Need a good firewall -- not a crapwall

Discussion in 'other firewalls' started by comma dor dash, Sep 23, 2007.

Thread Status:
Not open for further replies.
  1. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Stolen from post#91 "Anybody who want to control every details in any system will fail."


    I know it's not hard to implement a few rules and if I ever bothered to install a software firewall I believe I would remember how to do this. I just don't have then need to get worked up about all this...... nor am I motivated by thoughts of not letting Bill Know what I'm doing.
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    LOL, probably you forgot to TURN OFF some of the features that connects to the internet...

    Did you turned OFF the antivirus monitoring feature? This is usually what user forgets to do and then they blaim ZA... o_O

    Cheers,
    Fax
     
  3. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    That and the automatic updating...
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    YEP, there is (in pro):

    Automatic spyware updates
    Client updates
    Antivirus monitoring
    Smartdefense

    Hope I have not missed something... :D

    But better you do no use ZAPRO if you have to disable half of it.... a question of trust...

    Fax
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Does it matter at this point? It's too late for a "fix". Trust is gone.
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Well, if you are consistent with this approach you would need to go back to a typewriter... none of the software we use is free of bugs... the important thing is that bugs are fixed when discovered.

    But indeed Norton is only now slowly (took 2 years) getting rid of the label "resource hog" and ZA for some users will always be spying on us :)

    Cheers,
    Fax
     
  7. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    @fax "LOL, probably you forgot to TURN OFF some of the features that connects to the internet..."

    Can you please confirm that - contrary to my findings - no phone home takes place during the installation procedure? (This is because it would be irrelevant whether you can disable the spyware functions AFTER the FW already phoned home.)

    @Kerio Supporters

    Can you please confirm that Kerio does not check file integrity by using MD5 checksums? (See http://www.mscs.dal.ca/~selinger/md5collision/.

    @all For the time being, I went back to Kaspersky Anti-Hacker. Maybe the best option.
     
    Last edited by a moderator: Oct 6, 2007
  8. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
  9. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    Delete the last "close bracket"
     
  10. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
  11. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Kerio 2 uses MD5 to check file integrity. Although the MD5 algorithm has flaws, it doesn't bother me.
    SHA1 has flaws too, but they don't worry the folks at TrueCrypt:
     
    Last edited: Oct 3, 2007
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi twl845:

    I have not heard from this poster in any form.

    1. I've heard that ZA has made some improvements on phoning home since the thread on how to optimize settings on ZA Pro became "quiet".

      https://www.wilderssecurity.com/showthread.php?t=172579

    2. However, it has been reported that ZA's main executable ( can't recall it's name) still will not allow an expert rule to be placed on it. So ZA still has that issue hanging over it. What they need to do is allow the user to do that and set the ip/protocal/port/direction limits on that for all the OUTBOUND worrier's (I'm 1 of many).

    These 2 observations are mine based on reading posts, not from re testing ZA Pro.

    I will now return to the Kerio learning thread, as it takes me days/ weeks to test/learn a FW below the GUI or lack of GUI level not hours, but then I'm a slow learner:oops: )
     
  14. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    This thread may not solve he OP's problem, but a heated discussion does provide a lot of useful information.

    Why don't you try another Kerio: Sunbelt Kerio 4.3. It will do all that Kerio 2.1 does, as far as I can tell, and a lot more!

    It uses a complex mix of packet filter rules, predefined rules and application filter rules.

    You can use it in 100% rule-mode like 2.1.5, or you can use it in 100% application-mode like ZA, or a combination thereof, and you can define detailed application rules on the fly.

    And it's free.

    What more can anybody want?
     
  15. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I can add Kerio 4.3 to the list of candidates for the learning threads on FW's.
    But I would like to know if other posters are interested in it?

    What is your own set up with 4.3? Did you use any predefined set of rules to get started? eg BZ style?

    Please expand on the rule vs application mode like ZA idea by providing your example of:

    1) a 100% rule-mode rule
    2) a 100% ZA style application rule
    3) 1 50% rule-mode rule and a 50% ZA Style rule

    Does Kerio 4.3 use ip's in it's rules or does it offer site / server name option?
     
  16. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    In the everyone is different category I found that ZA caused fast user switching to fail on my notebook when running XP, and ZA free caused slow booting when used with Vista on the same notebook. (The machine is not dual boot, but can be switched in a few minutes with images.)
     
  17. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Personally, I use the simple application mode. Either I trust an application or I don't. I have combined the application rules with some of the predefined rules for DNS and DHCP. This allows me to block all Windows processes (cool! I really hate MS call home).

    I don't use packet rules but as far as I can tell, the packet filter is identical to 2.1.5 (what else?).


    This is the rule priority (from the help file):

    This means:

    You can configure the firewall entirely by the packet filter rule set and forget about the simple application rules, I believe that the 2.1.5 ruleset can be used.

    You can forget about packet rules (like me) and base the configuration entirely on simple application rules combined with the predefined rules for DNS and DHCP.

    Finally you can combine the packet filter rules with predefined rules and application rules (tricky, what a long learning thread!)
     
    Last edited: Oct 7, 2007
  18. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    You may also consider version 4.2.2, which is the last "pure" Kerio firewall. It seems to be identical to version 4.3 except for the Sunbelt logo, but it may be even better. I have seen no problems in the 4.3 build 268 though. It feels just as robust as Firefox, and that's a lot. ;)
     
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Good, do you happen to have a link to the 4.2.2 version, thus avoiding Sunbelt?
     
  20. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
  22. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Filehippo is one possibility.

    Online user's guide here:

    http://www.kerio.com/manual/kpf/en/
     
  23. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    I have been using Kaspersky Anti-Hacker for a few weeks now. Very stable. Does not use too many resources.

    However, I figured out a VERY big disadvantage: If you type rather quickly while your are online ... the following can happen: a KAV AH window pops up if an application wants to connect to the internet...and because you are typing you will automatically create an "allow all rule" within a millisecond. You may not even notice the KAH AH window .. so fast it goes. Quite dangerous and a serious design flaw.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yep, I have also seen this before in other firewalls, you're typing away, doing an email or whatnot, and before you know it, a firewall popup pops up and you inadvertantly "ok" something before you even have a chance to see it, in fact the window disappears so fast that you don't even know what you just ok'd.. LOL.... not good...
     
  25. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    Some apps that have routine pop-ups will give you a "delay" feature that prevents this inadvertant (and unknowing) approval/clicking. Should be a standard feature with all apps that ask for approval clicks.


    |||
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.