KIS 2012 firewall fails GRC

Discussion in 'other firewalls' started by constantine76, Dec 7, 2011.

Thread Status:
Not open for further replies.
  1. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    Hi,

    A friend was trying out KIS 2012 and she asked me to check because she had failed the GRC test. She isn't fully Stealth. Now I am not familiar with KIS 2012 firewall as I use OA Premium and Comodo so I can't help her. I chanced to go to the Kaspersky forums and I found some threads that the Stealth function has been removed!

    xttp://forum.kaspersky.com/index.php?showtopic=194495&hl=stealth+ports

    xttp://forum.kaspersky.com/index.php?showtopic=144224&hl=stealth+ports

    It seems that they are telling users that to be Stealth is useless(or something like that...)

    On my part I do not have any problems with my firewall choice as they stealth all my ports even in default settings. But here's a product that tells something like being stealth is useless....is that correct?

    How can it be useless? It's to hide your pc from the web correct?

    Any comments on this so I can explain it better to my friend(office friend --not a member here or any forum pure office freak).

    Now she's jittery and unsatisfied because when she was using OA free it's okay with her. Now she even has open ports. Please see attachments. Her connection is dial-up and DSL. Both have the same results.

    She was not like that when she was using OAfree. Got KIS 2012 as a reward for herself from her extra pay. All were getting either Norton 2012, Avast IS or Eset at the office.

    I also was searching for a custom install and found nothing, there was a "Custom install..thing" at the "Accept pop-up" but there was no option for it. I asked because she was asking/saying that if this is not corrected she'd be glad to use just the AV component and remove the firewall. I know she can't resell the license that she got and I fear she's stuck with it.

    How may I do that in KIS 2012? I did around 3 install/install over and there was no function there.

    Help :)
     

    Attached Files:

  2. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Found this in their forum:
     
  4. Barthez

    Barthez Registered Member

    Joined:
    Apr 28, 2010
    Posts:
    112
    Location:
    Poland
    Maybe this will shed some light on the subject: http://www.hansenonline.net/Networking/stealth.html

    On my very first post here I stated that stealth is good/important and I was immediately replayed by someone with orange name who said that this is not entirely correct ;)

    I will monitor this thread closely :)
     
  5. stratoc

    stratoc Guest

    port stealth and maybe even software firewalls, are they really needed for a home user behind a router? I doubt it, never used one on my gaming pc, use one for my own info only on this pc. http://samspade.org/d/firewalls.html is very old but still stands true.
     
  6. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    tried Kis12 Now and all port are stealthed when the firewall is on
    tried to disable the firewall and the result came back smiler to yours
    i recommend full uninstall of the product and reinstall it

    use the kaspersky removal tool
     
  7. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    I don't think that KIS 2012 stealths ports by default, and the behaviour is by design (that sounds logical to me; stealthing ports doesn't give additional protection).
     
  8. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    but it keep you away from the eyes of a predator
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Port stealth yes, software firewalls no. They will cover your unsolicited outbound connections that a normal router cannot do.
     
  10. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i've been asking this question for ages still didn't find a Good answer

    How good a Hardware Firewall is for incoming attack ?
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Depending on the hardware firewall, for stealthing they can be good (or better) as software firewalls with the advantage of been independent from your PC in terms of resources. i.e. less risk of conflicts with other running tools or collapses due to lack of RAM or CPU and less charge to your PC.
     
  12. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    Hi,

    Thanks for the reply. I am at the office and can't reply long. I will check out the links and read more on the matter.

    I guess another question on this is,

    do you prefer being stealth-ed or not...?

    Well, closed and stealth(combination I'll settle as good enough --on me only) but opinion wise and maybe for the benefit of the software firewall users also,

    what benefits do being stealth by a software firewall is......?

    What danger is there if you are not stealth-ed...?(on a dial-up and on a wireless router)

    Let's forgo the "average user" and focus on a scenario where she might be a victim of an attack or something.

    How does stealth help?

    How does being "not-stealth" pose?

    As mentioned in the first post, she(my friend) uses both dial-up and DSL(wireless router). And both results are the same. I saw it and got a mugshot. The same results for PCFlank(did not mention it and did not get the results got tired yesterday).

    - I did that (used the removal tool) a couple of times when I was attempting to find a "custom installation" --without firewall component. Gave up. And all GRC results where the same.

