Jetico Personal Firewall

Yep, there are days when I go thru several also. Right now I am trying to find the right combination of programs that work well together. Sometimes it's not easy. I guess I'll settle down eventually. Recently I've been considering the need for programs like Process Guard and Prevx, but haven't quite resigned myself to using them.

The truth is, almost any firewall will get the job done. I'm just having fun playing with them all...

 

At risk of taking this thread way off topic, here's how I see it.
This condition could probably not be described as a vulnerability, rather an unexpected condition when dealing with fragmented packets on Kerio 2x. I have not re-read the details of this issue for some time, but issues of firewalls handling fragmentation in quirky or "wrong" ways are hardly unique. My guess is that Kerio 2x does not analyse the complete packet until all packets have been received and also sent. So perhaps with ICMP denied all fragmented packets will be allowed until the last one that allows full packet reassembly is attempted to be sent - and this will be stopped. Then again, who knows unless this is thoroughly tested? Perhaps all fragmented packets are allowed without filtering, even after re-assembly.
The main issue with fragmented packets and firewalls not handling them "properly" is likely to be DoS conditions rather than any meaningful connection being made both inbound and outbound (there are specific tools for stress testing firewall fragmentation handling). It should also be pointed out that fragmented packets are just that - packets that usually mean nothing by themselves. Additionally, I believe the Maximum Transmission Unit in the Windows kernel should have some bearing on how large such a packet can be.

I've been meaning to do some firewall tests on consumer firewalls to determine their exact behaviour on issues like fragmented packets and stateful packet inspection but I just have not got around to it. It's these kind of vendor-dependent situations which should be clearly documented for the end-users.

The following link provides one example of just how unexpected firewall behaviour can be:
http://www.spitzner.net/fwtable.html

 

ghost,

Nice post and nice link.

Diver, in my perspective you are a Guru and Kerodo, I admire your guts to install and try out and then format windows and re-install, when I was younger, it was my daily routine, but too tired to do so now.

Diver, I too experienced the same behavior that you faced with Jetico when it wouldn't ask for permissions and only do so after that program has accessed the net couple of times.

 

Hm, long time - no Jetico update.
I use ZA now, but they have been able to reproduce my problems and said they will be fixed in the next update.
I think, they should have establish some official forum if their software goes thru so long testing stage.

 

Arup-

The program (or programs) was not accessing the net. It probably was not doing anything so far as communications are concerned. Things would just run several times until Jetico firewall would issue a network access request dialog. The program at most accessed some networking component, but never actually connected out.

Ghost-

Interesting post and link. While not totally understandable, it did increase my knowledge somewhat. At least now I know something about what a SYN packet is and some of the other flags.

K-

Zone Alarm handles the proxy issue, or at least it did with my email/AV combo here. Try it again with Avast and see what happens. I don't like the idea of having to run stuff like prevex and process guard. But, I also think that all AV's should be comprehensive enough that anti trojan programs should not be needed.

 

Considering all this I would say that Zone Alarm does a mighty fine job, both the free and paid version, resource hog or not.

 

"try out and then format windows"

Better would be to use Acronis True Image. It takes about 20 minutes to image 14 gigs, and about the same to restore. I always take a fresh image prior to unstalling/uninstalling any Firewall or AV product. Been using it for over a year and its never failed.

 

I am no guru, believe me. I'm learning all the time. I just get a huge kick out of playing with all these firewalls. I'm actually an accountant by trade.. This is all just a hobby and fun for me..

 

Jetico really should have a forum for the firewall. I did suggest this to them a long time ago, but they didn't respond to the idea at all. Sooner or later they should establish one though...

 

Diver - Yes, I finished up my Kerio config and I'm now running ZA Pro again with Avast. All is fine. I think I'm going to try to stick with this combo for a while now. Sometimes I do get tired of messing with rules and such, and wish for something simple and easy to maintain and use. ZA is certainly simple. Seems to do a good job too.

I have that same resistance to using Prevx and PG also. I consider myself a fairly safe user and I use common sense most of the time, so I really don't think I need those programs running here. I do believe in a good firewall and AV, but aside from that, I don't think I need much more. I guess if I did a lot more p2p and downloading I might think differently though...

Have you used Avast? It's really a great program..

 

K-

I have set up Avast 4.5 on my test box. However, it only has 128 MB and the low memory champ is F-Prot. I need to take a look at the new version. This proxy thing is interesting, and may provide better detection in the real world than on demand testing may suggest. Avast also claims improved memory management.

But, you know the game K, It is all about what you are comfortable with, because there is a lot of good stuff out there, and some junk.

 

128 megs is pretty tight yes. I had that when I used to have WinME. Then I went to Win2k and upgraded to 512 and am glad I did.

If I remember right, 4.5 added the network scanning and 4.6 adds the web scanner. It's pretty cool. I used Avast for over a year and only stopped for a month or two while they worked a few bugs out that I was seeing here. Seems great now.

 

For a once-off backup, I would suggest using Drive Snapshot instead. The trial download has time limited backup and unlimited restore capability, making it ideal for this usage (taking only one backup but wanting to be able to restore it at any time in the future). Unlike Acronis, Drive Snapshot consists of just one 130KB file though there is an installer you can run if you wish.

 

Thanks for this P2k... I looked at their web site and it looks interesting. I think I'll try it out tonight...

An hour or so later: Installed it and it's very cool. Backs up everything while Windows is running, whether files are open or not. Very nice.. I'm unfamiliar with these type of utils, so maybe they all do that, but I like it anyway. I just did a fresh Windows install tonight and backed everything up now. So I'm all set. It'll save me a lot of time...

 

HI all, Paranoid2000, does Drive Snapshot goes fine with windows xp preinstalled?, I ask this because it is a good option to use it if it works fine with this.
thanks

 

It should work with NT/2000/XP/2003/PE as the website states - I can't see any reason for a preinstalled copy of Windows being any different.

 

Just thought I would post a follow-up to my memory issue I saw last week with JPF. After uninstalling and reinstalling it seems to be more stable for the most part but I am still seeing occasional memory utilization in the range of 15 to 18 MB, but none as high as the 38MB I saw last week. I have sent an email to Jetico support and they are investigating a possible memory leak since it was determined not to be related to logging.

I am impressed with the quick response time from their support team.

 

I've noticed hi mem usage also. Leaving PC running for more than hour or two I'm reaching between 17-25 Mb RAM. I'll keep monitoring it as I have been running a Citrix session to my work LAN but the traffic is very low and the firewall is not having to do much.

 

Further to my above post. It seems that running a Citrix client connecting remotely to my work applications, even idle, is causing the high mem usage. I'll keep an eye on it and report it to Jetico if I determine thatitis Citrix causing the prob.

 

It's been almost a month now. I wonder what they're up to at Jetico.. Should be another release any day now I would think...

After pondering things, I've come to the conclusion that JPF is one of the best, if not the best, for me. I don't get bombarded by alerts like some of you seem to. I've got my rule set saved and all works very well. Seems to be the best of all worlds.. No problems here.

I'd say it's between CHX-I and JPF. And since I want a little app control, JPF seems to win for now...

 

Hi all.

25. v. 1.0.1.56 Freeware, 14th March, 2005.
Log entries of the firewall now report detail on fragmented IP packets. Firewall system tray icon behaviour corrected, problem of incompatibility with games from Valve software fixed.

 

Hmmm... It took them a month to do that?? I wonder if it's worth looking at..

 

Well, they fixed the Valve game-issue? Never had that, so I guess the issue was more that HL2 was there main interest (and that would account for the time it took...)

But I'm going to try it.

 

UDP, TCP SPI now enabled by default.