is kerio 2.1.5 obsolete

Hi zopzop! I am using Comodo and use a proxy server.

 

Well, well, the "experts" think it is necessary to slag off normal users (I'm one of those) because they are soooo ignorant. Dear "experts", don't read the following information, because undoubtedly you already know this.
Here is a small warning for others reading this thread. The enthousiasm about Kerio 2.1.5 may be a reason for you to give it a try, like it was for me. I installed it yesterday and ran the programs that need to connect to the internet.
This morning I saw that a new version of my bittorent client (utorrent) was available, so naturally I replaced the old one. Surprise, surprise utorrent was able to connect to the internet without a warning from Kerio about the update, in spite of the fact that the size of the .exe went down from 172kb to 169kb.

Bwahahaha, what a brilliant firewall! If it doesn't even detect something as simple (but crucially important) as an updated program it stinks.
I couldn't believe this hyped program failed so miserably, so more "tests" were done. I compressed\decompressed a few programs (in order to change the file size). These changes were all detected. After that I played with utorrent for a while, switching between the old and new version. And yes, kerio reported the change a few times, but mostly it didn't (guestimate: 8 or 9 out of 10 times).
Utorrent is a p2p program with outgoing and incoming connections, so not something you'd want to see modified completely unnoticed.

Who cares about overhyped (according to the "experts") leak tests if a firewall fails at a very basic function? Any shitty hash checker can do this correctly, but not the mighty 2.1.5.
Conclusion: Kerio 2.1.5 is unreliable (unless you like Russian roulette).
And yes, I know you all have programs like SSM that will protect you from this problem.There is no need to tell me that. The fact remains that Kerio 2.1.5 fails where it shouldn't.

 

Test4, it is not normally overhyped. It is a pretty good packet filter firewall. With low resource usage.
I agree, with some posts like bellgamin's or others here, they are not true. Kerio 2.1.5 has not very good outbound protection, but as BZ told, that is not a function of a basic firewall.
There are people like myself, without a router connected to internet. I trust my Sygate 5.5.2710 and would also trust kerio 2.1.5 with good rule set configured to my connection. To be protected from unsolicited inbound connections.

 

I registered and posted because I didn't like the attitude of some people very much. But what I said is true, it failed to detect an updated program. No matter what others think a firewall should or should not do, I think outbound protection a basic function. Don't forget, we're not talking about some advanced leak test in this case (although even then a firewall should offer as much protection as possible in my humble opinion).

 

You obviously didn't write a correct rule. Kerio 2.1.5 DOES check md5 checksums, so it should have detected the changed app. It always has for me, so you must have either botched a rule, or made a non-app specific rule.

Cheers,

Alphalutra1

 

Apart from (not) allowing programs access to the internet I didn't make any rules. In fact, I imported the BZ rules set (which is supposed to be very good )

Like I said, I've been switching between the old and new version. Kerio only detected this a few times. In other words, it was totally unreliable.

I reported a similar problem in the LnS forum 2 years ago. LnS never detected updates for WinMX, while it did for (every) other program (as far as I could tell).https://www.wilderssecurity.com/showthread.php?t=36322&highlight=winmx
In the end LnS had to be updated in order to fix this problem. Something similar might well be the case here, who knows (only the Kerio programmers, I suppose, but they are not around...).Unlike LnS, Kerio 2 will never be updated.
That's why I've uninstalled this old firewall. I'm not willing to gamble with my security, not matter how good others say Kerio is. I have seen it fail in action and that proves more than claims by others.

To answer the question "is kerio 2.1.5 obsolete": yes, for me it is. No doubt about it.

 

It is very good. However, it has NO rules for controling applications from accessing the internet Time for you to learn what a rule based firewall is about before flaming a firewall for being worthless.

Alphalutra1

 

Yeth!

