Jetico for everyone!

Discussion in 'other firewalls' started by olap, Jun 4, 2006.

Thread Status:
Not open for further replies.
  1. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    is ok or not?
     
  2. rpi

    rpi Registered Member

    Joined:
    Jun 14, 2006
    Posts:
    8
    No it's not ok. With your rule speed is: 111.4 KByte/Sek with no other activity on the network.

    With the "Allow All" ruleset that comes with Jetico, and simply allows everything, I have full speed, about 1800 KByte/Sek. So I know it's not a Jetico bug that makes my network very slow.
     
  3. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @ rpi
    go "Ask User" table and change svchost.exe rule from "TrustedZoneOnly"
    "FullAccess"
     
  4. rpi

    rpi Registered Member

    Joined:
    Jun 14, 2006
    Posts:
    8
    Unfortunately no change. It's still only like 50-90 kb/sec. To test I changed all the system rules to Full Access with no change. That's my speed without your ruleset: 1,990.7 KByte/Sek
     
  5. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    I totally back 'Stem' up on saying that 'Olap's ruleset makes Jetico less safe. Especially when it allows your computer to accept unsolicited connections that could be malicious. The defaults for Jetico were put there for a good reason. Hell, Jetico passes more firewall vulnerability tests out of the box than almost any others on their highest security settings. Once installed and set to automatically save changes, you can then customize it to YOUR setup. You answer the prompts easy enough but you must know what it is asking you. It might take a little bit of learning more about TCP/IP and other protocols but it is worth it for it's protection. I was intimidated at first by Jetico but the more I configured it for ME, the easier it became to understand it, and it did not replace my previous firewall until I became comfy with it. I would never suggest Jetico for everyone. If someone asks me to help them setup a solid firewall and they don't know much about security, I will help them with ZA, Sygate, or something similar.

    IF YOU FAIL TO LEARN HOW JETICO WORKS AND USE RULESETS THAT HAVE BEEN DESERVINGLY QUESTIONED THEN YOU ARE PUTTING YOUR INTERNET SECURITY IN SOMEONE ELSE'S HANDS. IF YOU CANNOT USE JETICO EXCEPT BY RELYING ON SOMEONE ELSE'S ADVICE WITHOUT KNOWING WHAT IT DOES FOR YOUR SETUP, THEN YOU SHOULDN'T BE USING IT.

    'Stem' has given some excellent support for Jetico here on other threads and if someone wants to get their hands dirty learning it, then the help is there. I would be VERY wary of the ruleset put forward in this thread that 'Stem' tested and said ACCEPTED INCOMING UNSOLICITED CONNECTIONS, and 'rpi' is now complaining screws up his download speed. I have searched about everything I could on Jetico and have never seen its default config slow down an internet connection.

    No offense 'Olap', but I really think you need to rethink your approach to Jetico. 'Stem's approach is much safer - publishing individual app rules rather than a end-all be-all ruleset.
     
  6. rpi

    rpi Registered Member

    Joined:
    Jun 14, 2006
    Posts:
    8
    olaps ruleset is very good from the security point. It alerts any connection attempt. I don't care about incoming stuff since I have a router. The only problem is the brutal slowdown and I don't see why it does that. Maybe I kick it off and give Comodo a try.
     
  7. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    rpi, i have a router as well and i am running Jetico in one pc configuring it as if i had no router at all, this way should the router fail (very unlikely,but..) i wouldnt suffer.
    Why giving Jetico a premature kick when you can go back to a default optimal configuration and start over?
    Even with its default, out of the box, state Jetico is far too good for many a firewall,as Charincol already stated in his previous post!
    Why dont you restart with the default config and proceed to add a rule at a time when you feel confident about it,with no fuss at all? This way you will both learn and build something more valuable-efficiency wise-than anything pre-configured or standard. Reading all Jetico concerned threads here will help to understand this 'alien' program which is unique and outstanding.
    I only hope Stem patience will last....:D
     
  8. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @ irp
    I don't have a hardware router to test I have dial-up,
    do you have maybe AntiVirus with Web Antivir enabled? disable WebAntivirus!
    with KAV-webantivir enabled I have problem with slow connection!
     
