is kerio 2.1.5 obsolete

came accross this site with some useful info on firewalls.
http://www.matousec.com/
they have an analysis of kerio too.

hope it helps

Melih

 

They have been discussed much here on these forums with a representative from them as well. Personally I don,t trust them at the moment ( due to selling the vulnerabiliries mainly-- looks weired!!) but will see later how the matters go.

 

Another utorrent beta and again is has access to the internet without a warning, in spite of the fact that when checking the MD5 manually, it is reported that:"MD5 of Application 'D:\SOFTWARE\UTORRENT\UTORRENT.EXE' is not correct!"

There is a definite conflict with what is stated in the help file:"If the communication is permitted by the user Personal Firewall creates an MD5 signature for the application. This signature is checked during each subsequent attempt of the application to communicate over the network. If the application's executable is changed (e.g. it is infected by a virus or it is replaced by another program) Personal Firewall denies communication for this application, displays a warning and asks if such a change should be accepted (e.g. in case of the application upgrade) or not."

This implies that a program will always be checked, independently of the rules that are in place. Even in case of a rule without any limitations (allow all traffic in and out) an updated version should trigger a warning (not that I use such rules,of course ). I uninstalled Kerio after the lastest c**k up, but now it will be permanent. This unpredictable behaviour is just too dangerous.
(apart from the fact that fwdrv.sys gave me a BSOD this morning, which in itself is enough reason to ditch a program).

 

Theres two decent webpages here with (pics) for setting up a basic kerio,if ever you wish to install it again.
http://www.urs2.net/rsj/computing/kerio/index.html

http://www.dslextreme.com/users/surferslim/tpf.html
eliison

 

hi,
after reading the info at the 2 links that ellison supplied in the previous post i have installed kerio 2.1.5. i have been to grc and sygate security scan and scanned with all their scans. everything came up stealth so i think as far as i have gone im good.

any comments, please.
humm, dont seem to have the 'manage images' down so i have to do another post, sorry.

 

again, sorry for this but here is the other part of my rules. this is the 'top' of my rules.
comments please.
L

 

You have the basic ruleset ,so now you could tighten them up a little if you wished.For example you could probably cjange firefox to
TCP>OUT....LOCAL>ANY PORT ....REMOTE>ANY ADDRESS but instead of any port you could choose "list of ports " in dropdown and use the common browser port 80 and 443 (sperated by a comma) so it would look like 80,443
The same goes for avg email scanner.You could narrow the remote "any port" to list of ports and just use 110,25 for incoming and outgoing mail.
Also many updaters use the same remote address ,so instead of saying any address you could look at the remote address that kerio says the application is connecting to on the initial application popup and choose just use that address.
You could also turn off microsoft networking option if you just have teh single home computer.Also you can untick "enable dns resolving" and "check for new versions of firewall" in misceallaneous tab.
Perosnally i find kerio easy because it makes the rule for you basically and gives you options.Heres a pic of some rules i have.Of course im not an expert , and im behind a router ,so i use mainkly for application filtering.But youll get the jest of what im on about regarding the remote ports anyway.

 

hi ellison64,
been busy at this end but i managed to tighten up my rules. any suggestions would be appreciated.

 

a quick note.
even though i believe i have firefox setup correctly im still getting popups for ff in the 1100 range.

L

 

I would move your deny all protocols rule to the very top since you aren't in need on any incoming connections if that is your entire ruleset. Also, try to restrain all applications to ports 1024-5000 (that includes ad-aware, avg, etc) Also, try to find the individual ips of the update servers for all of your security apps so your rules can be even more restricted, same for your mail servers

Cheers,

Alphalutra1

 

hi Alphalutra1,
i just tried your suggestion to move the deny all protocols to the top but i couldnt get online so i switched back and im online again.
ill try to get the ip's addresses of my update servers and ill tighten things up and get back later today or tomorrow afternoon/evening.

