Jetico Personal Firewall

Kerodo,

Same here, un-installed Zone Alarm as ICS doesn't work with free version unless Internet Zone is set to medium which defeats its purpose, was forced to un-install Sygate Free due to its issue with Avast's latest feature of Web Scanning, seems Sygate Free and Pro have issues with proxy servers for years.

Jetico fits the bill, small, fast and still free and does what others do but with less resources.

 

Ok, after reading a lot of good things, and the potential for even better things to come, with JPF I uninstalled my Kerio 4 last night and installed JPF. I read somewhere on this forum about low memory utilization of JPF and that was also a strong reason to change firewalls. My initial thought upon rebooting and seeing the memory usage was "WOOHOO!", only 9,000 K utilization.

So I began checking out the program, setting up some rules, "teaching" JPF, etc. While I was doing this I noticed that memory utilization was over 38,000 K (yep you read that right, 38,000). That is NOT what I would consider low memory utilization.

At this point I rebooted and there was my 9,000 K again.....hmmmmm . So anyway, I leave the computer running all night and this morning JPF memory utilization is almost 17,000 K

I have sent an email to JPF support but I was wondering if anyone else has seen this.

 

I don't have any memory issues. Mine usually runs around 6 or 7 MB.

I received an email from Jetico today. They are definitely working on usability issues and reducing the quantity. of user interaction. I wonder what their next release will be like.

 

Well I plan to watch it for a few days and see what happens with my memory usage. I may uninstall it and do a re-install to see if that helps...can't hurt

I am new to a firewall with this much configurabiliy and have A LOT to learn. My biggest concern right now is making sure I don't actually end up opening myself up to more vunerability while learning to configure the rules. I do have a hardware router/firewall installed so I'm not completely unprotected.

......and we all know how you can catch some nasty things having unprotected internet use

 

Being behing a router is a good situation for learning. Just be careful with inbound rules. These essentially set up server ports that do not require a response to something your machine sent out. However, such ports need to be forwarded on your router as well. Don't mess with the system tables until you know what you are doing.

 

Download Fabertoys from www.faberbox.com and check out the Jetico thread in detail, mine never goes over 12mb and 9mb is the average, compared to Sygate, Zone Alarm, Outpost, Jetico is the leanest, your system feels the most responsive compared to when you are using other firewalls. Jetico is definitely not for beginners and for them I would advise nothing but Zone Alarm.

 

I uninstalled / reinstalled JPF several hours ago and thus far memory usage has not gone over 8.4 MB. Keeping fingers crossed that the previous memory issue was just a fluke.

....or maybe it was the ghost of Kerio 4 seeking revenge for being replaced

 

Ideally it shouldnt, one of the reasons I am sticking to Jetico. I have one gb RAM but still dont really like resource hogs.

 

Same here, 1GB, and I still want apps with light resources.

 

I guess that means I'll have to start with a fresh rule set again.. Pain...

 

Kerodo,

Intalled Kerio 2.15 with BZ rules, memory consumption is a brilliant 6MB and it passed all the tests at PC Flank,Hackerwhacker, GRC etc. Pretty good for an ancient FW which supports ICS and is free.

 

I have a bunch of rules and SPI turned on, and even so Jetico starts out at ~7500K. I've tried it with a P2P (emule) and a torrent client running and it still hardly rises over that level. With little in use, however, it will often drop and sit around ~2500K.

 

K-

I I think in the end that your rules will not change that much. What I suspect is the "network access" thing is a bit too sensitive. A way of dealing with the numerous windows components would not hurt.

Arup-

Kerio 2.15 is a decent little firewall, although it has no built in protection against termination. Once the persfw process is stopped, protection ends. You could run process guard if this is a concern. Some of the more exotic (and not often used) techniques to bypass a firewall on outbound filtering by launching IE or using DLL injection will also work. Whether this kind of protection is needed is a grey area, although Jetico is designed to stop that sort of stuff.

 

Yes, I used Kerio 2.1.5 for a long time until I found out that fragmented packets can get thru the firewall. It's not a big deal, but it bothered me so I switched to others... it's still my favorite interface though..

 

That would be good if they left the rules alone, although what I figured was that they'd just ad a bunch of stuff again.. maybe not though.

I installed the free version of Process Guard the other day to have a look, and it seemed nice. They say in the help that the pay version blocks new and changed programs. I don't quite understand this, because the free version will ask you about any new program that runs, so what does this mean?

PG was pretty light on resources too, so that was good. Didn't use up a bunch of cpu time running. I like that. I guess the real question for me is whether I need another program running or not. My attitude is if something bad happens then I just reformat. And for me, something bad rarely happens in that manner..

 

How can I setup Jetico firewall working only for application filtering and have another tool for packet filtering?

Thanks in advance.

 

The only firewall that might work solely as an application filter is the paid version of Look n Stop due to its modular design, according to PhantOm who has said something about using LnS to filter applications with CHX-1 or 8Signs for packet filtering, in another thread around here somewhere.