 

Kerio 2.1.5 has caught every such update on my system, including an application that a vendor tried to update without notifying anyone. Kerio stores an MD5 signature for every internet application listed in its ruleset. If you don't make a rule for a given application, Kerio has no MD5 to store and compare to, hence no alert.
You can't test a rule based firewall without making a ruleset for it that covers your internet applications. The BZ ruleset is not a replacement for a set tailored to your PC and its installed applications. It has to be treated as a starting point and edited to match your particular internet service. Then you still have to add rules for your applications.
Relying on Kerio 2.1.5 is not gambling on your security unless you have a poorly written or incomplete ruleset in place. Firewalls with automatic rule creation are more of a gamble. They write some very broad rules, many worse than the default Kerio rules. Kerio will enforce the rules you give it, so when you're testing Kerio 2.1.5, you're actually testing yourself. That's why it passes certain firewall tests on some systems and fails them on others. The rules are what is being tested. Tests like PCaudit2 are a lot like teaching tools in this instance. When the appropriate rules are right, Kerio will pass the test.
Rick

 

Welcome to Wilders as a registered member and as for the "attitude of some people"....I'll ask that We all despense with the "attitudes" and gratuitous bashing of other members which is not tolerated. Stick to the topic at hand Please and limit comments to that subject matter.
Bubba

Mod Edit

One post removed and any future posts with "attitudes" and gratuitous bashing of other members will be removed without further comment.

 

Yep, very well observed. How would a program be able to have access to the internet without first having made such rules?
Read my previous posts please before flaming me.

 

Kerio 2.15 does have md5 authentication and should have found the bit torrent change if installed or set up correctlly.Even on the default settings it would catch it..Id try it again and check your settings this time.It sounds like you allowed bit torrent last time with "dont ask me again" and didnt have md5 authentication enabled which would have alerted you to the change.Either that or kerio is conflicting with another app you may be running.
ellison

 

Im not sure i understand you correctly here.If you mean it has no preset application rules ,then that is true however it does present the user with the option to permit or deny (one time only or dont ask again) outgoing connections for apllications,if the ask user is ticked
ellison

EDIT and apologies...After reading your post again,i think that you were ,commenting on bz ruleset rather than kerio?

 

Correct, and no need to be sorry. It just seems that test4 doesn't seem to have a clear grasping of a rule based firewall at the moment, and seems to think that BZ ruleset is a perfect universal ruleset that requires no tweaking.

test4, if you want and same with zopzop, please post your ruleset here in picture form (from screenshots) so we can all see what is going on. In addition, please post a picture of the md5 hashfile page.

Cheers,

Alphalutra1

 

alpha, i mentioned back on page one of this thread that i used the default ruleset when i ran the leaktests. all i asked was how would a discontinued firewall like kerio do against current leak tests, then i was basically called an ignoramous by another poster. all this when i didn't even "badmouth" the firewall. rather than insulting my intelligence, giving an example ruleset in kerio on how to defeat an example leak test would have been more gentlemanly, but i guess that was too much to ask for. like the discussion on this old thread:
https://www.wilderssecurity.com/showthread.php?t=61518&highlight=kerio dnstester

 

Did you ever allow or disallow ANY application access to the internet. If so, then the ruleset has been changed. That is why I asked for you very politely in a gentlemanly manner for you to post a screen shot for all those who may or may not know what the default ruleset is like in addition to the rules automatically created by kerio which are not very restrictive on applications to see them.

Cheers,

Alphalutra1

 

One might consider 2.1.5 "obsolete" but it sure as hell is constructed a whole lot better than the versions following it, including those from sunbelt. I never had a problem with 2.1.5 but the newer releases blew up my machine, it would blue screen if I didn't atend to immediate pop ups and it always unloaded a conflicting driver at bootup. I switched to Comodo, so far it works much better, but 2.1.5 is still a good program, and if you make some good rules, it should work fine for you.

