How good is Kerio 4.3?

Discussion in 'other firewalls' started by SamSpade, Oct 25, 2006.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    Having only used ZoneAlarm free and Symantec Coroporate I tried Comodo but it slowed down my down/upload times by 40% (IBM T60p, 2.0ghz core2 w/ 2gb RAM), so I'm trying Kerio 4.3. So far, so good.

    It has HIPS, NIPS, and an Application Behavior Blocker -- seems like the essence of what Online Armor and Safe'nSec are doing.

    I'm running nod32 and SpySweeper 5.2, w/ Ad-Aware and Spybot S&D on demand.

    What else do I need??

    Comments (impartial and unbiased, of course!!;) ??


    //
     
  2. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Well first off, it seems to me that you have too many antispyware applications. They are not all running on-access, are they? It seems repetitive to me. NOD32 is great and should be and adequate program by itself, if you take the layered defense approach; one app for one hole. You're trying Sunbelt Personal Firewall, which is very good (but I prefer LnS). It does have some HIPS-type features. It is a very good deal for the money. I liked it, but you may not. Test it out and see if it works for you. I prefer LnS (firewall), NOD32 or Dr Web (AV/AS), SSM (HIPS), along with various applications to "tighten" windows.

    If I were you I would lose the multiple AS applications and try Sunbelt's Personal Firewall.
     
  3. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    As I say above, the Ad-Aware (personal) and Spybot 1.4 *are* strictly on-demand, not resident. They are purely for back-up (although I use Spybot's IE "immunizer" function), so only SpySweeper is running as my resident anti-spyware (mainly) app; it does have a number of "shields" which I use.

    So far I do like Sunbelt's Kerio 4.3. I'm just wondering if its HIPS, NIPS, and Application Behavior Blocking features are strong enough. I run the app with a password, so I think I'm safe from tampering. Am I?

    Also, what do you like about LnS that's better than Sunbelt's (Kerio) 4.3 firewall??

    Finally, what apps/etc are you using to "tighten Windows"?? I've used Steve Gibson's products in the past. Worth a hoot?


    //
     
  4. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Right, but even having more than one resident security program, such as NOD32 and Spysweeper, is just too much. It's needless overkill. Especially with NOD32. That should be the only resident program. Trust me, your system will thank you.

    Well I like the fact that LnS seperates it's application filtering from it's internet filtering. Plus, it is strictly rule based, which gives the user a lot more control, flexability, and security. But firewall rules can be difficult to configure. Just use Phantom's set for LnS. Also, system footprint is dramatically lower with LnS that it is with Sunbelt's PF. I do like the fact that once your purchase LnS you own it forever, there are no yearly fees for updates. I also think it tries to do too much. I prefer different applications for ad and web blocking; proxomitron and opera ad filter (see my signature).

    Harden-it (here)
    Secure -it (here)
    Bugoff (here)
    XP Antispy (here)
    Samurai
    WWDC
    xpy

    I can email the rest to you if you like

    That depeneds on what you mean by "strong enough." Every user has different needs. Some applications only alert you when something happens, these are responsive applications. SPF is one such appllication. Other works proactively and require rules for every process and application. In that respect, nothing will happen without you giving permission. SSM is a program like that. Password protecting doesn't change the fact that a "pro-active" defense is often better that a responsive one.
     
    Last edited: Oct 25, 2006
  5. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
     
  6. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    Well I like the fact that LnS seperates it's application filtering from it's internet filtering. Plus, it is strictly rule based, which gives the user a lot more control, flexability, and security. But firewall rules can be difficult to configure. Just use Phantom's set for LnS.

    Where do I find that? And what kind of parameters does it use?



    I also think it tries to do too much.

    Sunbelt Kerio??


    I prefer different applications for ad and web blocking; proxomitron and opera ad filter (see my signature).

    How about Firefox 2? I've been happily using Ff since it was sub-1 and have been very happy with it. *Lots* of tweaking available. I've been using ad-block plus and no-script, and other things. Works well. 2.0 is supposed to add anti-phishing.


    //
     
  7. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    That depeneds on what you mean by "strong enough." Every user has different needs. Some applications only alert you when something happens, these are responsive applications. SPF is one such appllication. Other works proactively and require rules for every process and application. In that respect, nothing will happen without you giving permission. SSM is a program like that. Password protecting doesn't change the fact that a "pro-active" defense is often better that a responsive one.[/QUOTE]


    The password protection aspect is for security against changes/removal of the app itself; at least that's what I have it for.

    SSM (and others, like Online Armor): this is seems like it involves a *lot* of stopping-to-click to run one's daily online life! Or does it all quiet down after the rules have been set? Or do you <not> make many rules, but continue to make decisions about all your software processes?? Sounds busy!!


