Another KPF2 vs KPF4 question

Unlike many users, I've had good luck with KPF4 on my machine. That being said, I would like some advice.

A friend of mine has ongoing problems with garbage on his computers. He has a habit of downloading things and is not as security-minded as he should be.

I recently set up a new machine for him with KPF4, set it to learning mode and ran through several scenarios to build the ruleset. He took the machine and within three days managed to let things through the firewall. I think he just clicks OK each time he sees an outgoing connection alert.

1. If I used KPF2 with BZ's ruleset do you think I would have better luck than with KPF4? I have never used KPF2 and am somewhat afraid of it (I've read that it is not moron-friendly).

2. Should I stick with KPF4 and just import the ruleset?

3. What else do you recommend to protect folks that are admittedly careless?

This fellow uses his computers daily in his business. I know most of his wounds are self-inflicted, but I would really like to help.

Tnx;
Doug

 

1. Yes you will, KPF 2 is very easy to use, despite what some people say.
2. No, just use KPF2 because it has a admin password built in, so he can't exit the firewall without a password
3. Either stop them from using a computer or at least educate them about computer security. It is better to not use a computer than to carelessly use it and complaina abotu how you lost your credit card numbers, files etc.

 

Unfortunately, if the user insists on doing unwise things, then there isn't much you can do to protect him/her.

 

Is this friend of yours using Internet Explorer as his web browser? Somehow, I suspect that the answer is "yes."

What you could do is install Kerio 2.1.5 with BZ's default standard ruleset. Customize the ruleset to fit his particular ISP, and then run all applications he normally uses to access the Internet. Don't forget antivirus and antispyware programs that need access to retrieve updates. Then go into Kerio administration and set it to "Deny Unknown." Anything that isn't specifically allowed by the ruleset will be blocked, period. Kerio won't even ask, and if Kerio doesn't ask, your careless friend won't be given the opportunity to give malware permission to connect to the Internet.

I'd also set an administration password. And don't give the password to your friend. At least, not right away. That way, your friend will be forced to call you if the ruleset needs some additional tweaking to accomodate some new application.

Thanks for your post. I am now going to consider using this approach with my clueless friends and relatives.


Phil

 

Agree with the previous posters.Kerio 2 had terrorised me too the first time i saw it as newbie after months of ZA,but it's not difficult.Specially when using BZ rule sets,the most of the job is already done for you.I just edited the "Unrestricted DNS" rules,specifying my DNS primary and secondary IPs,disabled some other rules that are for LANs etc that i don't have and then simply added some mine when specific programs asked for permission.I use 2.1.4 on SP2 and still didn't have a problem (i did have a dll error from time to time with 2.1.5).IMHO,it's how all firewalls should be.It merits to be installed only for the fact that does what others do and wants only 2 MB RAM for it!Dumb the bloatware Kerio 4 ,at least until becomes stable,and install Kerio 2.But then of course,i doubt you ll ever leave it for Kerio 4

 

Is there a place to download Kerio 2? Or has it been erased from the Internet like K-Lite 2.4.5? So maybe only a select few users were smart enough to save the installer?

 

http://download.kerio.com/archive/download.php

 

Thank you all for your replies. I think the best approach is to install KPF2 on my own machine to get familiar with it. Then I will install it on my friend's machines next time they go down.

Yes, he had been using IE/OE. I installed Opera which he has been faithfully using for browsing and mail. Unfortunately, I did not sufficiently cripple IE. I suspect he opened IE when Opera was unable (due to restrictions) to find something.

Doug

 

The link doesn't work. You need to snip download.php: http://download.kerio.com/archive/

 

I am going to set up a machine with all of the software this person uses and experiment with configurations. When I feel comfortable with the stability/security issues I will create a drive image for installation on his machines. This should serve as a suitable replacement for the bloated and unsecure factory install disks that come with them.

Hyperion noted that 2.1.5 caused errors with XP. Should I install 2.1.4 instead?

 

I've never had a problem with 2.1.5 on Win XP, thats with several systems running XP

 

The only problems I've noticed reported with Kerio 2.15 myself are:

- Kerio's Buffer size needs to be patched in registry not to cause a buffer problem
http://www.dslreports.com/forum/remark,3060806?hilite=registry buffer

- It sometimes loses it's rules completely

- It has unpatched vulnerabilities (as reported by Secunia):
http://secunia.com/product/1493/

- sometimes limits ethernet network bandwidth down to 1/3 - 1/2 of it's maximum bandwidth

Some people have noticed a BSOD with fwdrv.sys though:

http://www.dslreports.com/forum/remark,12530877

 

The registry patch is

---------------------------------------------------------------------------
Increase your buffer size.

Go to registry, HKLM\SYSTEM\CurrentControlSet\Services\fwdrv and change value MaxbufferSize to 16000
---------------------------------------------------------------------------

Presumably this is the decimal value. I see that mine is already set a 16384 in 2k sp4.

Does this patch refer to earlier versions?

 

You will lose rules, if when Windows XP is loading up your welcome screen or login box and you power off your computer before the welcome screen or login box displays.

I use Kerio 2.15 on Windows XP and have experienced this. You may try if you want (at the risk, of using your firewall rules, so export/backup first).