Another KPF2 vs KPF4 question

Discussion in 'other firewalls' started by doug6949, Jun 17, 2005.

Thread Status:
Not open for further replies.
  1. doug6949

    doug6949 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    110
    Unlike many users, I've had good luck with KPF4 on my machine. That being said, I would like some advice.

    A friend of mine has ongoing problems with garbage on his computers. He has a habit of downloading things and is not as security-minded as he should be.

    I recently set up a new machine for him with KPF4, set it to learning mode and ran through several scenarios to build the ruleset. He took the machine and within three days managed to let things through the firewall. I think he just clicks OK each time he sees an outgoing connection alert.

    1. If I used KPF2 with BZ's ruleset do you think I would have better luck than with KPF4? I have never used KPF2 and am somewhat afraid of it (I've read that it is not moron-friendly).

    2. Should I stick with KPF4 and just import the ruleset?

    3. What else do you recommend to protect folks that are admittedly careless?

    This fellow uses his computers daily in his business. I know most of his wounds are self-inflicted, but I would really like to help.

    Tnx;
    Doug
     
  2. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    1. Yes you will, KPF 2 is very easy to use, despite what some people say.
    2. No, just use KPF2 because it has a admin password built in, so he can't exit the firewall without a password
    3. Either stop them from using a computer or at least educate them about computer security. It is better to not use a computer than to carelessly use it and complaina abotu how you lost your credit card numbers, files etc.
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Unfortunately, if the user insists on doing unwise things, then there isn't much you can do to protect him/her.
     
  4. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    Is this friend of yours using Internet Explorer as his web browser? Somehow, I suspect that the answer is "yes."

    What you could do is install Kerio 2.1.5 with BZ's default standard ruleset. Customize the ruleset to fit his particular ISP, and then run all applications he normally uses to access the Internet. Don't forget antivirus and antispyware programs that need access to retrieve updates. Then go into Kerio administration and set it to "Deny Unknown." Anything that isn't specifically allowed by the ruleset will be blocked, period. Kerio won't even ask, and if Kerio doesn't ask, your careless friend won't be given the opportunity to give malware permission to connect to the Internet.

    I'd also set an administration password. And don't give the password to your friend. At least, not right away. That way, your friend will be forced to call you if the ruleset needs some additional tweaking to accomodate some new application.

    Thanks for your post. I am now going to consider using this approach with my clueless friends and relatives.


    Phil
     
  5. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Agree with the previous posters.Kerio 2 had terrorised me too the first time i saw it as newbie after months of ZA,but it's not difficult.Specially when using BZ rule sets,the most of the job is already done for you.I just edited the "Unrestricted DNS" rules,specifying my DNS primary and secondary IPs,disabled some other rules that are for LANs etc that i don't have and then simply added some mine when specific programs asked for permission.I use 2.1.4 on SP2 and still didn't have a problem (i did have a dll error from time to time with 2.1.5).IMHO,it's how all firewalls should be.It merits to be installed only for the fact that does what others do and wants only 2 MB RAM for it!Dumb the bloatware Kerio 4 ,at least until becomes stable,and install Kerio 2.But then of course,i doubt you ll ever leave it for Kerio 4 :D
     
  6. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Is there a place to download Kerio 2? Or has it been erased from the Internet like K-Lite 2.4.5? So maybe only a select few users were smart enough to save the installer?
     
  7. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    http://download.kerio.com/archive/download.php
     
  8. doug6949

    doug6949 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    110
    Thank you all for your replies. I think the best approach is to install KPF2 on my own machine to get familiar with it. Then I will install it on my friend's machines next time they go down.

    Yes, he had been using IE/OE. I installed Opera which he has been faithfully using for browsing and mail. Unfortunately, I did not sufficiently cripple IE. I suspect he opened IE when Opera was unable (due to restrictions) to find something.

    Doug
     
  9. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
  10. doug6949

    doug6949 Registered Member

    Joined:
    Nov 28, 2003
    Posts:
    110
    I am going to set up a machine with all of the software this person uses and experiment with configurations. When I feel comfortable with the stability/security issues I will create a drive image for installation on his machines. This should serve as a suitable replacement for the bloated and unsecure factory install disks that come with them.

    Hyperion noted that 2.1.5 caused errors with XP. Should I install 2.1.4 instead?
     
  11. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    I've never had a problem with 2.1.5 on Win XP, thats with several systems running XP :)
     
  12. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    The only problems I've noticed reported with Kerio 2.15 myself are:

    - Kerio's Buffer size needs to be patched in registry not to cause a buffer problem
    http://www.dslreports.com/forum/remark,3060806?hilite=registry buffer

    - It sometimes loses it's rules completely

    - It has unpatched vulnerabilities (as reported by Secunia):
    http://secunia.com/product/1493/

    - sometimes limits ethernet network bandwidth down to 1/3 - 1/2 of it's maximum bandwidth

    Some people have noticed a BSOD with fwdrv.sys though:

    http://www.dslreports.com/forum/remark,12530877
     
  13. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    The registry patch is

    ---------------------------------------------------------------------------
    Increase your buffer size.

    Go to registry, HKLM\SYSTEM\CurrentControlSet\Services\fwdrv and change value MaxbufferSize to 16000
    ---------------------------------------------------------------------------

    Presumably this is the decimal value. I see that mine is already set a 16384 in 2k sp4.

    Does this patch refer to earlier versions?
     
  14. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    You will lose rules, if when Windows XP is loading up your welcome screen or login box and you power off your computer before the welcome screen or login box displays.

    I use Kerio 2.15 on Windows XP and have experienced this. You may try if you want (at the risk, of using your firewall rules, so export/backup first). ;)
     
Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    521
Thread Status:
Not open for further replies.