How good is Kerio 4.3?

Having only used ZoneAlarm free and Symantec Coroporate I tried Comodo but it slowed down my down/upload times by 40% (IBM T60p, 2.0ghz core2 w/ 2gb RAM), so I'm trying Kerio 4.3. So far, so good.

It has HIPS, NIPS, and an Application Behavior Blocker -- seems like the essence of what Online Armor and Safe'nSec are doing.

I'm running nod32 and SpySweeper 5.2, w/ Ad-Aware and Spybot S&D on demand.

What else do I need??

Comments (impartial and unbiased, of course!! ??


//

 

Well first off, it seems to me that you have too many antispyware applications. They are not all running on-access, are they? It seems repetitive to me. NOD32 is great and should be and adequate program by itself, if you take the layered defense approach; one app for one hole. You're trying Sunbelt Personal Firewall, which is very good (but I prefer LnS). It does have some HIPS-type features. It is a very good deal for the money. I liked it, but you may not. Test it out and see if it works for you. I prefer LnS (firewall), NOD32 or Dr Web (AV/AS), SSM (HIPS), along with various applications to "tighten" windows.

If I were you I would lose the multiple AS applications and try Sunbelt's Personal Firewall.

 

As I say above, the Ad-Aware (personal) and Spybot 1.4 *are* strictly on-demand, not resident. They are purely for back-up (although I use Spybot's IE "immunizer" function), so only SpySweeper is running as my resident anti-spyware (mainly) app; it does have a number of "shields" which I use.

So far I do like Sunbelt's Kerio 4.3. I'm just wondering if its HIPS, NIPS, and Application Behavior Blocking features are strong enough. I run the app with a password, so I think I'm safe from tampering. Am I?

Also, what do you like about LnS that's better than Sunbelt's (Kerio) 4.3 firewall??

Finally, what apps/etc are you using to "tighten Windows"?? I've used Steve Gibson's products in the past. Worth a hoot?


//

 

Right, but even having more than one resident security program, such as NOD32 and Spysweeper, is just too much. It's needless overkill. Especially with NOD32. That should be the only resident program. Trust me, your system will thank you.

Well I like the fact that LnS seperates it's application filtering from it's internet filtering. Plus, it is strictly rule based, which gives the user a lot more control, flexability, and security. But firewall rules can be difficult to configure. Just use Phantom's set for LnS. Also, system footprint is dramatically lower with LnS that it is with Sunbelt's PF. I do like the fact that once your purchase LnS you own it forever, there are no yearly fees for updates. I also think it tries to do too much. I prefer different applications for ad and web blocking; proxomitron and opera ad filter (see my signature).

Harden-it (here)
Secure -it (here)
Bugoff (here)
XP Antispy (here)
Samurai
WWDC
xpy

I can email the rest to you if you like

That depeneds on what you mean by "strong enough." Every user has different needs. Some applications only alert you when something happens, these are responsive applications. SPF is one such appllication. Other works proactively and require rules for every process and application. In that respect, nothing will happen without you giving permission. SSM is a program like that. Password protecting doesn't change the fact that a "pro-active" defense is often better that a responsive one.

 

Well I like the fact that LnS seperates it's application filtering from it's internet filtering. Plus, it is strictly rule based, which gives the user a lot more control, flexability, and security. But firewall rules can be difficult to configure. Just use Phantom's set for LnS.

Where do I find that? And what kind of parameters does it use?



I also think it tries to do too much.

Sunbelt Kerio??


I prefer different applications for ad and web blocking; proxomitron and opera ad filter (see my signature).

How about Firefox 2? I've been happily using Ff since it was sub-1 and have been very happy with it. *Lots* of tweaking available. I've been using ad-block plus and no-script, and other things. Works well. 2.0 is supposed to add anti-phishing.


//

 

That depeneds on what you mean by "strong enough." Every user has different needs. Some applications only alert you when something happens, these are responsive applications. SPF is one such appllication. Other works proactively and require rules for every process and application. In that respect, nothing will happen without you giving permission. SSM is a program like that. Password protecting doesn't change the fact that a "pro-active" defense is often better that a responsive one.[/QUOTE]


The password protection aspect is for security against changes/removal of the app itself; at least that's what I have it for.

SSM (and others, like Online Armor): this is seems like it involves a *lot* of stopping-to-click to run one's daily online life! Or does it all quiet down after the rules have been set? Or do you <not> make many rules, but continue to make decisions about all your software processes?? Sounds busy!!


//

 

I think hanging out in forums like Wilders, Castle Cops, and Spyware Warrior has made me more knowledgeable, but also more paranoid. When I bought NOD32 about a year ago, my NOD rep told me that all I needed was NOD32 and a good firewall. Nothing else.

