Jetico Personal Firewall

Discussion in 'other firewalls' started by Kerodo, Sep 2, 2004.

Thread Status:
Not open for further replies.
  1. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Yep, there are days when I go thru several also. Right now I am trying to find the right combination of programs that work well together. Sometimes it's not easy. I guess I'll settle down eventually. Recently I've been considering the need for programs like Process Guard and Prevx, but haven't quite resigned myself to using them.

    The truth is, almost any firewall will get the job done. I'm just having fun playing with them all... ;)
     
  2. ghost16825

    ghost16825 Registered Member

    Joined:
    Feb 1, 2005
    Posts:
    84
    At risk of taking this thread way off topic, here's how I see it.
    This condition could probably not be described as a vulnerability, rather an unexpected condition when dealing with fragmented packets on Kerio 2x. I have not re-read the details of this issue for some time, but issues of firewalls handling fragmentation in quirky or "wrong" ways are hardly unique. My guess is that Kerio 2x does not analyse the complete packet until all packets have been received and also sent. So perhaps with ICMP denied all fragmented packets will be allowed until the last one that allows full packet reassembly is attempted to be sent - and this will be stopped. Then again, who knows unless this is thoroughly tested? Perhaps all fragmented packets are allowed without filtering, even after re-assembly.
    The main issue with fragmented packets and firewalls not handling them "properly" is likely to be DoS conditions rather than any meaningful connection being made both inbound and outbound (there are specific tools for stress testing firewall fragmentation handling). It should also be pointed out that fragmented packets are just that - packets that usually mean nothing by themselves. Additionally, I believe the Maximum Transmission Unit in the Windows kernel should have some bearing on how large such a packet can be.

    I've been meaning to do some firewall tests on consumer firewalls to determine their exact behaviour on issues like fragmented packets and stateful packet inspection but I just have not got around to it. It's these kind of vendor-dependent situations which should be clearly documented for the end-users.

    The following link provides one example of just how unexpected firewall behaviour can be:
    http://www.spitzner.net/fwtable.html
     
  3. Arup

    Arup Guest

    ghost,

    Nice post and nice link.

    Diver, in my perspective you are a Guru and Kerodo, I admire your guts to install and try out and then format windows and re-install, when I was younger, it was my daily routine, but too tired to do so now.

    Diver, I too experienced the same behavior that you faced with Jetico when it wouldn't ask for permissions and only do so after that program has accessed the net couple of times.
     
    Last edited by a moderator: Mar 6, 2005
  4. KHysiek

    KHysiek Guest

    Hm, long time - no Jetico update.
    I use ZA now, but they have been able to reproduce my problems and said they will be fixed in the next update.
    I think, they should have establish some official forum if their software goes thru so long testing stage.
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Arup-

    The program (or programs) was not accessing the net. It probably was not doing anything so far as communications are concerned. Things would just run several times until Jetico firewall would issue a network access request dialog. The program at most accessed some networking component, but never actually connected out.

    Ghost-

    Interesting post and link. While not totally understandable, it did increase my knowledge somewhat. At least now I know something about what a SYN packet is and some of the other flags.

    K-

    Zone Alarm handles the proxy issue, or at least it did with my email/AV combo here. Try it again with Avast and see what happens. I don't like the idea of having to run stuff like prevex and process guard. But, I also think that all AV's should be comprehensive enough that anti trojan programs should not be needed.
     
  6. Arup

    Arup Guest

    Considering all this I would say that Zone Alarm does a mighty fine job, both the free and paid version, resource hog or not.
     
  7. harrywong

    harrywong Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    20
    "try out and then format windows"

    Better would be to use Acronis True Image. It takes about 20 minutes to image 14 gigs, and about the same to restore. I always take a fresh image prior to unstalling/uninstalling any Firewall or AV product. Been using it for over a year and its never failed.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    I am no guru, believe me. I'm learning all the time. I just get a huge kick out of playing with all these firewalls. I'm actually an accountant by trade.. This is all just a hobby and fun for me.. ;)
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Jetico really should have a forum for the firewall. I did suggest this to them a long time ago, but they didn't respond to the idea at all. Sooner or later they should establish one though...
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Diver - Yes, I finished up my Kerio config and I'm now running ZA Pro again with Avast. All is fine. I think I'm going to try to stick with this combo for a while now. Sometimes I do get tired of messing with rules and such, and wish for something simple and easy to maintain and use. ZA is certainly simple. Seems to do a good job too.