L

also, if i try to limit ff or tbird to just a single remote port they dont work.
am i missing something here? im just a rookie with a rule based fw.

 

hi Alphalutra1,
ive tightened up my rules abit and any comments/suggestions are welcome.
ive found that i reboot faster, get online faster, and my scans run faster since installing 2.1.5 .

 

I think alphas suggestion of limiting all the apps to port range of 1024-5000 is a good idea..like you already have for firefox.You might also want to use the permit loopback rule here so that you dont have to permit it all the time.
http://www.urs2.net/rsj/computing/kerio/index.html
Its under the "application rules" section on last screenshot.
I dunno whther its a placebo effect but i always think my normal explorer browsing (i.e opening folders ,etc) seems faster with kerio installed too.
Dont forget you can save your config file by clicking administartion>miscellaneous tab>save..and browse for somewhere (my docs or wherever) to save the current config file.
ellison

 

hi to Alphalutra1 and ellison64,
this is what ive got so far except i havent worked on Karens Whois yet but will here this evening.
i want to thank you for helping this rules fw newbie. now that ive played with the settings abit the light bulb is slowly coming on;-). i didnt know a thing about ports much less local and remote but im getting it.
one thing id like to ask, BZ has a default set of rules to start with yet that rule set has not been mentioned as far as directions for me to follow. it was mentioned earlier though. the link i used to setup my rules suggested to delete all default rules and start over (same link as in the above post). there are several rules that are in the BZ default rules but havent come up for me to set any rules for. is there a problem with that or not?
ok, my rule set; 2 pic's.

thanks,
L

 

second part of my rules.
please feel free to offer anymore suggestions;-).
again,
thank you
L

 

Your rules look good. I don't know why you allow Generic Host for Win32... twice though, you should delete the top rule, or at least disable it and only enable it when you go to windows update. Also, your DNS rule should only be outbounds, not both ways.

BZ's ruleset wouldn't give you any added protection in your situation. You have definately done a great job at tightening up your ruleset

Alphalutra1

 

hummmmm,
i reset the DNS rule and couldnt log in here. so i changed it back and all went well. any ideas?
hahaha, i got carried away with Generic Host for Win32. ive since deleted both rules and i will let it popup when i go to ms updates and defender updates. thats the only time ive ever seen it logged in any fw logs anyway. besides i dont mind the popup for that service, it gives me a warm fuzzy feeling knowing that kerio is working;-).
if you think of anything more just post it and ill see it. i do read alot of posts here and over the yrs ive learned quite abit. this is a great site with great people deciated to helping all.
thanks to all.
L

 

You're fine with dns both ways, you need that for dns to work in kerio 2..

 

That's right, sorry about the mixup lasu. I am so used to CHX-I

If you need anymore help, feel free to ask.

Cheers,

Alphalutra1

 

I have a question about setting up a rule for the BOClean updater.
On their website it says they use "PASSIVE FTP" on PORT 21.
Now when I set up Kerio 2.1.5 to allow BOClean to use port 21 I still get repeat pop-ups telling me that the BOClean updater is trying to connect but each time its for a different port.

What do I do now?
Also what is Passive FTP? Am I missing something in the rules and that is why I see these pop-ups all of the time?

 

hi all,
well i have a question now. im getting popups connecting out using ff. kerio is asking me to permit/deny using ports that are in the range specified. if i deny ff loads anyway because its a big range and many ports use. why am i getting the popups when those ports are 'permited' in the rules?
also, A2 Squared needs 2 rules. if i block either it wont update.
these are my rules for A2
thanks,
L

edit:
i use filezilla for my site but i cant upload/download my directory listings.
filezilla says:
time out detected.
could not retrive directory listing.
checked logs but nothing there. i probably dont have something checked to log what is going on?
thanks,
L

 

Its probably the remote ports that kerios asking about for firefox (not the local ports where you have the range 1024-5000).You have 80 and 443 i believe?.Sometimes you may need to allow other remote ports if you are using progs like admuncher etc ,or even antivirus that uses a web proxy.Not sure about filezilla ,but have you made sure the rule is not below the deny all other rule that you have? (you can tick untick that rule and see if you can connect).If its not below that in the rule order ,delete file zilla rule and see if kerio pops up for a new rule once you activate filezilla again.The a2 suqred rules are probaly right.Bothe addresses for emisoft...see pic.