    Can you make a custom install --without the firewall component with KIS 2012? I can't find any documentation that will allow it, even in the 2012 user guide there is none.

    Anyone....?

    Thank you!
     
    Last edited: Dec 7, 2011
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    The question would be better phrased if you add a comparison.

    Do you prefer being stealth or open --> stealth
    Do you prefer being stealth or closed --> the same, both cannot be exploited
    Do you prefer closed or open --> closed

    Cheers,
    Fax
     
  14. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    KIS 2012 does not stealth ports.
     
  15. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    tried it and it's stealth i will post Photo of that Later
    if my 3g or DSL connection got back up

    try using the key on Kav Product if didn't work contact Kaspersky

    i read somewhere i don't remeber where that there something called Portknocking ??
    http://en.wikipedia.org/wiki/Port_knocking

    also i have two Dlink Routers with a default Password "basically my fault for not changing it "
    got targeted and now i have port 80 open and i can't close it

    so it's exploitable
    that's why i'm currently looking for a way to create my own HW firewall
     
  16. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    Oh so sorry. You are right at that! That's the reason I refrain (as much as possible) from doing work and hobby at the same time ha ha lol!.
    Really wanna help my friend here as she is egging me. I'll read carefully next time.

    - She does have a Dlink router also(wireless one). I'll check the links later. I don't think that a KIS 2012 license will work with KAV 2012. But will check it out.

    Anyone know for sure if a KIS 2012 license will work with KAV 2012...?


    Seems KIS 2012 does not really stelath ports as I read in the lower portion of the thread by BoerenkoolMetWorst and now King Grub, in the link I visited the other day.

    Got to work now. :)
     
  17. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    hey dude this my Grc test regarding KIS2012
    [​IMG]

    Firewall disabled

    [​IMG]


    so i think the problem on your end
     
  18. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    Exactly. This thread is pointless.
     
  19. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    Way to go xxJackxx.

    I know you are a die hard fan of Kaspersky. The post was from somebody not knowledgeable as you. Asking for some help/ideas so my friend will be able to grasp it. So that she'll "stay" with Kaspersky and NOT shelf it and go the way of ESET or Avast.

    The reply that fax gave was replied to in a manner of explanation as I was in the office and was in fact working --well it's there. Try having a meeting and sneaking out to post.

    Maybe in your knowlegeable point of view this thread "is" pointless as it may have hurt your delicate sensilbilities about Kaspersky. But you will see that at first post/start the thread was in the manner of asking for some ideas/comments. Is that "pointless" to a member who's not as knowlegeable as you? There was no hint of partiality there for a product or competitor. Plain "asking for some ideas/comments".

    I know that in some way this thread may garner some negative comments about Kaspersky but (again, refering to the questions stated in first post) this is "also" to have more ideas for a "user" having problems with Kaspersky. In fact she viewed the Kaspersky forums and was scared of being bullied/taunted there(as also mentioned, she isn't any member of any forum --she's a pure office freak --ISO certified quality control engineer for a semiconductor giant).

    Loyal followers of KIS/KAV have either move or looked elsewhere. That is a sad fact we have to face. They have their own reasons. This is not a thread to injure Kaspersky but SIMPLY to ask for help that she(my friend) may have the ideas to stay and still use it.

    And I was even telling her that you might comment(and I was indeed waiting for it) and state some facts that will let her stay. If I wasn't that busy I would have sent you a PM for it yesterday.

    You are I think also the "Jack" Administrator at Malwaretips -- something. And I showed her "your" post as how to maximize the use of KIS 2012. (Very good post at that imho).

    re: hxxp://malwaretips.com/Thread-How-to-setup-Kaspersky-Internet-Security-2012-for-Maximum-Protection .

    She in fact "liked it" and was instrumental in selecting Kaspersky. She purchased KIS 2012 from an agent at the office the next day.

    Now imagine her seeing your comment...? She "is" closely checking this post for your information. As with all the staff who joined her in getting KIS 2012/KAV 2012. The agent had a grand day at the office really. ESET, Avast, Norton and Sandboxie (in security apps --others were Adobe/Microsoft stuff) were the favorites actually.

    The guys here have shared some good ideas(thank you guys, especially the links). And this is good learning for newbies and enthusiasts and occasional viewers/visitors.

    I was hoping for some help/ideas(especially from you)...

