Jetico Personal Firewall v.2.1.0.6 Released

Jetico Personal Firewall v.2.1.0.6 Released

Release Notes

• Resolved problem with Windows 7 User Account Control
• Stateful engine settings can now be tuned via registry

http://www.jetico.com/download/

New Stateful engine registry settings (for advanced users) http://www.jetico.com/uploads/downloads-files/JPF_v.2_registry_settings.pdf

 

I have wanted to have a look at Jetico V2 and its new packet filtering, unfortunately, the last few versions I have installed will not run, with error "Cannot connect to server". This is on XP pro sp3.


- Stem

 

Stem,

Sorry to hear that your having problems installing JPF. I would suggest that you contact Nail (developer) directly at support@jetico.com and tell him the error message that your getting along with your system info, so that he can look into it and fix it.

 

I am not that interested in checking the packet filtering.
I have seen this problem from the very early versions of V2, and at the time I did mess around getting it to work. But now, it should really just install without my need to start checking and sending e-mails.


Thanks for posting the update info.


- Stem

 

Stem,

Sounds like there is some bug there if you have had problems installing JPF v2 for awhile now. I would encourage you to please contact Nail directly otherwise this bug might never get fixed properly. I have had problems in the past and I have found him to be very nice and helpful about tracking down and fixing things. If you don't report the problem to him then he will never know about it.

 

been trial it for some times, didn't like int GUI , hard to get threw

 

Thanks for posting the link for the advanced registry settings pdf!

I love the GUI and find it easy to navigate compared to other firewalls.

 

Yes, you're right, and become more and more configurable.

Problem with error "Cannot connect to server" usuali will be resolved with the old good reg cleaner, the reg roster move. Apparently, from the Jetico 1.0 remained tails.

 

New engine appealed to me.

But I still want to know how its indirect connection is.I believe many people don't understand it.It always monitor a app chain,we have to allow a apps in chain connecting the Internet.Is it really safe?

 

That's a good question. I find the indirect access table to be an annoyance because it seems to prompt for any application launched. I also find that I will get prompts for applications that have run and closed when I switch focus to an application that is already running and connected to the internet. Seems pointless to prompt for an application that isn't even running anymore.

Despite this and a few other minor annoyances, I still think Jetico is an excellent firewall.

 

You're right, many people don't understand it, annoyance comes from the same reason, but you can simplify your life.

JPF default security policy is not final, you can configure it as desired.

Why not use JPF variables - groups ? Groups can be used by firewall rules as parameter values.

Example:

Why not use JPF variable to create rules for entire folder, for example like this:

 

You should be cautious of allowing full folders access, just in case malware does get in there.
I used to split up the Indirect access and allow the parent chains but intercept the others, it actually allowed (on the version I was using then) to actually block various access without it blocking all the internet.(and dramatically reduced the popups)

I still have not been able to install jetico even on a clean XP sp3, I will try to find time to install a VM and see if Jetico will run on that, then I can post examples of how I set up.


- Stem

 

My annoyance with this aspect of the firewall isn't from any misunderstanding of how this should work. This feature is either poorly implemented or broken.

For example, when I install something which creates and then deletes files from my temp folder, engage in other activity on the computer for several minutes, then alt-tab to my browser, Jetico will begin prompting me for indirect network access for many of those install files which are no longer in memory or even on the disk in the temp folder anymore. If I choose deny, I lose access to the network for the browser.

Using wildcards like *\temp\* in a rule is a workaround at best.

I do agree with your idea of using the groups functionality to lessen the firewall's warning dialogs. I have an "Installers" group which I purge regularly. I have allow rules for indirect access as well as the common process attack prompts received during installations. This helps greatly and doesn't open any holes by allowing full folder access on a permanent basis as Stem points out in his post.

On a side note, you may want to test the Application Checksum function if you're relying on it to help stop malware. Try upgrading an application (or run something new) and select deny when you get the application checksum prompt. I have found that the file is always allowed to launch which pretty much defeats the purpose of using this feature.

 

The last little while I used Jetico, I ended up bypassing the indirect access because it was driving me batty. I found the process attack filter was sufficient for my needs, since I had other security measures already in place.

 

This is not a good idea to bypassing the indirect access table-rule !

Remain in memory, windows usualy need restart by every new software installation.

Sure, but the advanced rule setup configuration does not finish here.

You're right, no any security holes is open by allowing full folder access, there are other rules that are skilled to control every move of certain application.

--

 

Considering all the headaches that filter causes, I would disagree with you, especially when one, like myself, has other measures in place like lua+srp and SandBoxie. Then there are others who only want a pure firewall without the HIPS functionality.

 

If for you is good to have three, four or more filtering software, instead of just one set in a pleasant way ? good for me, is always your decision.

--

 

Variable Group?I used it.But I still can't set Indirect Access properly.Indirect Access will inspect the app chain and we have to allow all apps in the chain.In fact,we shouldn't do like that.

For example,explorer.exe needn't connect with the Internet,but if we want to launch a app via explorer.exe.We must allow explorer.exe to connect with the Internet.IMO,it is not safe enough.

 

I do not know why you should acetate 'explorer.exe' to connect with the Internet if you do not want? block it when the connection request, that's all.

Or create a 'Template table' with (reject TCP/IP connect inbound, outbound connect, receive datagram, send datagram) rule where you can address it's 'Variable Group' or entire 'folder' to lock connect with the Internet.

--

 

You only need to allow windows Explorer "Indirect access"

Indirect access is only refering that an application could connect through another application to gain access to the Internet.

 

Is a need for internet connect rule too, because 'explorer' usualy calls home to 65.55.11.179 (sa.windows.com).

--

 

I have got Jetico 2 installed. I see it is now possible to create ARP rules with both header and payload info, so tighter ARP rules can be set (with anti-ARP Gateway spoof if needed - but still need to verify if working correctly).
I did set up some ARP rules, the outbound rule logged as allowed, but then the same packet was blocked by the "Block all not Processed Protocol Packets". So it looked like the packet was still processed even after being allowed by the rule. I closed/restarted Jetico which appears to of corrected that.

I will try and find some time to check the packet filtering to see what improvements are there.

 

I'm glad that you are finally able to install the JPF.

Before starting useless discussion like on thread (DNS server "attacks"). You may wish to start with reading a general overview of :

1. Stateful engine packet check

2. Anti-port-scanner firewall function

3. Stateful rule creating

Reading alone won't teach you much. Hands-on experience is critical, so you would set up at least a basic test network.
The next step is to actually write and test an exploit. I would recommend writing at least one for each general class of bug
(buffer overflow, format string, SQL injection, etc.) or whenever a bug is particularly interesting.

Take a vacation, or at least a weekend camping! You deserve it! The steps above would probably take at least 3-12 months full-time.

--

 

I do set up and make packet filtering tests.

Writing code for own tests can bring in possible flaws in the test, so I usually stay with crafted packets for packet filtering test.

- Stem

 

Thanks! I look foward to seeing your results. I see from the release notes that jetico has been working on creating even better packet filtering this past year so i am very interested in seeing some tests to check on these improvements.