sygate hacked

Discussion in 'other firewalls' started by manythanks, Sep 22, 2003.

Thread Status:
Not open for further replies.
  1. manythanks

    manythanks Guest

    I would like to know if anyone that uses SPF Free or Pro have ever been hacked, the reason is - that there are not a lot of forums that have many people claiming to have been hacked, is this because it is really that solid a firewall or is it not getting used that much, and also how does it compare to the rest.

    Thanks
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey manythanks

    The issue is normally with improper user-configuring…

    Regards,
     
  3. manythanks

    manythanks Guest

    So the issue is not that the firewall is weak but of a user granting incorrect rules or apps.

    Thanks
     
  4. gerico

    gerico Registered Member

    Joined:
    Jul 6, 2002
    Posts:
    14
    I'm curious to know if SYGATE PF5.0 b1175 has some serious and known vulnerabilities, assuming that my configuration is ok.

    I would also like to understand why at the wilders freetool page the sygate pf has lost the 5 stars.

    I suspect that SYGATE PF has some vulnerabilities. No software is perfect. It is important to know such a thing.
     
  5. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yeah, I'd like to know to, I use Sygate :doubt:
     
  6. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    gerico: I see 5 stars at Wilders for sygate's free firewall: http://www.wilders.org/firewalls.htm

    I wonder how people turn the lack of reports of being hacked while using Sygate into a suspicion that Sygate is not a secure firewall? Perhaps instead the lack of such complaints is evidence that it is secure. Sygate's a popular firewall and many people prefer it to ZoneAlarm another popular firewall.

    The only potential issue I'm aware of with Sygate (that I've not heard has been addressed to date anyway) is that when using a local proxy server (like Proxomitron, WebWasher, AdSubtract which are web/ad/popup filtering apps) on outgoing it is possible for other programs to piggyback on the local proxy connection and thus evade the firewall, in a manner of speaking.

    Again, this is on outgoing only when using a local proxy app and is potentially only an issue if someone downloads a trojan and if it manages to make an outbound connection through the local proxy without the firewall noticing it.

    That said, I know people who use such local proxies with Sygate and have never had a problem.

    Also, like ZoneAlarm, Sygate can give or not give server rights to an application, or so I am told. Unless an app requires internet server rights to function, it should not be allowed internet server rights. So that's a potential area where a user might misconfigure either ZoneAlarm or Sygate. But that's a user issue, not an inherent problem with the firewall itself.

    I believe Sygate has support forums, does it not? Why not check them out if you haven't already and see what users are saying about their experiences?
     
  7. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yeah, I'll check out there forums :p
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    gerico and Comp01

    As sig mentioned, the only thing to be aware of with Sygate is that loopback traffic is hardcoded, so users of software proxies should keep this in mind. And all application rules should be checked to make sure they do not have server rights (allow inbound).

    There are no major vulnerabilities with Sygate that I am aware of.

    Regards,

    CrazyM
     
  9. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I dont use a proxie so, meh... and never allow anything for server rights (Although i never got a prompt for it) the only things I have allowed for internet is MSN messenger, Trillian, mIRC, my email client, and iSP software, all my update feature (for antivirus, adaware, spybot, etc) are on 'ask' so... I feel relatively safe, safer then if I had no firewall..
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Comp01

    In regards to server rights, have you checked your rules? Sygate used to allow server rights by default. Not sure if that has been corrected.

    Regards,

    CrazyM
     
  11. manythanks

    manythanks Guest

    It still gives all apps server rights, but if you are aware of this it can be corrected by the user so it is not a major prob. The reason I ask the original question is that you always hear about Symantec or Zone Alarm having a hole or something wrong but never Sygate.

    Thanks
     
  12. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Hmm.. How would I correct such a problem? lol
     
  13. manythanks

    manythanks Guest

    By disabling server rights.
     
  14. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Got any screen shots of that to maybe help Comp01 in where to look?