Of course, I decided to by Spysweeper too because I just didn't think that NOD32 could handle it all. So now I have Comodo Firewall, Spysweeper and Nod32 (I also use Spyware Blaster). With this set up, I haven't had any problems. However, I am a safe surfer. I don't look at porn, I don't go to crack sites, I don't download music. So if you are like me, I bet your current suite is just fine.

Keep in mind, I am no expert. Not an expert in the least. I would imagine that my current security suite has hole that could be exploited. But I'm not really savvy enough to know. I feel safe and haven't had computer problems. So far so good

 

Hi SamSpade,

OA has a Safety Check Wizard which will scan your start menus. Any programs not on OA's whitelist, you'll be asked what you want to do (allow, block, or ask me every time). So, if you set things up right during install you won't get many prompts at all, except for when software updates.


Mike

 

Thanks for the feedback. I'm in the same mold as you with regards to net use. I've been told that NOD32 (I've now purchased) and SpySweeper together are "overkill". I unloaded SpSw and the mem load decreased maybe 5 to 7 megs. True, with the new SpSw 5.2 (includes an antivir module) the computer start-up takes about 5 minutes to quiet down (vs. 2 minutes before), but seems like a small price to pay for the added layer of SpSw shields and redundant av checking.

I'm curious: why Comodo? I know it's free, but doesn't it slow down your net traffic??

Sam


//

 

Thanks, Mike. I'm still undecided as to whether I need to add something other than the HIPS, NIPS, Behavior analysis of SunbKerio 4.3, along with the shields on SpySweeper. Still considering it, though.

Sam


//

 

At the moment, there's a compatibility issue reported between Kerio and OA - so, if you're happy with Kerio OA may not be for you until we solve it (kernel mode driver), or release our firewall. I'll duck out of this thread now, lest it be dragged OT

 

I am sorry to say, but Kerio 4.3 isnt as good as you might have first thought it to be, If you look at the most recent leaktest/termination score page here, you'll see why.

http://www.firewallleaktester.com/termination.php

 

Comodo might slow down surfing a tad, I'm not sure. When I installed it, I was alos using On-line Armor which is a great product with excpetional customer support. OA slowed down my surfing as well. So when I installed Comodo and uninstalled OA, my surfing seemed about the same as when I was using OA plus Zone Alarm Free.

I couldn't use Comodo and OA together, they slowed down my system when used together. For no, I have opted to go with Comodo, though when OA releases the firewall version I will more than likely unistall Comodo and put OA + Firewall on my system.

I like to tinker with my security suite until I find the right combination of protection, ease of use, and sytem resource friendliness.

By the way, NOD32 plus Spysweeper is not overkill. Just don't use the Antivirus portion of Spysweeper. My ales rep from NOD told me just the other day that NOD is no longer suffucent to cover all malware threats. You need a backup program like Spysweeper or Spyware Docotr to get all the spyware. Again, I'm no expert, but that is what my NOD rep told me.

 

Interesting report. So,.... what to do!! Is there *any* stand-alone sw firewall that passes all leaktests and the kind of stuff this firewallleaktester can throw at it??

From this test Outpost looks best. Outpost ranks pretty high on other tests I've seen. Is it the best stand-alone fwall?


//

 

You can read from my post in this thread what I think of kerio 4.
https://www.wilderssecurity.com/showthread.php?t=151254

Leaktests, they are nowadays more to do with a HIPS programs than pure packet filters. I dont do tests on those, but I read other users posts.
Of course when we change to windows vista with new computers we buy, we might need to consider other than good old stable packet filter firewalls.
I did not like Comodo, the rule making was too restrictive and clumsy for me, but it seems good in leaktests passing. It is more like a firewall and HIPS, than a pure firewall of course.

 

Comodo Personal Firewall passes all of the leaktests at that site. The results section might not show the most recent results. But Comodo is free, easy to use, and passes all the leak tests. I use it on my machine.

 

I tried leaktests on Cmodo, and pcflank got throught to the point where Comodo asks to block the test webpage, when I blocked that popup, it also blocked Internet Explorer from displaying other pages too! untill I removed the blocked site from Comodo

 

I used Kerio 4.3.x for a couple of years. I quite liked it, but got the occasional BSOD associated with fwdrv.sys, which is a known issue. I didn't used all of the application behaviour alerting, because I got sick of so many popups. I also found that I had to turn of web content filtering in order for one of my webmail pages to work - but I imagine this could occur with other firewalls that have a similar feature.

ps. I am now trialling KIS, and getting the hang of its firewall. Seems to be working well.