Jetico 2 New Release (build 34)

Discussion in 'other firewalls' started by Stem, Aug 22, 2007.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    22-August-2007 version 2.0.0.34 released. Changes:

    * Stateful inspection for ARP protocol added.
    * Monitoring of direct access to memory, OLE/COM communications, process code/memory modifications disabled in 64-bit versions to prevent conflict with Kernel Patch Protection after Windows Update KB932596.
    * Clone/Delete policy, Clone table commands added to the policy tree context menu.
    * Expand/Collapse command added to the policy tree context menu.
    * Empty values handling fixed in rule parameter editors.
    * Column order save/restore bug fixed.
    * French translation provided by Patrick Leloup.
    * Default configuration template updated:
    Explorer.exe is allowed to access the network
    Stateful ARP enabled to prevent ARP poisoning
    "Bypass" rule fixed in the "Access to network" table


    Download:- http://www.jetico.com/download.htm
     
  2. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Stem,

    thanks for the info! Of course, I will try this build as soon as I can. Not that I need ARP protection, but a new build is a new build ;) Other improvements sound quite useful to me though.

    How convenient...

    Cheers,
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Seer,

    I have not installed yet, but will later.
    I hope this gives the ability to export rulesets (?), I did ask for an export option last year (and told "yes" it would be easy to impliment)
    I have mentioned this numorous times, as without this, there is slow shutdown/startup.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    It's good to see that they are still working on Jetico after all this time. If I still needed a software firewall, I'd most likely be using it now...
     
  5. Bls440

    Bls440 Registered Member

    Joined:
    Jun 22, 2007
    Posts:
    82
    Me too.
    I like Jetico very much because it's light.
    The only thing which keeps me away from using it, is that it requires too much knowledge to get it working properly.
    I'm still waiting for a complete automation of the rules, or at least, some presets for some Windows Services (a wrong 'Block' decision and your connection is locked :/ )
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello :)

    I have been busting my brains over this very same issue a few months ago. I finally got it, with a little help from your side :)

    Cheers.
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Is this unique to Jetico or does it happen with any firewall?
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Just Jetico (that I know of).
     
  9. wat0114

    wat0114 Guest

    The complexity of Jetico's interface had always given me headaches whenever I trialed past versions, but I could never quite turn my back on it for good. So on that note this version has, so far, afforded me a rather pleasant experience :) This is developing into a truly awesome firewall.

    Just to make things easier I went into a couple of the application templates, Web browser & Mail Client, and modified the rules to offer a bit better security, as well as adding inbound/outbound connections to localhost and send/receive datagram rules. Then I just use the templates for my browsers and email programs, saving loads of time by not having to create so many individual rules for each application. Obviously there is still a lot for me to learn about this firewall, but at least I don't find it a frustrating, hair pulling experience like I used to :)
     
  10. wat0114

    wat0114 Guest

    So what gives here? explorer.exe is allowed to access the network, but can it do so unsolicited? In my first screenshot it is allowed indirect access to the network, otherwise blocking it kills my Internet access, but the second shot indicates what happened for the first time in two days using Jetico, that explorer.exe attempts to receive datagrams with remote addresses my DNS server ips. I block it permanently and there have been no ill effects yet; no blocked Internet and no slow restarts or shutdowns. It would appear there is a big difference between indirect access and network activity o_O
     

    Attached Files:

  11. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    I do not allow explorer.exe internet access.


    Yes. There is a big difference.
     
  12. wat0114

    wat0114 Guest

    Me neither :)


    That's what I thought, but based on several comments I've read in this and the official Jetico forum, I got the impression that Jetico 2 allows explorer.exe complete network access because it needs indirect network access, and, in fact, all other applications allowed indirect access! I have yet to see evidence that explorer.exe gains Internet access with this version of Jetico.
     
  13. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Have you performed a (file/folder) search using explorer's "search" feature perhaps? AFAIK, this is the only case when explorer will do network connections (@home). I personally block this as well, but I don't find this to be a big concern.


    BTW, this version is playing nicely with me so far. Nothing to complain about.
     
  14. wat0114

    wat0114 Guest

    Good point! In fact, that is exactly what I did when it happened :) It is not surprising to me that explorer.exe attempted Internet access; I have see it happen many times before and I always block the attempts permanently. The only question I have had concerning this with this version of Jetico is whether or not it actually can access the Internet, simply because it needs indirect access. It appears it can not, which is a good thing.