    //
     
  8. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    I think hanging out in forums like Wilders, Castle Cops, and Spyware Warrior has made me more knowledgeable, but also more paranoid. When I bought NOD32 about a year ago, my NOD rep told me that all I needed was NOD32 and a good firewall. Nothing else.

    Of course, I decided to by Spysweeper too because I just didn't think that NOD32 could handle it all. So now I have Comodo Firewall, Spysweeper and Nod32 (I also use Spyware Blaster). With this set up, I haven't had any problems. However, I am a safe surfer. I don't look at porn, I don't go to crack sites, I don't download music. So if you are like me, I bet your current suite is just fine.

    Keep in mind, I am no expert. Not an expert in the least. I would imagine that my current security suite has hole that could be exploited. But I'm not really savvy enough to know. I feel safe and haven't had computer problems. So far so good
     
  9. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi SamSpade,

    OA has a Safety Check Wizard which will scan your start menus. Any programs not on OA's whitelist, you'll be asked what you want to do (allow, block, or ask me every time). So, if you set things up right during install you won't get many prompts at all, except for when software updates.


    Mike
     
  10. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks for the feedback. I'm in the same mold as you with regards to net use. I've been told that NOD32 (I've now purchased) and SpySweeper together are "overkill". I unloaded SpSw and the mem load decreased maybe 5 to 7 megs. True, with the new SpSw 5.2 (includes an antivir module) the computer start-up takes about 5 minutes to quiet down (vs. 2 minutes before), but seems like a small price to pay for the added layer of SpSw shields and redundant av checking.

    I'm curious: why Comodo? I know it's free, but doesn't it slow down your net traffic??

    Sam


    //
     
  11. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks, Mike. I'm still undecided as to whether I need to add something other than the HIPS, NIPS, Behavior analysis of SunbKerio 4.3, along with the shields on SpySweeper. Still considering it, though.

    Sam


    //
     
  12. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    At the moment, there's a compatibility issue reported between Kerio and OA - so, if you're happy with Kerio OA may not be for you until we solve it (kernel mode driver), or release our firewall. I'll duck out of this thread now, lest it be dragged OT
     
  13. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
  14. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    Comodo might slow down surfing a tad, I'm not sure. When I installed it, I was alos using On-line Armor which is a great product with excpetional customer support. OA slowed down my surfing as well. So when I installed Comodo and uninstalled OA, my surfing seemed about the same as when I was using OA plus Zone Alarm Free.

    I couldn't use Comodo and OA together, they slowed down my system when used together. For no, I have opted to go with Comodo, though when OA releases the firewall version I will more than likely unistall Comodo and put OA + Firewall on my system.

    I like to tinker with my security suite until I find the right combination of protection, ease of use, and sytem resource friendliness.

    By the way, NOD32 plus Spysweeper is not overkill. Just don't use the Antivirus portion of Spysweeper. My ales rep from NOD told me just the other day that NOD is no longer suffucent to cover all malware threats. You need a backup program like Spysweeper or Spyware Docotr to get all the spyware. Again, I'm no expert, but that is what my NOD rep told me.
     
  15. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Interesting report. So,.... what to do!! Is there *any* stand-alone sw firewall that passes all leaktests and the kind of stuff this firewallleaktester can throw at it??

    From this test Outpost looks best. Outpost ranks pretty high on other tests I've seen. Is it the best stand-alone fwall?


    //
     
  16. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    You can read from my post in this thread what I think of kerio 4.
    https://www.wilderssecurity.com/showthread.php?t=151254

    Leaktests, they are nowadays more to do with a HIPS programs than pure packet filters. I dont do tests on those, but I read other users posts.
    Of course when we change to windows vista with new computers we buy, we might need to consider other than good old stable packet filter firewalls.
    I did not like Comodo, the rule making was too restrictive and clumsy for me, but it seems good in leaktests passing. It is more like a firewall and HIPS, than a pure firewall of course.
     
  17. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    Comodo Personal Firewall passes all of the leaktests at that site. The results section might not show the most recent results. But Comodo is free, easy to use, and passes all the leak tests. I use it on my machine.
     
  18. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    I tried leaktests on Cmodo, and pcflank got throught to the point where Comodo asks to block the test webpage, when I blocked that popup, it also blocked Internet Explorer from displaying other pages too! untill I removed the blocked site from Comodo
     
  19. bugsy_pal

    bugsy_pal Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    76
    I used Kerio 4.3.x for a couple of years. I quite liked it, but got the occasional BSOD associated with fwdrv.sys, which is a known issue. I didn't used all of the application behaviour alerting, because I got sick of so many popups. I also found that I had to turn of web content filtering in order for one of my webmail pages to work - but I imagine this could occur with other firewalls that have a similar feature.

    ps. I am now trialling KIS, and getting the hang of its firewall. Seems to be working well.
     
Loading...
Thread Status:
Not open for further replies.