Opinions on Sygate/Secunia vulnerabilities.

Discussion in 'other firewalls' started by Tarq57, Jul 10, 2010.

Thread Status:
Not open for further replies.
  1. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    First off,bit of background, a firewall expert I am not. I know how to install and make sure it's running, and how to answer the various popups, in order that application rules are created.
    To actually create an advanced rule, to me, would be like aiming the space shuttle at the moon. I'd miss.

    Anyway I've been trying a few different firewalls, over the months. PCTools, Outpost, and most recently, Sygate (5.6.280:cool:.
    Sygate has impressed me a great deal. Nice interface, good logging, seems intuitive to use, all ports show as stealthed at Gibsons firewall test site, ShieldsUp. (Neither PCTools nor Outpost returned similar results; there were 2 or more ports simply closed. No biggie, but a factor.)

    Now my Secunia PSI has warned me that Sygate is end of life. I care not. But it does have some reported vulnerabilities, indicated in this advisory list.
    (Check for vulnerabilities 2003/2004) I think the version I have was made in 2005.

    Question: Should I be concerned about this? The most critical vulnerability is in regard to a possibility that port 137 could present an attack vector, because it allows UDP though it's supposed to block it.
     
  2. Sealord

    Sealord Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    37
    Whether this was fixed or not - you may never find out unless someone here has inside knowledge.

    I imagine the seriousness of this depends on which version of Windows you use. Older Windows were a bit slack in use of port 137 but you could disable NetBios over TCP/IP.

    If you've used ShieldsUp and it shows NetBios ports stealthed then you should be OK. Check 137, 138, 139, 445.

    The great thing about Sygate is the Advanced Rules though.
     
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    I used for years both Sygate and kerio 2.1.5 with no hw firewall or router, them not unstalled same time of course. Both are not pseudo statefull packet filters in udp protocol. So you need to open some incoming rule to allow for instance time clock update or other udp ports if some program needs them. Most easy to do with SPF.

    I have currently made a rule for generic host process to allow incoming for udp 123 in application rules but put 0 on TCP field so that windows service is not allowed any incoming in that protocol. You can of course make an advanced rule as Sealord told. There are also advice in my Sygate guide in my signature how to do it. I do find the advanced rule making a bit not as straighforward as it is in a pure rule based firewall like kerio 2.1.5.

    Both have some vulnerabilities reported, but unless a hacker knows your IP and is determined to use them, which is quite unlikely, no worries. And even with that I think it is quite unlikely that the reported thing can be used for anything.

    The other firewalls I've used are Kerio 4 that sucks IMO and Comodo that was a pain in the ass to use.

    I'm back now to using Sygate 5.5.2710. Of course I have to find another firewall when my XP computer dies and I need to get something for Windows 7.

    Jarmo
     
    Last edited: Jul 11, 2010
  4. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    Jarmo P, I'm using the same version as yourself, and have been for a few years now (on XP, of course).
    I have nothing but good things to say about it.

    In fact, I once picked up a couple of tips from someone (you, perhaps?) about advanced rules through some posts made over at dslreports.com two or three years ago:

    http://www.broadbandreports.com/forum/r18348312-Sygate-Personal-Firewall-56-build-2808
     
  5. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    You shouldn't worry about the vunerabilities though. Sygate's one of the best firewall software out there. Though, recently I unintalled it, because I'm currently testing Comodo FW (just the FW, no D+/Sandbox)
     
  6. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Thanks for the replies, folks.
    I guess my concern is as much regarding the fact that I am not confident about creating advanced rules, as about the fact that there was a vulnerability reported.
    I had a look at the DSL reports forum linked above, and located within a link to this site, which seems to be a pretty good tutorial for setting stuff up.

    It describes rather well the process of setting various rules, as well as recommended default settings, but does not explain what the rules mean.

    So what I'm dealing with is my own lack of education, regarding what might represent a potential hole in the shields, or not, and I really would prefer at this level that something just work "out of the box", which, so far, Sygate certainly appears to.

    Another issue I'm having is that the Sygate process "smc.exe" is continually using between 6 and 16 percent of CPU. That strikes me as abnormal. I expect something to spike that high, and higher, but to use it even when nothing else is going on (no browser etc open) seems unusual

    Any thoughts on that?

    I'm using XP Home, SP3.
     
  7. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    I can't give you any thoughts offhand, except to say that it's not normal, no.
    A little variation in CPU usage is to be expected, but the majority of time smc.exe should be using 'zero'.

    You could start by going through the log lists and see if you notice any particularly unusual activity there that might be causing the firewall to put out extra energy or effort.
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,186
    That is definately not normal if you have nothing running, like Skype that goes into the serving node mood sometimes? On slow XP puters those figures might me expected when something in internet is running

    Also Targ57, I see you are running Avast antivirus. It uses many local proxy shields. And Sygate cannot prevent programs to go out through them. It is it's only and a big failure. It will protect inbound same as windows XP firewall and have the logging, BUT it will not protect outbound. Meaning programs from your computer going out at their will, SPF cannot totally anymore control them once you have a local proxy running software in your computer.

    Avast is a good antivirus when I used it a few years back. Just not compatible with Sygate to have outbound control. But this I don't think is not the reason why you have the large CPU % usage.

    Jarmo
     
  9. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Thanks for that.
    I can't see any unusual activity in the logs.
    When I have no browser or email program open (that is, the only web-facings apps are those inherent in the OS, plus secunia PSI, Avast, and Threatfire) the Smc.exe process used about 5%. Opening any programs seemed to drive it up to around 17, then it would settle back to about 6 or 8%.

    It's been so long since I've actually seen a malware on this computer I almost doubt its existence. ;)

    I have some services disabled in XP, I also use threatfire (sensitivity just upped from default to "4"), Avast has never given me a problem. Routine MBAM scans never find a thing.

    What I'm trying now is the Windows firewall, TF, and Avast. I realize the firewall option has no real outbound control. I'll see how that combo works, then.
     
  10. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    Are you currently running any P2P software? What's your current hardware? Have you tried restarting the Sygate firewall service?
     
  11. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Sorry for taking a long time to respond.

    I have Limewire installed, but not starting with Windows. It gets used occasionally, not that often.
    Hardware is 2G of RAM, the CPU is an AMD3500+ (The computer is about 5 years old, and runs well.)

    I had tried stopping and restarting the firewall; not the service, per se.

    Have now uninstalled it and using the Windows firewall, for the reasons stated above.
    Threatfire may have been causing a (probably) unrelated problem, so I've recently uninstalled that, too. If it proves to cure the issue, I'll probably try Online Armour, with its HIPS, as a replacement. Probably.

    I seem to be entering a phase of non-paranoia at the moment, what with not having seen malware since using Avast and FX w/ NoScript. I'll have to think about the likely need for a bit.
     
Thread Status:
Not open for further replies.