is kerio 2.1.5 obsolete

Discussion in 'other firewalls' started by lasu, Jun 19, 2006.

Thread Status:
Not open for further replies.
  1. lasu

    lasu Registered Member

    Joined:
    Mar 19, 2005
    Posts:
    43
    hi to all,
    im looking for a free fw to replace sygate. im using kerio 2.1.5 right now but according to several people its obsolete. now ive been reading this forum since i registered and ive never read that kerio 2.1.5 is obsolete so i ask, is kerio 2.1.5 still a good fw? if it isnt then what free fw's do you all use?
    thanks in advance.
    L
     
  2. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    lasu, why not try jetico or comodo firewalls? both are free and pass the majority of leak tests out there right now.

    between the two jetico is less resource hungry but comodo is easier to use and passed more leak tests. but like i said both are awesome.
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada

    I've been running Kerio 2.1.5 on my Laptop for the last four years now without any problems.:)

    IMHO I think it's still a good Firewall, easy to use and very light on ressouces.As for myself, I will keep using it.
     
  4. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    i still am using kerio 2.15 and i love it to bits but im behind a nat router though so just really use it for outbound protection :thumb:

    i know many people still using 2.15 though


    v4 i found to be very buggy didnt like it much either
     
  5. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Kerio 2.1.5 is an excellent firewall. It may be an old firewall but it does the job and is also free.
     
  6. herbalist

    herbalist Guest

    I'm still using Kerio 2.1.5 and have installed it on several PCs I maintain for others. It's easy on resources and disk space and performs very well. Firewalls aren't like AVs or anti-spyware programs. They don't need updating every time a new pest is discovered. Internet applications still use the same protocols and IP address system, and use the same ports as they always have. The basic system hasn't changed, so a firewall that worked 5 years ago still works now.
    The main difference between Kerio 2.1.5 and a newer firewall is the additional features the newer ones come with. The newer ones are more correctly described as security suites, often including application control, cookie management, popup blocking, script blocking and more. Kerio 2.1.5 is strictly a rule based packet filter.
    If you prefer to have all the other functions included in one security suite, then you'll want something else. The "all in one" suites are easier to set up, but use more disk space and system resources. They also tend to be less secure than well chosen single components. Often when a vulnerability is found in any part of a security suite, it adversly affects all of it, sometimes crashing the whole suite and leaving you exposed. When a vulnerability is found in one of the single purpose programs, the rest of the appliactions keeps working. If you prefer to assemble your own security package, Kerio 2.1.5 is an excellent firewall. I've been using it for years and it has never let me down, which is more than I can say for some of the suites I've tried.
    If you enjoy writing firewall rules and getting into the details of securing your system, a combination of Kerio 2.1.5, System Safety Monitor, and Proxomitrom is about as secure as you can get with Windows using software based security, as long as the rules you write are good. If you add a hardware firewall or router out front, your system will be nearly bulletproof. For maximum security and stability, single purpose applications are the way to go, and Kerio 2.1.5 is is one of the best to build your own security suite around.
    Rick
     
  7. lasu

    lasu Registered Member

    Joined:
    Mar 19, 2005
    Posts:
    43
    hi to ghodgson, the_sly_dog, Antarctica, and zopzop.
    thanks for the quick replies.
    the_sly_dog.
    i tried the new v of kerio thats a sunbelt fw now but it lacks the info im used to.
    i havent tried jetico but ill try it this week, thank you. resources are not a problem here but i would prefer a low resource fw as i use low resource soft as much as possible.
    comodo? ive read about it but havent tried it and as with jetico ill try it this week.
    thanks to all of you for the info and ill get back to you all after ive tried the 2 above mentioned fw's.
    again, thanks for your suggestions :)

    L
     
  8. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    herbalist how does a discontinued firewall like kerio fare vs all the new leaktests? most "up to date" firewalls (paid or free) fail many of those tests.
     
  9. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am useing it now and have off and on for years and I believe it is a great firewall. But I also use a nat router.
     
  10. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Almost all, if not all leaktests are against the operating system, NOT THE FIREWALLS... so forget what you think. To those that question the ability to pass leaktests, keep your ignorance to yourself as its an issue of the user letting malware on the system in the first place, its not a firewalls job.