  9. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @ charincol
    about your opinion and conclusion

    'Stem' tested and said ACCEPTED INCOMING UNSOLICITED CONNECTIONS"

    read last two post from 'Stem'!

    'Stem' tested and said accept "Stateful Inspection" is hole?

    Look how much Stem understand from this in his last post, below! NOW WITH SEGUEL

    I see that you use LnS, and when you use Phant0m`s ruleset YOUR INTERNET SECURITY IS IN SOMEONE ELSE'S HANDS TOO? stupid! yours and stupid! Devil's Advocate finally conclusion!

    just that much about your and Stem mastery from firewall! how firewall work, which rule is before and afterward Stateful Inspection rule and, and....!

    PS. Hola charincol & Devil's Advocate, maybe are yuo this special associates from 'Stem' that run some special attacks (connection attemps)? how Stem say My associate managed to connect in? continue run, run, run.. LOL

    PLEASE...!
    Have Fun..
     

    Attached Files:

    Last edited: Jun 17, 2006
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    olap,

    Stateful packet inspection will not protect you when, as your ruleset (full access) will allow inbound connections from any IP.
    They where able to connect in, because your ruleset "Allows inbound connections"
    olap,.. your lack of knowledge on this is quite scary,..considering you are posting full rulesets
    Your ruleset (fullaccess) "Allows Inbound connections",... this you are now admitting, but saying this is safe as it is going through the SPI (stateful packet inspection).
    This is part of a post by "Paranoid2000" in respect to SPI for OP
    original post here
    This is true for Jetico for allowing inbound connections
     
    Last edited: Jun 15, 2006
  11. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Finally some voices of reason from poirot and charincol.

    Also I don't know why there is this sheep like tendency for newbies to want to use Jetico. Sure , it's light, it's flexible and more importantly to noobs it has all sorts of "process attack" rules that help it handle leak tests and to them it's the most important thing.

    What they fail to realise is

    A) unlike almost every firewall in the market, it doesn't run as a service, so it doesn't start untill the user logs in, creatiing a period of vulnerability.

    B) It's flexible and powerful, but flexible and powerful is useless if you don't know how to use it. Oh sure with drastic rule set editing you can change it into a zonealarm free clone, but if that's case, why not just use zonealarm lol.

    C) You know all those irriating popups you are complaining about? Well a number of them (particularly the event "access to network) are what allows the company to claim that they are able to beat a lot of leak tests. Oh wait, you don't understand what all the prompts mean and click yes to everything? Too bad there goes your leak test protection.

    Or maybe some of your experts just completely turn off "access to network (we alert on everything)" feature Well there goes some of your resistance to leak tests. :)

    D) Want to know another reason for the annoying popups that never seem to go away? Stupid Jetico doesn't have any autoupdating of modified files. Just updated Firefox so that the hash of the file changes? Oops, you have to drill down into the rule set and manually create the rules again.

    Sure there are work arounds, so you need only do it *once* per application by using application groups, but still fustrating. Compare to good old ZA or Kerio, they warn you that the file has changed and [B}ask you{b] if you want to allow. Click yes, and all your rules are updated, no fuss no muss.

    Seriously if you don't have the chops to run something like Kerio 2, don't borther thinking you can run Jetico without more learning. You can't. And you will end up with less protection.
     
  12. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    Advocate

    God bless Jetico Team for this excellent firewall!
     
    Last edited: Jun 16, 2006
  13. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    Holla at ya boy!
    Go ahead and try not sue me!

    OK, first shock and stupid reaction from quasi geek is gone by.
    This is normal, no more mystery about Jetico is no more quasi geek, and this unhappiness them!
    Someone with more knowledge on the subject not react in this manner!

    Significant is that nobody is any more crazy with Jetico!
    So is good! Only this be my intention!
    Updated rule come out soon.
    See Ya...