    You have a good day.

    - I am sorry but I believe otherwise. She was using OA free (paired with AvastFree) prior to installing KIS 2012 and she was full stealth with GRC and PCFlank. Prior to that she was also using Comodo(paired with Avira Personal) and it was the same as GRC/PCFlank results. Actually this was a first jump to a a full suite! The only variable was installing KIS 2012. I will use an image I did on her system prior installing KIS 2012 and will install Comodo and Outpost or Privatefirewall to see the results and I will post it here. But I do appreciate the help. The links you gave were keepers.

    Regards to all :)
     
    Last edited: Dec 8, 2011
  20. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    No, because KIS does not stealth ports. That is official from Kaspersky themselves. It doesn't.
     
    Last edited: Dec 8, 2011
  21. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    But windows firewall does
     

    Attached Files:

    • GRC.JPG
      GRC.JPG
      File size:
      97.3 KB
      Views:
      1,591
  22. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Same result but windows firewall disabled and no other soft firewall running. All done by the router's firewall component. Saying that doesn't mean that is my setup, just for this single test.
     
  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Sorry if my answer was a bit dry in terms of details, I have just got the essential points since I was at work too! From a security standpoint been stealth or closed make no difference. A system can only be exploited if there is an open port to the internet and if behind the open port there is a vulnerable application listening. So, first priority is not to have open ports to the internet (open towards localhost is fine!) but closed or stealth. Second priority is patching the system with all updates.

    A fully patched system with open ports to the internet is unlikely anyway to be exploited unless a undisclosed vulnerability will be used. So, no panic... the chances to be exploited via this route is near to zero.

    On top, your friend is even behind a router so it is the router filtering the incoming calls not Kaspersky. Whatever Kaspersky firewall is able to do or not is simply irrelevant under this scenario. But, your friend will still benefit from the filtering by Kaspersky firewall on the outgoing unsolicited calls that cannot be dealt per design by the router. So good to stay with KIS.

    Hope this helps.

    Cheers,
    Fax
     
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Sometimes I come out from behind my router (incoming protection only) and take my notebook to the local library to use their free internet.

    At that point, I want my SFW to be ready to take over as much of the router work as possible.

    This thread is fine for the learning posts IMHO!

    The clarity of stealthed versus open from fax is the best example.
     
  25. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    To stealth or not to stealth

    Stealth, when it comes to computer security, is when the computer (or other network equipment) does not issue any sort of reply to connection attempts, including ICMP echo requests (ping). I guess the idea was that if there's no response, they can't see that anything is there, and therefore you're "stealthed" from the outside world. For some reason, this was assumed to be a security enhancement because you cannot attack what you cannot see... Oh boy, is that ever wrong. "Stealth" doesn't mean you are invisible at all. Instead, it makes you stick out like a sore thumb.

    Here's a picture showing a would-be attacker and your computer behind a firewall.

    A simple "ping" from the attacker travels through the cloud, and to the router in front of your firewall. Next, the echo request gets to your firewall. A stealth firewall will simply drop the echo request, and no reply is sent back to the attackers' computer. So, you're invisible, right? Since there's no reply, there's no computer there, right? Wrong and wrong! If there really was no computer (or firewall) there, the router sitting in front would reply for you with a simple ICMP "host unreachable" message back to the attacker. The attacker would then know that there really is nothing there. The lack of this "host unreachable" message is a clear indication that something is there and it's dropping the packets rather than replying to them.

    A simple telnet connection will yield the same result. If the attacker attempts to telnet to your computer, and your firewall simply drops the packets with no reply (stealth), then the connection attempt simply times out. Again, this is not an indication that there's nothing there, because the router did not send the "host unreachable" message. With a non-stealth setup, a reply packet is sent, and assuming no telnet server is running, the reply will be a loud "no service here." If you shut your computer off, the connection attempt will also time out, but then the router will send the "host unreachable" message back to the attacker, so they really know that you're not there at the moment.

    So, being "stealth" doesn't really add any security at all, nor does it really hide you from anyone else. Anyone who wants to really know if there's anyone at a give IP address will have no difficulty seeing that you're really there because you are trying too hard to appear not to be. Since stealth is violating the normal rules of network connectivity, it makes you more visible, not less.

    http://www.hansenonline.net/Networking/stealth.html
     
Loading...
Thread Status:
Not open for further replies.