Jetico Personal Firewall

Thanks Paul and Lowen... I'll be sure to check out both..

 

I tried the latest Jetico.

When it blocked a gaming application accessing the network, it was able to completely hose my system.

This has not happened with me when using Kerio 2.x, Look'n'Stop 2.15 or earlier ZA versions.

As such, I'd recommend proceeding with caution if you want to use Jetico at this beta stage.

 

Could you explain what hose your system? And what you mean by hose?
Thanks

 

I am running WINXPSP2 and I tested the latest Jetico. I was not able to use any browser to matter what I did, but I just uninstalled it with no problems.

 

Hose as in:

Hard system lock. Could not alt-tab or ctrl-alt-del anywhere.

Had to wait till there was a sufficient stop in disk activity (listening by ear) and reset the system.

This caused the video card drive and the network layer of XP installation to become corrupt.

I had to repair my XP installation with the installation CD (using "Repair XP installation" option) and manually build my network connection from the ground up and re-install both system level drivers (chipset/mobo) and display drivers (ATI).

That's what happened in my case.

 

This is not a "told you so" but I wouldn't dream of playing around with new Firewalls/AntiViruses/Drivers without taking an image of my whole system first with something like Acronis TrueImage. It pays for itself in minutes believe me

Regards,

Fedorov.

 

@Fedorov999
what happened with halcyon, same happened to me with Jetico
tried restoring with GoBack to 24hrs. previous state.....
didn't help with Jetico.
[nasty comments]
So I threw out Jetico. Don't wanna try it. I don't talk about it. I don't even visit its forum anymore... too much hard work lost that day all b'coz I wanted to try a beta firewall that CANNOT be configured sanely.
[/nasty]

 

Hi , I know that many people have problems with this, but I have used it for many months and it works fine in my system , I configured and it never asks me again, unless there is a new process running. I like this firewall, for me too good, and passes leak tests very good.

- Jetico Personal Firewall for Windows 98/ME/NT/2000/XP v1.0.1.44 Release Candidate is released at 1st December, 2004.

 

I've used it in the past for several months also, and had no major problems, but the fact that many others have had problems is a good indication that it isn't anywhere near ready for a final release yet.

 

Apart from all the install/uninstall issues, I personally felt that the configuration of the firewall was a huge hassle, especially if you were looking for app control.

 

17. The problem of occasionally repeated firewall messages is fixed, memory management procedures in kernel drivers are enhanced. (1-December-2004 release, version 1.0.1.44 Release Candidate).

 

Yes, I also felt that the firewall interface in general was overly complicated when it didn't need to be. App control was annoying as well. Every time you updated or changed a program, Jetico would create a new rule for it, so you'd have to go into the rules periodically and "clean up" old stuff.

It's an interesting firewall, but it still needs work, and it probably won't ever win any awards for ease of use...

 

I know many people here have problems with it, but about creating new rules when a programa updates like ewido, ad-aware, spywareblaster, e-trust antivirus( I use it), no problem with creating new rules, you only make a rule, and at the bottom of application table you chose the general rule REJECT, and as said It have never asked me anything about rules I have set for the programs I run.
The problem is that if you chose at the bottom a general rule, like ASK USER, every time you run un update for example it is going to ask you about the running program, an update for example.
Another thing that happends is that about process attack table, if you make the same decision about the general rule, it is going to ask you every time a process is calling another one, and if you chose a general rule for this and choose REJECT it will never is going to give you problems, it is going to stop this, so that only use in this ASK USER, when you know that a trust program has to call another part of it´s own to function, an example is: I use as I said e-trus, and when I want to manually update it I have to let inotask.exe to call inodist.exe, and I permit this at process attack table, but always I have the general rule REJECT.
I think that the general problem with this firewall is that it doesn´t have a good tutorial to use it, so only trying it one is going to know the right way for it to function, and I acept as you that it is dificult, it takes too much time, but it is good, as I said, I don´t make any new rule with it unless I install a new program.
In general I can say that the problem with this FW is the lack of information, and of course, the problems that testers here have said.
I hope the things I wrote before help to people who are still running it, thanks friends

 

I can run the new version of Jetico on WinXPSP2 with no problems at all. It is a great firewall for how old it is and they are doing very well with fixing bugs. It is setup very differently from other firewalls, but as there website says, they are working on making it as easy as possible while still being configurable. It already stops all known leaktests with its sandboxing. I think this will be among the best firewalls when they have a stable release and start offering it to the public as a service.

 

I agree... it has great potential. But I'll stick with 8Signs/VisNetic for now...

 

Ill probably stick with 8Signs forever, especially if they add packet logging per process

 

AJohn,

I didn't know that 8signs will be adding packet logging per process.

When will the software come out?

 

I requested, they said they are *considering* implementing it sometime in the future

 

Until now I considered myself a very advanced user, but I must admit I failed to set up Jetico PF (1.01.44) for at least a basic use. I turned off the "Ask user" rule and set to configure the firewall by hand. Unfortunatelly I couldn't even get IE to connect to the internet. I would have thought that a rule "application: path\iexplore.exe; verdict: table 'browsers'" would be straightforward enough, but for some strange reason it would NEVER get triggered despite the fact that IE is indeed run from the selected path. There are no reject rules in front of this one, either. Curiously enough, when I created the same rule through the Ask User path, it worked as it should.