    Now its a good rule based firewall, but actually almost all firewalls as we currently know them are going to have issues with Windows Vista, many current version firewalls are going to be completely obsolete with Vista, especially for the big reason they don't filter ipv6, along with Vista has a very different tcp/ip stack. So all this talk about obsolete should be considered that in about year there is going to be huge changes to these firewalls, or they are going to be obsolete to run only on previous operating systems.
     
    Last edited: Jun 19, 2006
  11. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    there's no need for the attitude, i just asked a question. lot's of malware now-a-days is bundled with innocent looking/sounding things like screensavers and smileys.
     
  12. herbalist

    herbalist Guest

    I can't try all the tests as several of them don't run on 98, but with the ones that do, 2.1.5 actually did better than Kerio 4, at least it did on my system. Just how well a given firewall will do is much more dependent on the ruleset than many realize. Some of them target IE6, which mine will pass. I have IE6 completely blocked from the internet.
    I just finished running pcaudit on my old box. In all fairness to the test, it has no chance to test my firewall unless I both allow it to start and to set its hook. SSM intercepts both actions. Kerio 2.1.5 passed the test with no help from SSM or any other software. A while ago, I saw a thread about this test and in most of the posted results, it was defeated with the process control/hook detection component of the firewall suite in question. If you want to see how good your firewall or the firewall component of your security suite really is, allow the process and the hook. A good firewall should still defeat this test without help from any other security software, provided your firewall rules are tight. While this test uses a system hook, it's primarily testing how well your firewall controls loopback connections. Some firewalls do this well. Some don't.
    As for the other tests, out of the ones I have on hand that run on 98, here's the results. I allowed all the processes and hooks that SSM intercepted. This way, only the firewall itself was tested.
    Shields Up website - all stealthed
    Leaktest 1.2 - passed
    Firehole - passed
    Ghost 1.1 - doesn't seem to work on my system
    Tooleaky - passed
    Outbound - passed
    Wallbreaker - passed, probably because I have blocked both IE6 and windows explorer from internet access
    Yalta - test doesn't work properly on my system. It tried to claim that the message was sent successfully each time, the last of which proved it's wrong. I had removed the phone line from the PC, so there was no possibly way it worked, but it says it did.
    AFAIK, the rest of the firewall tests won't work on my OS. Many of the newer tests are more directed at the process control/anti-hooking components of the newer firewall suites. These can also be defeated by a separate HIPS (host intrusion prevention system). IMO, you can achieve tighter security with separate components than you will from a combined suite. When using a combined suite, it's worthwhile to test the firewall component separate from the application/hooking control component, just to make certain that the firewall component itself is effective.
    A few times per year, I have my system audited at Security Space. The no-risk audit is free as are individual tests. They also have single tests for specific firewalls. Kerio 2.1.5 did very well there the last time, only one minor problem and it was in my internet service. It's worth spending a few hours there.
    Rick
     
    Last edited by a moderator: Jun 20, 2006
  13. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    hello again herbalist, i downloaded kerio 2.1.5 from here:
    http://www.321download.com/LastFreeware/page7.html

    and i tested it against the leaktests found here:
    http://firewallleaktester.com/categories.htm

    i'm running windows xp service pack 2 (with all the latest updates and patches installed), i used IE with the latest patches and updates, i disabled windows xp built in firewall, and i had no other security app running while i tested kerio.

    these are my results :

    LeakTest1 : LeakTest - passed
    LeakTest2 : Tooleaky - failed
    LeakTest3 : FireHole - failed
    LeakTest4 : Yalta - passed
    LeakTest5 : Outbound - didn't run, said i was missing packet.dll
    LeakTest6 : PCAudit - failed
    LeakTest7 : AWFT - failed every test except test 3
    LeakTest8 : Thermite - failed
    LeakTest9 : CopyCat - didn't run, this test just hangs
    LeakTest10: MBtest - didn't run, said i was missing packet.dll
    LeakTest11: WB - failed all 4 tests
    LeakTest12: PCAudit2 - failed
    LeakTest13: Ghost - failed
    LeakTest14: DNStester - failed
    LeakTest15: Surfer - failed

    breakout is an odd test, test one connected to a webpage. so i'm ASSuming it failed. test 2 could not hijack IE but it did change my desktop
    LeakTest16: Breakout

    LeakTest17: Jumper - failed
    LeakTest18: CPIL - failed
    LeakTest19: PCFlank - failed

    something worth noting : when i first installed kerio i restarted my pc and then opened up IE. i told kerio to create an automatic ruleset for IE when prompted by kerio if i should allow IE to connect to the internet.

    i'll ask aigle (another forum member) if he can repeat these tests and what his results are (if he has time).
     