Try contacting Jetico support. They are very responsive.

 

Kerodo,

They have the fragmented packet test at PC Flank and there is a very comprehensive and lengthy series of test at http://www.it-sec.de/vulchke.html

Kerio 2.15 with BZ rules passed both with flying colors and this with MS file sharing and Gateway mode enabled.

Diver

I don't use IE, only Opera and occasionally Firefox and now I have added Pervx to my list along with Avast which by the way features a script blocker. I have tried almost every tests out there on the net as well as the once recommended in this forum, none have beaten Kerio so far.

The problem with Jetico is that even though you set a rule for Web Browser, from time to time it still asks for permission to access the net, also there is too many annoying pop ups with UDP diagrams request from various sites you visit. I am in discussion with Sergey who is one of the developers of Jetico, hopefully I would be able to convince him to come to this forum and get feedback from real gurus like yourself, this way we get to see the rise of another good and worthy successor to Kerio 2.15

 

Arup, this has been discussed at great length here and at dslreports and in newsgroups, and some others have done tests and found that Kerio passes fragmented packets thru without logging or blocking them. While it's not considererd a big threat, I believe that there is a problem. I've seen it here on my own system. So I'm afraid you won't convince me that it doesn't exist...

 

Kerodo,

Do you think Jetico is not prone to this? ICS makes it disable SPI at low level, this would make a Gateway system running Jetico quite vulnerable.

Yes I checked the Kerio forum as well as DSL forum on Kerio's apparent vulnerability and there was no conclusive evidence that it passes fragmented packets. The jury is still out on the verdict.

 

Someone just recently posted this (text below) in the firewalls newsgroup. I'm not sure I understand why sending out a large packet causes a fragment to come back in, but I can't test it out here since I'm not running Kerio 2.1.5 right now. You might try it and see what happens.. As far as the verdict goes, I'm convinced.

"About Kerio issue, this is the very simple test I've been suggested to
do... and whose result is a little bit frightening :
- Create a Kerio rule denying all Input ICMP (anwsers to ping request),
and put this rule in 1st position
- ping whoever_you_want : no answer. OK.
- ping -l 5000 whoever_you_want : damned, you get answer ! (-l
parameter, setting a packet size above MTU obliged ping to fragment)

Even more serious : don't even add any rule, but with systray icon,
have the choice "Stop traffic" (or something like that, my own Kerio is
in french, and I don't know the exact label in english)
Even in this case, "simple" ping doesn't work, but "fragmented" ping
does..."

 

By the way, how would PC Flank know if their fragmented packets were getting thru your firewall or not? If there's no reply from your system (Kerio blocks any outbound reply), then they'd never get a response back and they'd think you were ok. Am I missing something here?

The real question is not whether fragmented packets are getting in thru the firewall (I believe they are), but whether anyone can do any damage that way. If Kerio blocks any outbound response, then where's the harm, right?

 

Kerodo,

I am not refuting your finding about Kerio, but the question is that is it a vulnerability? cause if it is, then many who are still running Kerio 2.15 would have succumbed to it, also all the testing sites would have designed a program with this vulnerability in mind. Most Trojan exploits thrown at it as well as DOS attack tests come out with no success till now.

The fact that an old program like Kerio manages to pass all the tests thrown at it if set up properly without consuming too much resources goes to show that good programs hardly need unwanted addenda as in the case of KPF 4.

 

In fact, I'm running it right now. I decided to play with it for a while again. All this talk about it reminded me that it was actually my favorite for a long long time.

As far as the vulnerability goes, I wouldn't worry about it. If Kerio blocks any response, which it does quite well, then there's really nothing that can be done except to sneak a few packets in. I don't see how that can do any real harm. So, I guess I would have to agree with you.

As far as interfaces go, I like it best. I think Jetico is probably a little more powerful/configurable, but I don't think it has the good interface like Kerio. Although I try many of the firewalls I suppose my two favorites are Kerio 2 and Jetico.

 

Arup-

Did you call me a guru? That is a scary thought. With Jetico I have noticed that some apps don't ask for network access until they have been run a dozen times. That is weird, and some of these apps have not obvious way to use the Internet.

Kerio fragmented packet thingie:

I am not a mod, but this thread is getting mighty long my friends. When using a program that is no longer being maintained and something is discovered, you just have to live with it.

K- How many firewalls in the last 24 hours for you? Call Guiness. There have been days where I went through Kerio 2.15, Jetico and CHX-1 repeatedly. I am trying to narrow it down so I can spend some time on other things.

My conclusion at this point is that on a home system, especially when behind a NAT, it is better to have some kind of application control. The CHX-1/8Signs variety does not add that much when the NAT is right there. If I had a notebook for use on public wireless networks, it would be a different story. I also am getting to appreciate some of the more recent innovations like protection against termination, attacks that mimic keyboard and mouse input, dll injection and the like. Actually, no one has all of this tied down.