wilderssecurity.com/threads/what-is-your-security-setup-these-days.111264/
    what i always see - the more vulnerable an OS seems to be, the more security software is installed. exceptions possible ;)

    Cheers.
     
  23. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    You are only referring to technologies. Security for me is as much about knowledge and procedure as technology. That might be because I have some experience in security that has nothing to do with computers.

    ASLR is just an OS tweak, a good one I admit, but just a tweak of the Windows OS that deals with one specific type of threat. It helps but is just one little part of the equation. Compare that to a really good security procedure like compartmentalization. Compartmentalization is not only a good procedure with computers and IT, it is also used to make boats more difficult to sink and buildings more secure from intruders. A little knowledge of compartmentalization applied to the use of any computer system or OS will do a lot more to make it secure than ASLR or any other specific security feature. Technology is only the means, it still takes knowledge to use it effectively.

    In securing Xp, I add only a firewall and a very basic AV to the ACL and group policy tweaks I use to secure Xp. I use it in a LUA, of course. I also use imaging. What I also implement is compartmentalization of system and data and further compartmentalization of data. That is not specific to Xp, I use these procedures in all the OSes and computers I use. It is very effective. In 15 years or so, I have never lost any data that was important to me or had that data compromised or stolen. OSes come and go, it is the work you do with them that you want to secure and maintain.
     
  24. Xtended XPerience

    Xtended XPerience Registered Member

    Joined:
    Oct 31, 2015
    Posts:
    3
    kpf 2.1.5
    ssm 2.4.0.xxx
    harden-it 1.2 (once & forever)
    pb 1.2

    14 yrs of happy browsing mailing etc without a prob
    new does not always mean better
    ;-)
     
  25. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    237
    I remember reading that Kerio PF 4 could accept Snort rules. Do you know if that capability is still present in the last version (the beta) of the Sunbelt FW?

    Phil
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.