    PS. Sign up and receive a Standard Audit of your system, http://securityspace.com/sspace/index.html, and find out whether or not you have any vulnerabilities that hackers could exploit.
    Examine your system with a comprehensive suite of 10914 vulnerability tests to learn if your system's security is at risk.
    It's free to do the basic test, although you have to register, and it takes about 3 hours to complete
    your browser with "FullAccess" rule pass this test 100%

    God bless Jetico Team for this excellent firewall!
     
    Last edited: Jun 20, 2006
  14. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    Hola!
    New updated Ruleset with "Application filter" and "Packet filter" be out!
    For all yours Application "Browser type" or Application what need internet access or update through port HTP,HTTP,or FTP use "FullAccess"(IExplorer, Firefox,Proxomitron,AdMuncher,Privoxy,Anti-Virus,AdAware,SpywareBlaster,SpybotSD,Ewido,Tor,FTPClient,DownloadManager,Messenger..etc Apply "Handle as..."FullAccess"
    For P2P Application,this rule is created for eMule,UTorrent and DC++,if you use BitComet or
    Azureus..etc, only what you need for this application is to enter new Inbound Access rule to
    "P2P" table!Apply "Handle as..."FullAccess"
    If you need to create new "table" for your "new Application", create new "table" under "root" with rule for this Application, then go to "FullAccess" table and create new (Application rule with verdict direction to your "new table name").You can see how in this rule!
    In "Ask User" table apply "Handle as..."FullAccess" for this new Application!
    For Application and system what no need internet access apply "Handle as..AccessToNetworkOnly"
    If you use Tor-Privoxy-Proxomitron to access to internet apply "Handle as..."FullAccess" for
    this three Application, rule is created in "TorPrivoxyProxomitron" rule!

    You have now Rule that artless Jetico use, this is New Age!
    someone will verify him so many they won't do him, but Thats it!


    as I am good :D

    Enjoy...
     

    Attached Files:

    Last edited: Jun 24, 2006
  15. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    because you have cancelled your post?
     
    Last edited: Jun 25, 2006
  16. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi, olap

    Strange words to use considering your very Post in starting of this thread was with a Rule Set Olap.bcf.txt.

    Anybody using that Rule Set must be PUTTING THEIR INTERNET SECURITY IN SOMEONE ELSE'S HANDS ALSO. :D

    Take Care,
    TheQuest :cool:
     
  17. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    I had missed that TheQuest.

    I do understand some TCP/IP. I have an outdated Net+ certification and have dealt with traffic shaping in FreeBSD's ALTQ and l7filters using a wondershaper script in Linux.

    I have not been using L'n'S for a while now. But, when I did, I had a pretty good grasp at what Phant0m's ruleset was doing and had no problem creating rulesets for P2P apps and more secure MS lansharing rules to replace the default ones.

    I installed Jetico inside a Win98 virtual machine to start learning it. Then I installed it on my XP gaming partition. Once I felt comfortable with it there, I replaced L'n'S with Jetico on my main XP partition and haven't looked back. Maybe sometime soon I'll try Tiny.o_O

    I did not immediatly put my trust into Jetico or someone else's suggestions or rules until I learned how to use it or at least had a pretty good understanding of it, just like I did with L'n'S. That's what I meant when I said that if you do not understand how to use Jetico or any other packet filter firewall with your own rules or someone else's, you shouldn't be using it. You would be better off with just XP firewall or behind a router.
     
  18. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @ TheQuest

    Dear TheQuest, my to know on the net traffic or firewall doesn't originate from number of post on the this forum but originates of the school, have understood! of the school!
    If you believe that yours to know is worth more with title "Very Frequent Poster", continuous to believe!
    Dear Quest the paranoia is not substitute to understand!
    Discussion with you I stop here!

    someone will verify him so many they won't do him, but Thats it! :cool:
    as I am good with Jetico! :D

    Enjoy...
     
    Last edited: Jun 26, 2006
  19. private

    private Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    7
    Thanks Olap for this fine job!

    Thank you!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.