  14. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    First of all, you used the default kerio ruleset, which isn't very tight. It is designed for ease of use for customers. Secondly, you should make a new ruleset, and if you don't know how to, I can't call your results valid since you don't even know how the internet works, so you obviously have no clue what a leaktest is even doing.

    In addition, leak tests are pretty worthless. For the majority, all target other applications to access the internet for them, particularly IE. Is it the firewalls job to take care of how browsers and other applications can be manipulated, NO. Firewalls are meant to filter packets coming into your computer and out of your computer based on which protocol, port, fragmentation, application (maybe), etc. They are not in charge of monitoring your system for api calls, process injection, and other attacks. That is the job of a HIPS and in particular the author of an OS or program protecting his application or OS from exploitation.

    Cheers,

    Alphalutra1
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    I still use it on all of my home pc's as well. It works fine for me and is nice and light. I have a router so this is a nice backup, especially to monitor for outbound alerts.
     
  16. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    In fact the default rules are so loose you can drive a mack truck through them, however if they were not that way it might even prevent somebody from doing a domain login/etc before they had a chance to configure the rules, which is why I made the default ruleset replacement years ago which can be found in a sticky in this forum, however its only a general base to work from, and people who test without fully knowing how to use the program need to keep their trap shut or their ignorance will show, like it happened here. I warned them about their ignorance.... Rule based firewalls require the user to actually know what they are doing :cool:
     
  17. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    the majority of people out there (like me) are beginner or intermediate users. a free firewall like keiro when installed and using the default ruleset doesn't do the job. most users would expect a firewall to work without having to tinker with the default rules.
     
  18. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    many other free firewalls with the default settings pass the majority of these leak tests and are just as easy to use as kerio.

    the results are valid with the DEFAULT rulesets that kerio comes with. i even made mention of that in post.

    then why do people bother to test firewalls for leaks in the first place?
     
  19. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    teh default kerio ruleset works but its not entirely secure. if it was more secure then people would just complain if an app doesnt work/connect. its a matter of balance.
     
  20. herbalist

    herbalist Guest

    Most firewalls come with rulesets that are far too permissive, not just Kerio 2.1.5. As for the results of the leaktests, they are of limited value. While some will show specific weaknesses in a firewall or its ruleset, the way they're being used to compare firewalls is more like advertizing.
    Zopzop,
    Concerning some of the results you got from the tests:
    The PC audit tests use loopback connections, which are connections back to your own PC, attempting to exploit an application that has internet access thru the firewall. I don't remember if the loopback rule is part of the default Kerio 2.1.5 ruleset or if it's added afterwards when a loopback connection is asked for. If yours has a rule permitting loopback, delete it and try that test again, clicking "deny" on whatever alerts you see. The audit attempts to use every running process it sees. Your proxy settings also affect this particular test.
    Tooleaky attempts to exploit Internet Explorer. I don't use IE6 and have it blocked from internet access, which defeats this test. With Wallbreaker, only 2 of the 4 run on my system. Again, it tries to use internet explorer, and fails as I have it blocked.
    Regarding outbound, I don't see anything on the page it uses newer than 2003. Can't tell if it works or not.
    The others don't run on my system, except for Firehole, which didn't connect out on mine even when I shut off the firewall. Why, I don't know.
    It isn't really possible to have a firewall start with an extremely tight ruleset. The vendor has no way of knowing what apps you use, what the IPs of your DNS servers are, etc. Firewall rules are tightened by matching them to your internet service and the software you use. This doesn't have to be done the day you install it. As you learn more about how and why they work and what your system actually needs to work properly, you can edit them to match. Windows asks for a lot more internet access than it actually needs, especially XP and all those services. With the older systems like 98, you can block just about all of the operating system components from accessing the net.
    Even with the default ruleset, Kerio 2.1.5 is still much better than the windows firewall. The help file it comes with is pretty good. It has a section named "Introduction to TCP/IP" which will help you with the basics. Tightening up a ruleset can be an education in itself. Just take your time with it.
    A couple of suggestions that might help you along the way.
    Kerio reads the ruleset from the top, downward and uses the first rule that applies. The order the rules are in is as important as the rules themselves.
    Kerio also lets you save and import rulesets. Make a backup copy of the default rules before you start modifying them. That way, if you make a mess you can't fix, just import the default ruleset back in and start again. Make backup copies of the rulesets as you add or edit rules. They don't take up much disk space and can end up saving you from starting over at the beginning. You might also want to skip the password option until get your basic ruleset made. Otherwise, you'll get tired of typing it in every time you add or modify a rule. If you need help, just ask.
    Rick
     
