Discussion in 'other firewalls' started by Paul Wilders, Feb 18, 2002.
Just released: Kerio PF v2.01 Beta 5
Thx for the info... Do you know right off-hand what issues that have been addressed in this beta apposed to the beta 4 version?
they are doling out betas pretty fast, I might hold off for a release candidate type of beta. can I import the million rules I have from TPF (the tp2.exe version)? Or can I just upgrade?
Some bug fixes and vxd items if I remember correctly; mo install yet on this side.
that many rules? . It is adviced to back up the rule set, in case something might go wrong during the install/upgrade. After doing so, many simply install KPF over TPF - Tiny will be recognized and "upgraded" - rules and all.
I am looking into a new firewall (and still being new to all those files one doesn't know about until something goes wrong) hoping to find one that would be simple to get up and started without too many conflicts or error messages happening before I understand how it works. So I was looking at Tiny since it seems to be so well spoken of. I am understanding this right, that the Kerio PF v2.01 is Tiny??
Right now I do have BlackICE and over the past few months been pretty disappointed with it and for the life of me I don't know why I thought it detected out-going traffic too. Well it sure doesn't because I did end up with that dlder.exe and explorer.exe on my pc, and if it wasn't for my Ad-Aware I would not have known about it. Even McAfee didn't catch it. Their dat files detect the explorer.exe with a size of 40,960 and the trojan explorer (or malware as they call it....I STILL call it a trojan) that I had on my pc was a bit smaller in size.
(just a note...my Ad-Aware asked if I wanted to remove the dlder.exe and the explorer.exe along with the Keys in the Registry...of course I said yes! But, it did not remove the explorer.exe file, only the Key, and it did remove the dlder.exe file, but not the startup Key. Took me a bit to realize that and manually remove the dlder.exe from the Registry and the explorer.exe folder with file in it from from the Windows Directory....system has had a bit of trouble since then too)
So I am really looking for a GOOD FIREWALL! (a real one)
Any help or suggestions is greatly appreciated!
A software firewall comes in flavors; purely application based, like for example ZoneAlarm (free), or rule based.
Fine tuning can only be done using a rule based firewall.
Now, a rule based firewall is a strong/weak as het rule set build. Thus, before answering your question in full: are you familiar with building a rule set?
If so, I would recommend Tiny (but only after v3 has been released), LooknStop or Kerio (as soon as out of Beta). LooknStop is actually the first one running parallel the Windows Stack - Tiny v3 will be, and Kerio Beta is.
Tiny will be developped further; Kerio is actually build on the latest official Tiny PF version, and will be develloped into a "new" firewall from that on.
As for relying on an anti-virus, such as McaFee, for catching trojans/backdoors: only KAV/AVP has an engine capable of doing so. A separate stand alone anti-trojan - preferably resident running - is needed.
Looking forward to your follow up (and hitting the sack now - it's 4:40 AM over here),
Jazzie - Release History
2.1.0 Beta 5 - February 18, 2002
- fixed bug - APM bug
- fixed bug - problem with switching between service/ manually
- fixed minor bug in installation routine
2.1.0 Beta 4 - February 14, 2002
+ Logging of suspicious packets are logged only when user wants it (checkbox on Firewall Conf -> Miscellaneous Page).
+ authorization of kernel modules was reduced on network protocols only
+ ACK attack is detected only when KPF isn't running on Internet gateway
+ "Cut me off" level is now "cutting off" untrusted applications only
+ new/better icons
+ dialog for entering admin password, when creating rule in Connection Alert dialog
+ "Really Exit" asking dialog when exiting engine
+ Tooltips for Engine Tray Icon
- fixed bug in Raw Socket handler
- fixed shortcuts in Tray Icon Menu
- fixed bug - engine couldn't be set to start it manualy
- fixed some bugs for keyboard only users
Thanks Paul for staying up and answering my question....hope you got some sleep though. I think I've got my time-stamp wrong though, last few times it posted the wrong time...it's 12:09am here in Canada right now.
You asked if I knew about building a rule set (blank newbie stare) I almost understood that! LOL
I do presently have BODetect as my Trojan Scanner...not sure how good it is but it's never found anything (yet), and with BlackICE Defender hopefully blocking everything (when it doesn't do one of those "not responding" crashes on me) and with McAfee as my virus scanner (would prefer the NOD32 I think), I am hoping I'm safe for a wee bit yet.
I have Win98SE with cable and hub...no file sharing between my pc's.....and hoping to upgrade to WinXP (HE) soon and tonight looked into what a router would offer with a built-in firewall (think it's a D-Link).
(drops her head on the keys) So I think I'm on hold and just reading for the next li'l while!
As for sleep: I'm accustomed to 4 hours a night, so don't worry .
Well, seems like a rule based firewall is not an option at this very moment. A router would be a very nice option, as for incoming traffic is concerned. In conjunction, a software firewall for outgoing data traffic is recommended.
At this very moment in your situation now, I would recommend installing the latest official release from Sygate Personal Firewall. Easy to configure, lots of extra's included. You can grab a copy from our [link=www.wilders.org/downloads.htm]downloads page[/link]. SYgate will not conflict with BlackICE defender - although you will see hardly no alerts anymore from BID, since SPF will run "first in line".
BODetect is quite insufficient as an anti-trojan. I suggest installing a trial version from for example TDS3 (copy available from our downloads page as well) and update manually (see the TDS forum). This will cover your system for a month, provided you run it resident from boot. In case of XP: consider TrojanHunter (downloads page).
Thx for the info, So I came to find out that the 'other' issues (leaktests) haven't been ironed out yet... Maybe in the next beta release!
Separate names with a comma.