 

hi ellison64,
the filezilla rule was above the deny all other rule. i deleted the filezilla rule and brought up filezilla and let kerio popup with a new rule. i tightened the rule a bit and all is working fine now. strange, i had deleted the filezilla rule several times yesterday in order for kerio to bring up a new rule. each time i permited the new rule but i still couldnt get to the site. oh well im just beginning to understand kerio so the trouble was myself and not kerio.
by the way, my whole sys is running a bit faster now and i dont think its the 'placebo' effect, its the kerio effect;-D.
again, thanks to all who posted in this thread. i have read all posts and though some didnt pertain exactly to my questions i found the open discussion refreshing and enlightening.
ellison64, those 2 links for kerio setup were great and ive included them at my site for those who want to install kerio 2.1.5 and a link to this section of wilders for help w/kerio 2.1.5.
again, your help is greatly appreciated
L

 

I wish once windows vista arrives and those persons using, there will be simple packet filter firewalls like Kerio 2.1.5 and also for newbies light firewalls like Sygate.
Some have overheating CPU like mine so lightweight is needed

I am currently running again kerio 2.1.5.
I posted this one to my avast antivirus forum, but not really much answers there. All gone to bloat firewalls I guess?
http://forum.avast.com/index.php?PHPSESSID=856683bf98a2b5d97db2b7ba9567bbe8&topic=22030.0
One needs to be a forum member to read the ruleset I have for avast proxies.

About what sunbelt told of kerio 2.1.5 being tired code, that I guess is true.
Not bad code, but tired in a sense that it is undocumented and not much possible to work on it. This happens to software once the designer quits from it.
Same thing I think happened to Sygate. They tried to have it security center recognized. But it was I guess also "tired" code. Designer gone. So 5.5 is the last version I recommend. It is a good newbie firewall able to teach many things about how internet works.

About those people expecting always updates, firewall is just a packet filter in basics. Windows gets updates for it's holes, but firewall like kerio or sygate, them not needed.

I am not any soon going to update to new win os, but wish there will be simple rule based firewall for someone like me.

Kerio 2.1.5 has a few faults in its GUI. Rule making does not have ability to use some previous rule as a template. Also one has to be very carefull to use Apply once a rule is made and still not always sure.
It is a minor inconvenience.

I have tried also Kerio's last version of 4, before it was to Sunbelt.
All nice in theory, but SBOD's in my system. Cannot tell if it was my overheating CPU or just something in that firewall itself. Was not just stable. But I suspect it was the firewall, I really do. But will not go bashing kerio 4 no more.

So Kerio 2.1.5 is still very much a good firewall in my opinion.

 

Hi there,

From a layered security point of view this may be stupid, but I gave up outbound firewalls. They hassle the average user with pop-ups in learning mode. From all the one I tried, I found Comodo the best.

For the PC my wife is using I use only the Nat-router inbound firewall (send port 113 to oblivian by rerouting it to a non-existing IP-adress), GeSwall virtaulization/sanboxing (beats defense wall, bufferzone and sandboxie in ease of use and protection, read the threats on Wilders), MsDefender (with remove for high and recommended action for medium and low), Avira Antivir (we don't need an email antivirus because our cable provider uses Clam AV on its mail server). Spywareblaster (for against Active X), Spybot Helper (against bad sites, host file/hijack protection) and McFee site adviser (so she can see wheter a web site has a bad reputation).

Works without pop-ups for 1 year now.