Question for Kerio 2.1.5 users

For those people using Kerio 2.1.5, are you aware of this firewall's vulnerabilities?:

Vulnerability Report >> Kerio Personal Firewall 2.x


Considering Kerio 2.1.5's vulnerabilities, do you feel it's safe to continue using this firewall? I used Kerio 2.1.5 back in 2003, but switched to the free version of Sygate Personal Firewall because I was nervous about using an old program that's no longer being updated. I also noticed that Kerio 2.1.5 started acting flakey on me, and I wasn't sure why. So I decided that it would be better to switch than to be constantly nervous while I am connected to the Internet.


Lately, since I found this forum, I have been looking at Kerio 2.1.5 again. I think it might be a good choice for computers without a lot of RAM, but not if it's an insecure product.


Phil

 

The unpatched vulnerabilities don't look too severe to me.

I use Kerio for its packet filtering and outbound application capabilities, not for the execution protection.

No malicious local users here - although I do wonder about the cat sometimes...

I don't use remote administration.


Of course, for other users in different circumstances and with different requirements, those vulnerabilities might be a factor.

 

Run Harden IT from www.yasc.net the TCP vulnerabilites would be all gone.

 

This is directly related to 4x not 2x (2x can't stop applications from running).

Otherwise, the ones on that website mostly rely on Remote Admin being enabled. The local privilege escalation one directly relies on a)Administration not being password protected and b) Someone clicking the 'open ruleset' dialog withing the Admin module.

Securityfocus lists a heap more, but I think you'll struggle to find one that is:
a)remotely exploitable b)works without remote admin c)proven to work on 2.15 not 4x

 

Hey guys, thanks for your input. How do you think Kerio 2.1.5 compares to the free version of Sygate? Sygate has anti-application hijacking and DLL fingerprinting, both of which seem quite nice.

What I don't like about Sygate, though, is that I can't even see what the default rules are. And some of those default rules don't seem like such a good idea. I've seen instances in the log where Sygate has allowed in stuff because of a rule called "allow traceroute." And this appeared to be totally unrelated to anything I had done-- the remote IP wasn't connected with any mail servers or web sites I was visiting, etc. Also, several times Sygate has let in stuff related to VPN, even though I don't use a VPN. I suppose it's not a real big deal since there wasn't a port open for the remote machine to connect to, but it still bothers me a bit because I don't think it should be doing that.

There have also been numerous times when I have seen both the inbound and outbound arrows on the Sygate system tray icon light up cyan (blue-green), indicating that it was allowing traffic. But when I immediately checked the traffic log, there was no indication that anything was allowed. The log entry always indicates that the traffic was blocked. Well, if that's the case, then why did Sygate's system tray icon indicate that it was allowing a reply to a connection attempt that was initiated by a remote (and probably worm-infected) machine? As the saying goes, "there's something wrong with this picture."

Phil

 

Sygate is pretty good if you are not running a proxy and it is fairly easy to write rules for it and has excellent logging which includes packet logging, a feature not available commonly. The anti hijacking app hijacking is only in the Pro version though. The VPN issue is due to Sygate being old, the last upgrade was quite a while back compared to most of the other major firewalls out there and this is its' weakness.

 

Kerio 2.1.5 is light and does what I want it to do with no problems. Sygate while it is a good FW it is a fairly heavy program. In the future who knows what may come. But for now kerio 2.1.5 is sufficent