 

I just wonder why kerio 2.15 would be considered obsolete because it fails some leaktests ,that practically all need user intervention to run anyway and that can mostly be stopped by programes like SSM.To me thats like saying my AV is obsolete because it doesnt detect such and such a virus/trojan whereas another AV does.I dont believe routers can stop leaktests either so should we consider them obsolete too?
ellison

 

i allowed IE, geswall, and the windows processes to access the internet. when prompted by kerio when an application wanted to access the internet, i read the information in kerio's popup and selected 'allow' and then 'create an automatic ruleset'. i now know that's not what you should do with rule based firewalls like kerio. the amount of time and knowledge that it would take to configure kerio to acceptable levels is beyond me.

i see and my comments weren't directed at you, you've been polite through all this. i'm quite happy with jetico and comodo and i'm not looking to change firewalls. when i replied to the OP, i didn't flame kerio and just gave my opinion on 2 firewalls that are pretty good because they pass the majority of leaktests right out the box (and i now realize that leak tests aren't the end-all-be-all when choosing firewalls). honestly if i knew the thread was going to go this way, i would never have posted in it.

 

Alphalutra1,

Default installation ruleset:

 

Hello,
A few notions of me own:
First, why do you want to replace Sygate? Is that because it's no longer supported? Why do you need the support anyway? Sygate is robust, light, easily configurable and runs perfectly with default settings. No need to replace it.
As Zeus said, leaktests are like how good is the door at defending against a burglar once you let the burlgar freely walk in. Don't execute unknown programs and you won't have to bother with leaks.
About Vista anfd future firewalls - it's called Linux.
Mrk

 

How is this possible
You still haven't read anything I wrote, have you?
If you really can't be bothered to do so, for the final time: I DID make appropriate rules. Kerio failed, plain and simple, whether you like it or not.
The end. By any means, just continue saying I don't know what I'm talking about. People might believe you in the end.

If it can happen to LooknStop it can happen to Kerio!
(you probably didn't read the related thread in the LnS forum either)

 

Well i dont want to take sides but all i can say is that kerio 2.15 has never failed md5 authentication for changed programes (if it has been enabled) in 3 years (off and on) usage ,on my system.Nor have i personally known it to be unreliable.I dont disbelieve what you are saying but personally ,and logically i would look more at my setup rather than kerio as it has a very good reputation and is tried and tested.Its easy to do.Just reinstall it again .Use the default setup ,make sure md5 authentication is enabled and try it again.Its a little harsh to make such a judgement of kerio ,on the basis of your recent (one day?) trial with an imported configuration (and dont forget the configuration may or may not have had md5 enabled) and seemingly little usage experience of the firewall.
ellison

 

Hate to tell you, but you quoted a post directed towards zopzop. Again, how DO I know that you made appropriate rules? Did you limit local ports to 1024-4999 (or 5000) and limit the remote ports for each app to appropriate ones such as 80 and 443 for browsers? All I asked for where pictures of your ruleset and of the md5 page so we can look at it and see what is going wrong, even possibly HELPING YOU even though you don't seem to want to talk in a calm matter. And BTW, I did read the looknstop thread.

Alphalutra1

 

hi to all,
i guess i really stirred up the fw forum. sorry about that.
i installed 2.1.5 for 4 days but its a bit complicated for me. with sygate i didnt allow server rights for anything but did allow updates, no automatic, and etc. i have checked the logs of my reinstalled sygate and i see what ports my apps are using. i do see where my apps use more than one or 2 ports but i wouldnt know what port to limit any app to. so i guess ill stick with sygate for now but im keeping my copy of 2.1.5 and in the future when i get the port thing down and a few other things ill install 2.1.5 and ask for help here. nothing against sygate but id like to advance to a rule based fw sooner or later.
BZ: ive read your comments on many threads for the last 5 yrs and you are the undisputed king of fw knowledge, especially kerio 2.1.5, IMHO;-).
to everyone else, i did learn from reading this thread that i dont know enough about fw's to venture out to a rule based fw at this time.
thank all of you for your honest coments.

L