Kerio 2.1.5 or Sunbelt 4.5.916 ???

Discussion in 'other firewalls' started by Thanasis159, Aug 31, 2007.

Thread Status:
Not open for further replies.
  1. Thanasis159

    Thanasis159 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    86
    I have read a lot of threads in here talking about these two firewalls and I haven't come to a conclusion as to which one is better! My first thought was : "Kerio firewall has been dead for a long time, how can people trust it?". But I see many Kerio fans in here and I would like your opinions about my question!
     
  2. Nubiatech

    Nubiatech Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    50
    Location:
    IL, USA
    Sunbelt/Kerio 4.x added the following features:
    NIPS: comes with default Snort rules, you can add your own or the latest ones.
    HIPS: (Paid version only). Protection against buffer overflow and code injection.
    Web filtering: (Paid version only) Block pop-ups, ads, javascripts, vbscripts, and ActiveX.

    The packet filter seems to be the same in all versions.
    IMHO, the NIPS feature is one of the strong points of 4.x versions, very few other firewalls have this feature. HIPS and Web filtering are not essential as they can be implemented by stand-alone apps or browser extensions/add-ons.

    Either way, Sunbelt seem to be stuck in v.4.5.916 for a while now, and it is not without its problems and bugs.
     
  3. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Hi Thanasis159,

    This is a very interesting topic, and I too have tried to find an answer by reading available documentation and posts.

    The 2.1.5 version seems to be very reliable and popular, but rule based, which means: experts only.

    The 4.5 version presumably is quite user friendly, but buggy and badly supported. Anyway, it doesn't seem to have many friends among the users.

    Maybe you should do like me: install the 4.3 version, which is user friendly like the 4.5 and reliable, and then wait for the 4.5 version to become more reliable.

    You can download 4.3 from Filehippo, but make sure that you get the 4.3.268 build, which could be the best Kerio FW version ever. I recommend this firewall and I can add the application behavior blocking to the list of desirable features.

    Check it out, and you will stay with it for a while!
     
  4. Thanasis159

    Thanasis159 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    86
    Τhank you for your very useful answer lundholm! I didn't know that 4.3 version was better and I will give it a whirl. I would like to hear some more opinions though!
     
  5. herbalist

    herbalist Guest

    You don't have to be an expert to use Kerio 2.1.5, but you do need a basic understanding of how the internet works. Once you learn those basics, Kerio 2 isn't that hard. Without that basic knowlege, it's configurability can make it a bit intimidating.

    Kerio 2.1.5 is very light, stable, and works on all windows versions from 98 thru XP. It's very configurable, enabling the user to have detailed control over internet traffic. I've used it for years and it's never let me down.
    Rick
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    I think I prefer the old standard Kerio 2.1.5 myself. I did use Kerio 4.x and actually purchased it when Sunbelt offered it at a discount, however, I was greatly disappointed to see that Sunbelt did not support it much nor did they seem interested in further development, at best they just put out an update occasionally (very few) in an attempt to make more money on renewals I think.

    Anyway, that's just my general impression of 4.x. 2.1.5 is great, even though there are a few known issues like the old fragmented packet thing, and perhaps it losing it's ruleset on occasion. But it's way lighter and I enjoy it more.

    4.x actually does have the same rule capabilitiy, however, the logging isn't as well thought out and functional. There are certain things that don't log properly in 4.xx.

    Just depends on what you want I guess. 4.x is easy to install and you get a pretty user friendly firewall with a few bugs still, but 2.1.5 is light and lean and you can pretty much control it all with your rules.
     
  7. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    I use kerio 2.1.5. I did try Kerio 4 couple of times and did not like the disfunctionality of it.
    It is all shiny and that, but you see many people using it? There must be a reason why not. Bugs for sure.
    Also I really don't like the idea of having a hips control in my firewall.
    It is just me,
    Jarmo
     
  8. herbalist

    herbalist Guest

    Agreed. If a user wants HIPS in addition to an internet firewall, they can install a freestanding one of their choice and get results that are equal or superior to those offered by a combined suite. I run SSM free with Kerio 2.1.5 and have found the combination completely effective. Both apps require a lot of user input to configure them properly but when finished, the result is nearly bulletproof.

    There are theoretical arguments for using separate free-standing apps instead of combining them into one security suite. Should a vulnerability be found in a suite, it's possible that it may disable or crash the entire suite and take down all your defenses in the process. When both the firewall and HIPS are free-standing, each can be configured to defend the other and an attack on one will not take down both. Such vulnerabilities, while not common, have been found before in various security suites. Their vendors fix them quickly, but that would be of little consequence if yours is one of the systems attacked before it's fixed. Something to think about.
    Rick
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I also agree with this. I would certainly prefer the firewalls that have this function to give the user the option to install this or not (possibly as a module). I know most have the ability to disable these functions, but the low level hooking remains (in case the user decides to re-enable), and this can cause some problems with other HIPS.
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I fully agree with this. IMHO, a layered approuch is more defensive.
     
  11. Thanasis159

    Thanasis159 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    86
    Then I guess that I should try Kerio 2.1.5! I am not a firewall expert, but I am not also a total noob, but I 've heard that it's quite hard to configure! Any piece of advice or a thorough guide?
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    It really isn't that hard, just takes a little studying and learning. You might start here with this old but classic thread:

    http://www.dslreports.com/forum/remark,8023708

    Try the BZ rule set and read the thread, see if you can figure things out. There are also a lot of people here and at dslreports familiar with Kerio 2.1.5.
     