    BTW, I, too, have encountered no issues with this release. It is IMO a fantastic little firewall and not too difficult to figure out. The only possible issue I have seen with it is its HIPS-like feature seems sometimes slow to trigger alerts. I have often seen where I open an app that it has no rules for yet, and I don't see an alert on it until several seconds after it has launched, so I don't know what is going on there.

    That said, I'm surprised it isn't talked about more, but maybe that is because anyone who has trialed previous releases, especially 1.0, have experienced nothing but confusion attempting to configure it so were turned off completely by it. There must not be a very large user base of this fw. I had found it quite confusing before but I recognized the potential in it, so I always kept it in the back of my mind to try it again. I'm glad I did :)
     
  15. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I am now curious. As I said, the only outbound attempt from explorer.exe I saw was when you perform a 'search' from explorer. Have you noticed other attempts by explorer? If so, please tell me in what cases.

    I don't have anything blocked 'permanently' with Jetico, as I do like to have a better insight in outbound attempts by blocking them only 'once'

    I use SSM alongside Jetico, and I have also noticed (in the past) that I am warned on interprocess operations from Jetico a few seconds after SSM pops up.

    Yes, 'confusion' may be one reason for Jetico's notoriety. But, you have to consider the 'eye-candy' aspect as well. I have noticed that most users (unfortunately) give priority to GUI, and you must admit that Jetico is not the prettiest one ;) Looks rather 'geeky', but I personally like this.
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It would depend on the process and to what it does on startup. Some applications I have will load many files first, initiate, then attempt access to windows sockets(winsock), the access to windows sockets would then be intercepted and an alert given (it may take a couple of seconds for the application to attempt the access). If you are seeing this from a specific application, then please post details and a download link, I could then check any delay for its attempt for access (or indirect) to network, and compare this to a popup from Jetico (version 1 and/or 2).
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes "wat0114", some more info on this please. I too only see internet access attempts by "Explorer.exe" made when a serch is performed.
    Explorer.exe is a target for some malware, where attempt is made to control this process (various methods), and unfortunatly quite a number of firewalls allow "Explorer.exe" internet access by default (or whitelist)

    I personally just name the blocking rule and set it to logging. But both methods can give the user important info, certainly if they start to have connection problems due to blocking a needed app/process
     
  18. wat0114

    wat0114 Guest

    Sorry for any confusion I caused. I tend to ramble sometimes :) Indeed, it was only when I performed the search that explorer.exe attempted Internet access. I just couldn't remember that until Seer posted his comment on it, then it reminded me of it. The indirect access of course occured much earlier because, as you know, explorer.exe launches just about everything, including browsers. I have no issues whatsoever re explorer.exe & Jetico now that I have figured out what is going on.

    Thank you Stem for your explanation on Jetico's alerts. That is likely all that is happening. It most recently occured with winzip.exe, even after winzip was closed o_O I would have to post details later tonight or tomorrow when I have time.

    Overall, I'm very satisfied with my ~ 1 week experience using Jetico.

    Thanks again Stem and Seer
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Applications can remain in memory even when the application is terminated, this can be for various reasons, usually due to open threads (or due to unresolved instance).
     
  20. wat0114

    wat0114 Guest

    You are no doubt correct on this :) For the heck of it, I will post later on what happens with Winzip. Thanks again Stem!
     
  21. Dogbiscuit

    Dogbiscuit Guest

    Jetico 2 seems to have a problem with multiple accounts in XP. My system usually freezes after exiting any account. Seems fine, otherwise. Although I'm a little surprised that the XP firewall isn't disabled by Jetico after installation, nor enabled when uninstalling Jetico.
     
  22. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    Yes I have found this too. One way I have found to fix this is to Log out and Log In several times till Jetico gets required pop ups and is configured. I no longer have freezes when logging in or out and switching users.


    I allways disable windows firewall before install. That is the best practice.
    I am not surpised that Jetico does not have this feature, alot of other firewall don't either.
     
  23. wat0114

    wat0114 Guest

    This procedure may help shed light on what is causing the freezes. You have to register an account to see the screen shots.

    Out of curiosity, what kind of "Access control" have you given the limited accounts for Jetico?
     
    Last edited by a moderator: Sep 2, 2007
  24. Dogbiscuit

    Dogbiscuit Guest

    The default configuration values only.
     
  25. wat0114

    wat0114 Guest

    Okay, I ask only because I wonder if the "Limited" access is causing the problem. I assigned "Full" to my limited XP account because I don't want to have to keep going into my Admin account to configure the fw.
     
Loading...
Thread Status:
Not open for further replies.