Kerio vs Zone Alarm

Discussion in 'other firewalls' started by cpjvkj, Mar 9, 2006.

Thread Status:
Not open for further replies.
  1. cpjvkj

    cpjvkj Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    8
    I am a long time ZA user, but because of recent problems with updates (I'm stuck at 5.5.094), I have been checking out other firewalls. I tries Outpost, but because of some issues, did not go with that. I now have Kerio loaded on my laptop and it seems to be really good, but..., I have some concern about the problems with the BSOD and also its inability to prevent being shut down by malware. I also think that ZA is slowing down my downloads, but that is not based on fact but just seems that way. Anyway, the question is, is Kerio going to be as secure as ZA and will it speed up my downloads?

    Thanks for any input.

    CPeter
     
  2. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    About Kerio's inability to prevent to be shut down, I'm not sure this hypothetic problem must be a concern : Kerio free comes with process control, which should - in theory - allow it to ask you before to run a program able to shut Kerio down :) (if you set "start process" on, in the "behaviour blocking" tab, it's off by default). Without to talk about the full version features, code injection blocking, and buffer overflow prevention.

    If really you want to make sure Kerio can't be shut down, programs like Process Guard free or SSM will help to prevent it to happen ;) .

    And if ZA is protected about beeing shut down, my experience with it is that ZA's service did unload several times :eek: while beeing on internet, last time I did run the pro version trial :cautious: ... If it can shut down itself randomly, I wouldn't be confident in such a protection!

    I've never experienced slowdown problems with neither ZA or Kerio, and if you don't get BSOD with Kerio, everything is OK.

    Just my opinion :) .

    Cheers,
    nicM
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Do you know of any successful exploits that can dissable the Kerio Service if password protection is enabled?

    This topic came up last year and Ghost and I ran different tests on Kerio 2. Attached image shows a Bagle variant I ran which attempts to disable the Service.

    As NicM states, Kerio 4 has even other safeguards in place.

    ---
     

    Attached Files:

  4. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    ZAPro v 5 gave a 30% reduction in my download speed but v6 resolved most of that. Kerio 4.2.3 has shown no slowdown and worked well. You really need to evaluate it on your specific PC. If you don't see BSOD's initally you should be fine. As far as the shutdown concern, I agree with others. Application blocking, password usage and other features in Kerio should be enough. Your perimeter firewall and safe habits should be your first line of defense. Then the app blocking, AV/AT etc. kick in if that is breached. If those are breached, then the leaktests and shutdown concerns would be something to consider. With the first two steps implemented properly the third doesn't concern me.
     
  5. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    The vulnerability in Kerio was brought up and everyone seems worried .
    For those that are worried , ANY firewall can be shutdown . It is NOT just in Kerio . This is not news . It never was OR should have been . All firewalls can be shutdown . Get over it . PG is a good choice as nicM stated . This is NOT a Kerio problem . It is a firewall problem . If you like Kerio , buy it and get over this . You will drive yourself nuts !
     
  6. cpjvkj

    cpjvkj Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    8
    Thanks for the input. I guess I'll take the plunge. It has some nice features. I especially like the ability to see WHICH application is accessing the net, not just that something is. The installation went well on the laptop and the only big difference between that and the desktop is that I run NOD32 AV and Spy Sweeper on the desktop and and Antivir free and SpyBot on the laptop. The laptop is only used for email access on the road and for playing around when at home. There are not critical files on it.

    CPeter
     
  7. cpjvkj

    cpjvkj Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    8
    Well, I finally loaded Kerio and now I find out after three days of writing back and forth to their support, that it is not compatible with my Propel accelerator because Propel acts a a proxy server. No where do I go? It worked real good on my laptop (no accelerator) and I thought this was the answer. A real disappointment!!!

    CPeter
     
  8. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yes, but some like ZA or Outpost stop all traffic when shutdown by another process. Kerio doesn't and therein lies the problem.
     
  9. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Glad you brought up a different problem . I was answering the original poster's question . Had nothing to do with stopping traffic at shutdown .
     
  10. cpjvkj

    cpjvkj Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    8
    Well after much back and forth with Kerio support, which was fast and friendly and helpful, the answer is that everything works except ad filtering and that is not a problem as I filter the ads with Firefox anyway. It work great so far.

    CPeter
     
  11. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Are the vulnerability of Kerio... can be protected by using ProcessGuard? :rolleyes: o_O

    Will it be fully protected from being terminated/modified if we just add it to the protection lists of ProcessGuard? o_O

    I think, PG will protect it...isn't it?
     
Thread Status:
Not open for further replies.