Guess it's back to KPF 2.1.5 :-(

 

Why would you want to disable or delete the Ask User rule? It's there for a reason. Why mess with it?

 

Hi pepak, the way you have to use to create a rule for an application is this:
(at the application table)
1.- first you have to enable access to network for the application.
2.- make the rule for the application.
example:
internet explorer:
a.- click right button of the mouse, then new and application, then verdict: acept, application: C:\Archivos de programa\Internet Explorer\iexplore.exe
event:acces to network, protocol:any, then OK.
b.-rule: verdict:acept, application:C:\Archivos de programa\Internet Explorer\iexplore.exe , event: outbound connection, protocol: TCP/IP, local address: any, port:1025-5000, remote address:any, port:80 ( here there is not a list of ports like in kerio, so you have to do as many as you need.
(if you don't want to do this rule at the application table, you may choose at verdict: web browser, but if you see at the web browser remember that it has only rules for ports:80, 443, if you want to connect to another one you have to add another port here).

rule for outlook express:
a.- same as before but for outlook express
b.- rule: verdict:acept, application: C:\Archivos de programa\Outlook Express\msimn.exe, eventutbound connection, protocol: TCP/IP, local address: any, port:1024-5000, remote address: (the one for your provider), port:110
c.-rule: same but for remote port:25 ( you dont have to do all the rule, just right click mouse and clone it, and then change the port).
(as before, you can go directly to mail client table, selecting at verdict:web browser)
As you see, the basic point to make a rule in jetico is to permit to applications access to network and then the other one to control the way it is goin to acces to internet, if you don't make the first one it doesn´t start, if you don´t make the second it doesn´t access to internet.
Personnally I prefer to work at the application table and I don´t use the other tables.
At the end of each rule, I use a padlock, for ex. for intenet explorer: verdict:reject, application:C:\Archivos de programa\Internet Explorer\iexplore.exe, event: inbound connection, protocol:any, local address, any any any , etc.

As I said in another place, I configured jetico as kerio, and after doing this I locked all this way:
1.- I made all the rules at APPLICATION TABLE(I included rules to block ports 1024-1028, 135, etc, inbound and outbond, you can see at kerio 2.1.5 to have and idea)and at the end of the application table I changed ask to REJECT and too for log all not processed applications. at ASK USER TABLE, I changed too from ask to REJECT.
So that, it never asks me any thing, it only works in base of the rules I made.
2.- About the sandbox, I change from ask to reject, so that it doesn´t permit automatically:
attacker writes to application´s memory
attacker injects own code into application
attacker starts application with hidden wondow
attacker installs system wide windows hook
attacker modifies child process.
So that if you prove it this way with leaking test, it rejects them automatically.
And doing this as I said before, it is going to work with the rules you made for it, AND IT IS NOT GOING TO ASK YOU ANYTHING.
If you do all this, you are going to see that it is not so complicated, because you have to have in mind that you only have to work with application table and to close other things.
If you analize the modules, more than 10 can be configurated in application table( they were made maybe to make easyer the use of Jetico), when you see this it is not so complicated.
The last one thing, at process attack table: I only open it when I see that a new program I install doesn´t work, for example: I use e-trust antivirus free, and I couldn´t update it because inotask.exe calls inodist.exe so that I changed in this table from reject to ask and I permit this, then once again I changed to jerect, and once again Jetico was locked and only running with the rules I made for it.
I hope this helps people to use JETICO and to see that it is not as dificult as it seems.
thanks friends.

 

Hi, I tried to configure Jetico firewall and as I had problems I call for help.
These are my problems:
1) What rules for Windows services?
2) What rules for the browser?

Could you show me a screenshot of your configuration?

Thanks in advance.

 

Hi @ll,

can zorro or anyone post a rules's file ?
i need an example of configuration file.
In order to make my perfect list (AntiAttack Rule, Emule , Rule ...)

Thx for advance

 

Because I don't want to be bothered with thousands of confirmations. I am perfectly able to set up the rules I need by hand - in fact, I find it easier than going through a wizard (a deformation from the good old DOS days, you could say ).

That's pretty much what I did, yes. In several different formats (rules directly in the Applications Table, a rule for application 'IE' verdict 'table Browsers', even through a separate table 'IE'). None of the activated even once. That's the strange thing - if the rules got scanned and then I was refused an access, I would assume there's something wrong with my rules. What had me baffled was the fact that the rules were never even checked. I only got a response at 'table "system programs" -> continue' (I moved almost all default rules to "system programs") and then at 'default action "reject all"'. If I enabled 'table "ask user"', I got response there as well - but never for any other table (including the Application Rules itself), even if the rules were exactly the same as in "ask user".

I suspect that Jetico didn't install correctly on my machine. For example, I wasn't able to create a custom configuration file (I mean, I could save an old one to a new name, but I could never get that new file in the policy list). I would also expect the trusted and blocked zone I set up in the wizard to appear somewhere among the rules.

I'll try to setup Jetico once more when I have enough time. Maybe I forgot something very obvious.

Example configuration file would be very useful indeed.

 

Come to think of it, Jetico is most similiar to Tiny 6, which I am trial-ling now.