  13. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
  14. Thanasis159

    Thanasis159 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    86
    Τhanks guys! I will check both links out and I hope I will figure it out!
     
  15. interested

    interested Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    9
    4.3.268 build

    dear Lundholm
    on what basis do you say that 4.3.268 build is the best Kerio FW version ever?
    it would be interesting to know what your opinion is based on..
    do other folks have a best kerio version other than 2.1.5?
    thanks in advance...
     
  16. DaveD

    DaveD Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    54
    Can anybody please confirm this?

    I just find it hard to believe that it hasn't changed just the slightest bit over the years.
     
  17. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Hi interested,

    Concerning the version 4 of SPF, it seems that build 4.3.268 is better than the rest, meaning fewer bugs. This can be deducted from ancient posts reporting bugs and some of which recommend build 268.

    Concerning version 2 of KPF it's a matter of taste. I wasn't going to comment on this, but since you challenge me, this is my opinion:

    I think that computer programs should be user friendly; a rule based FW is not user friendly!

    I have done a lot of programming in my time but I do not want to re-program my application programs. If a software developer is not able to transform her complex problem into a simple user interface, then she hasn't done her job. Analogy: If Firefox could only be configured by editing the config file then it would be dead tomorrow.

    I'm fully aware that some individuals (likely programmers) love to hack away at configuration files and firewall rules all night, but not me!

    That's why I say that SPF 4.3.268 could be the best Kerio version.
     
  18. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    I tend to disagree on that. After all, what is a rulebased firewall? Needs some well made basic system rules like the old trusty kerio 2.x does. But after that?
    In use as a packet filter there is no difference with being less user friendly with the so called application fw's. Nothing more difficult in usage. And certainly I would not call sunbelt kerio versions or before that with kerio 4.x as user friendlyo_O Far from that. Nothing comes to me as user unfriendly as them. Buggy disfunctional interface unlike old kerio's.

    You allow or disallow an application. There is no difference at all. You can make it more strict if you want with a rulebased software firewall, but it is not there by default. User friendlines in my mind comes to see how well things can be logged and ability to see and how well the whole packgage works as a whole.

    With an older firewall like kerio 2.1.5 with no hips features you may want to use some extras like hips programs. They are not really necessary as I believe in having safe computing habits avoiding IE usage, instead of installing every new interesting feature program from internet or games.
    With hips programs you can screw your puter, but though I run old trustworthy PG and also Prevx2 that I don't call so trustworthy :p
    There is a saying though that too much security programs can be more bad that just an AV and inbound firewall of MS SP2.
     
    Last edited: Sep 7, 2007
  19. interested

    interested Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    9
    hi Lundholm
    thanks for your reply...
    i have read that version 4.2.2-911 was the most stable version as it was the last version that was by the kerio team before sunbelt took over...
    could you please comment on this....
    i am not challenging you... i have no idea myself...just a few opinions i pick up here or there...
    i am very open to any wisdom you or any other member can offer..
    best wishes..
    interested
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I found Kerio 4.3.268 (recommended by Lundholm) HERE. Shall give it a try.
     
  21. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Hi interested,

    I'm truly flattered that you should consider me a Kerio authority. I know nothing about the 4.2 Kerio, except that it doesn't seem to have a large following like the 2.1.5. That makes me think that it must be about as good as the bad 4.3 builds.

    The reason that I dare recommend 4.3.268 is that I use it myself, and I find it very reliable and user friendly.

    Nevertheless, I'm always on the lookout for something better (and supported!) but I find it difficult to find.

    One of my strange requirements is to be able to block all Windows processes but still allow DHCP and DNS, of course. Kerio 4.3 handles this very elegantly.

    It is my impression that other firewalls require a number of rules to do this. Anyway, it always leads to a long explanation, when somebody tries to show how easy it is;)
     
    Last edited: Sep 10, 2007
  22. Tex Zero

    Tex Zero Registered Member

    Joined:
    Aug 27, 2007
    Posts:
    15
    I 've been using Sunbelt 4.x.x.x for a long time but started to look elsewhere when they appeared to not be developing it for Vista.

    <SNIP> ~ inappropriate religious comment removed - Menorcaman ~
     
    Last edited by a moderator: Sep 14, 2007
  23. Menorcaman

    Menorcaman Retired Moderator

    Joined:
    Aug 19, 2004
    Posts:
    4,661
    Location:
    Menorca (Balearic Islands) Spain
    Please note that it's considered inappropriate to comment on the religious, ethnic, racial (or whatever) affiliation of either the founders or some members of a company when discussing the merits/demerits of their products or services. Therefore, off-topic religious statement and a subsequent reply thereto has been removed.

    Menorcaman
     
  24. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Any conclusions?
     
  25. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Somewhere over at Matousec there is a poll showing Sunbelt/Kerio to be the third most used firewall among those participating. Not surprisingly, ZA and Comodo where first and second. My problem with rules based firewalls is you can spend forever tinkering with them.

    As for the suite vs separate application thing, I believe suites are better for the average person. The suite firewall will automatically allow the AV to operate, and the elements of the suite will be compatible with each other, although possibly not compatible with security applications from other vendors.

    Many of the firewall, HIPS and sandbox applications discussed around here are really for experts only. The typical computer user will not know what to do with these things and either turn them off or configure them wrong. Those who post here regularly are not typical.
     
Thread Status:
Not open for further replies.