    I have that same resistance to using Prevx and PG also. I consider myself a fairly safe user and I use common sense most of the time, so I really don't think I need those programs running here. I do believe in a good firewall and AV, but aside from that, I don't think I need much more. I guess if I did a lot more p2p and downloading I might think differently though...

    Have you used Avast? It's really a great program..
     
  11. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    K-

    I have set up Avast 4.5 on my test box. However, it only has 128 MB and the low memory champ is F-Prot. I need to take a look at the new version. This proxy thing is interesting, and may provide better detection in the real world than on demand testing may suggest. Avast also claims improved memory management.

    But, you know the game K, It is all about what you are comfortable with, because there is a lot of good stuff out there, and some junk.
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    128 megs is pretty tight yes. I had that when I used to have WinME. Then I went to Win2k and upgraded to 512 and am glad I did.

    If I remember right, 4.5 added the network scanning and 4.6 adds the web scanner. It's pretty cool. I used Avast for over a year and only stopped for a month or two while they worked a few bugs out that I was seeing here. Seems great now.
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    For a once-off backup, I would suggest using Drive Snapshot instead. The trial download has time limited backup and unlimited restore capability, making it ideal for this usage (taking only one backup but wanting to be able to restore it at any time in the future). Unlike Acronis, Drive Snapshot consists of just one 130KB file though there is an installer you can run if you wish.
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Thanks for this P2k... I looked at their web site and it looks interesting. I think I'll try it out tonight...

    An hour or so later: Installed it and it's very cool. Backs up everything while Windows is running, whether files are open or not. Very nice.. I'm unfamiliar with these type of utils, so maybe they all do that, but I like it anyway. I just did a fresh Windows install tonight and backed everything up now. So I'm all set. It'll save me a lot of time...
     
    Last edited: Mar 8, 2005
  15. HI all, Paranoid2000, does Drive Snapshot goes fine with windows xp preinstalled?, I ask this because it is a good option to use it if it works fine with this.
    thanks
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It should work with NT/2000/XP/2003/PE as the website states - I can't see any reason for a preinstalled copy of Windows being any different.
     
  17. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    Just thought I would post a follow-up to my memory issue I saw last week with JPF. After uninstalling and reinstalling it seems to be more stable for the most part but I am still seeing occasional memory utilization in the range of 15 to 18 MB, but none as high as the 38MB I saw last week. I have sent an email to Jetico support and they are investigating a possible memory leak since it was determined not to be related to logging.

    I am impressed with the quick response time from their support team.
     
  18. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    I've noticed hi mem usage also. Leaving PC running for more than hour or two I'm reaching between 17-25 Mb RAM. I'll keep monitoring it as I have been running a Citrix session to my work LAN but the traffic is very low and the firewall is not having to do much.
     
  19. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Further to my above post. It seems that running a Citrix client connecting remotely to my work applications, even idle, is causing the high mem usage. I'll keep an eye on it and report it to Jetico if I determine thatitis Citrix causing the prob.
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    It's been almost a month now. I wonder what they're up to at Jetico.. Should be another release any day now I would think...

    After pondering things, I've come to the conclusion that JPF is one of the best, if not the best, for me. I don't get bombarded by alerts like some of you seem to. I've got my rule set saved and all works very well. Seems to be the best of all worlds.. No problems here.

    I'd say it's between CHX-I and JPF. And since I want a little app control, JPF seems to win for now... :)
     
  21. Arsenic

    Arsenic Guest

     
  22. Hi all.

    25. v. 1.0.1.56 Freeware, 14th March, 2005.
    Log entries of the firewall now report detail on fragmented IP packets. Firewall system tray icon behaviour corrected, problem of incompatibility with games from Valve software fixed.
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Hmmm... It took them a month to do that?? I wonder if it's worth looking at..
     
  24. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Well, they fixed the Valve game-issue? Never had that, so I guess the issue was more that HL2 was there main interest (and that would account for the time it took...) :D :D :D

    But I'm going to try it.
     
  25. harrywong

    harrywong Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    20
    UDP, TCP SPI now enabled by default.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.