    Getting hacked by far is due mostley to loose rules and not understanding how to set up your filewall to your needs. I have done lots of reading in the last few months and am still learning, but thanks to CrazyM and BlitzenZues I have become more compitaint in making rules and understanding them.

    I can say this.. for a beginner it is probably best to get a Permit/Deny firewall up and running like ZA free untill you understand and are comfortable with making rules of your own. :p

    ~FIREDANCER~
     
  15. manythanks

    manythanks Guest

    Go here http://home.bellsouth.net/p/s/community.dll?ep=16&groupid=60610&ck=&userid=1&userpw=.&uh=1,0, King's website you will find all the info you need, sorry I cant give any info on how to disable server rights I cant remember myself (using ZAF) but soon to change back to SPF Free - I think you go APPLICATION, SELECT APPLICATION, ADVANCED, DISABLE SERVER RIGHTS. Hope this helps.

    Thanks
     
  16. BWMerlin

    BWMerlin Registered Member

    Joined:
    Aug 11, 2003
    Posts:
    71
    Tools-> applications-> advanced-> disabled server rights. I have a q? y would a programe need server rights? all mine by default have server rights but do they need them and if so under what cirumstances (updateing versions or patches?).
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    "Server rights" (as the term is used today in a few software firewalls), if allowed means that the firewall will allow unsolicited inbound connections to ports that an application is listening on. Most of the network aware programs you are probably using won't require server rights because they aren't server applications.

    An example of a true server program is a webserver. It would run on your system and most likely listen on TCP port 80. If you are providing that webserver to people out on the Internet, then you would want to allow unsolicited inbound connections (for them to be able to browse your website). So, you'd allow server rights for that application.

    Client programs such as your email or browser applications don't need server rights, they need outbound access permissions to go get things from the Internet. So, no, in most cases you don't want to give programs server rights. In fact, even if your firewall pops up an alert saying a program wants server rights, start by blocking it and see if the program (and your system) works okay without those rights. If something doesn't need that type of access don't give it.

    As an additional point of information, on my system I have 51 programs in my software firewall's application list, not one of them, including some Windows core components, have server rights allowed.
     
  18. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yeah, I always wondered how secure Sygate is, though, (In example, is it like Spyware? or something? :doubt:) but I guess its secure, I've passed Shields up, and Symantec.com's tests, with it, and now that I know how to disable server rights :doubt:
     
  19. MEGAFREAK

    MEGAFREAK Registered Member

    Joined:
    Jul 8, 2003
    Posts:
    51
    Sygate is extremely vulnerable, it has been totally inactivated on my pc, but also when it worked it was leaky, I made some port/trojan tests and it was open like a huge door, another firewall warned me but sygate did nothing, you can easily go through it as it wouldn´t be there.
     
  20. BWMerlin

    BWMerlin Registered Member

    Joined:
    Aug 11, 2003
    Posts:
    71
    So would i have to give a game sercer rights if i wanted to host it because the players would need to contact me for map info etc.
     
  21. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Yes. A game server is a good example of a type of server application you would run on your system to which you'd want to allow unsolicited inbound connections from the Internet. Allowing server rights is what let's people initiate on their own the connections from their game client into your game server.
     
  22. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    MEGA: If Sygate is rules based (as it sounds like it is) then it's only as secure as the user's rules allow it to be. So I'm just guessing (since I haven't heard such comments from fairly adept Sygate users) that your rules sets were not tight and needed better configuration.

    As previously mentioned, rules based firewalls require more user proficiency and input to be secure than simple application based firewalls such as ZA.
     
  23. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yeah, also, should I disable "act as client" ? and is it safe to disable it when in screensaver mode?
     
  24. BWMerlin

    BWMerlin Registered Member

    Joined:
    Aug 11, 2003
    Posts:
    71
    Sygate is a rule and application based firewall so yes and no
     
  25. gerico

    gerico Registered Member

    Joined:
    Jul 6, 2002
    Posts:
    14
    Could you please post here some detailed examples of the tests you've done with SPF?
    I would like to know if SPF is really vulnerable or not.
    Thanks!
     
Thread Status:
Not open for further replies.