  21. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    ah i see now. herbalist, i used to use zonealarm for about 2 years and i tested it by going to grc.com. i thought that by getting a "full stealth" score and passing steve gibson's leaktest that i was good to go. then i stumbled on to the leak test web site and saw the pass/fail marks for each firewall. not believing it, i tested some of those tests vs zonealarm and was surprised by the results. it failed many of them, then i attempted to try out other software firewalls like sygate, norton (i used a trial version), mcafee (trial version), i never heard of kerio or tiny so i never tried them. i also never meddled with the default rulesets or settings. each of the firewalls i tried failed numerous leak tests. then i found this site and heard of jetico and comodo. i tried these out and they passed almost all the leaktests with me doing nothing more than selecting 'allow' or 'deny' when the firewall prompted me for a decision during the tests. so i settled for comodo on my desktop and jetico for my laptop. i was lead to believe (not by the firewall leak test website) but from sites like cnet and pcmag.com that leaky firewalls were horrible security risks. i'm finding out just now that leaks may have been overhyped?
     
  22. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    In my opinion, they are being overhyped. I believe that a firewall (when it comes to preventing malware from phoning home) is the last of the last of the last of the last resorts when it comes to stopping malware. That is the job for your real-time protection whether it is a HIPS, AV, AT, AS, etc.

    Cheers,

    Alphalutra1
     
  23. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    I've been running kerio 2.1.5 for about 2 years. It's my favorite firewall. I've previously ran sygate, zonealarm, outpost, and jetico. I plan on keeping kerio till it won't work anymore. If I had to choose another firewall. It would be Jetico.
     
  24. herbalist

    herbalist Guest

    More than once Kerio 2.1.5 alerted me to undetected trojans right after I installed it, systems that the AVs and anti-spyware apps reported to be clean. That's one of the things I like about 2.1.5. The alerts not only name the app, but also show its location in the file system and gives the IP address it wants to connect to.

    Zopzop,
    The firewall has to be viewed from both perspectives, first in line with incoming packets, last with outgoing packets. In loopback circumstances, both views apply. An example would be running your browser thru Proxomitron, a rule based web content filter. The outgoing packets from the browser are the incoming packets for Proxomitron. The default loopback rule created by Kerio 2.1.5 basically allows any application to connect back to any other application. The PCaudit test looks to exploit rules like that by hooking apps that normally can't access the internet and having them loop back to ones that do. While HIPS programs can easily defeat a test like this by blocking either the process itself or the hook it uses, it can also be defeated with firewall rules that control this type of connection. A fair amount of malware uses this approach to defeat poorly configured security systems. In that respect, this is a useful test that you can run repeatedly until you get the rules tight enough to defeat it. With Kerio 2.1.5, you can get very detailed with loopback rules by making them for individual applications, specifying the allowed protocols, the ports it can use, and the traffic direction. Not all firewalls allow you this degree of configurability. Once you have a good understanding of how it all works, you'll be able to tighten up your ruleset as well.
    Many of the other tests you tried create conditions that are beyond the coverage of a normal firewall. While many of the firewall suites can pass some or most of those tests, it's not a fair comparison. It's often the HIPS or application/hooking control component of the suite that defeats the test. When Kerio 2.1.5 is used with a separate HIPS like SSM (System Safety Monitor), the combination will in all probability outperform the combined suite. The problem here is that SSM is a lot like Kerio 2.1.5 in that it's also rule based and is only as good as its ruleset. If you're willing to learn how to write rules for both applications, I highly recommend them both. They're a potent combination, but you have to know what you're doing to get the most security out of them. You have to decide if you want to get that deep into your operating system. If they look to be more than you want to deal with, you'll be better off with something else.
    Rick
     
  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    If you have a router, then Kerio 2.1.5 a good choice that provides unreservedly grrrreat outgoing protection.

    @zopzop- Blitzenzeus can be *blunt* at times, but he is very knowledgeable about firewalls-in-general, & is arguably THE best expert on Kerio-in-particular. He generally hangs out at DSLR. It's nice that he dropped by this thread.
     
Thread Status:
Not open for further replies.