Kerio Personal Firewall traffic chart

I'm using Kerio Personal Firewall 4.1. In the Configuration window, under NetworkSecurity->Applications tab, is a chart of "traffic load" (in the words of the online help). It is green, the same color as outgoing traffic. Is this the total load, input and output, or simply the output load?

Reply to
AndyMHancock
Loading thread data ...

Hmm, something about the behaviour of the traffic chart which I find confusing. It takes the form of a ticker-tape plot i.e. it shows the plot for the last 60 seconds or so. The strange behaviour is that when the machine is brought out of screen saver mode e.g. by touching the touch pad, the ticker tape shows nearly no traffic, though there is a bit of trace activity. Thereafter, any new segments of the plot shows highly active throughput. Hopefully, this does not mean that a long data transfer is throttled to nearly nothing when screen saver kicks in. Has anyone observed this in their own KPF?

Reply to
AndyMHancock

Here is some interisting reading:

formatting link
Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall

2007-08-07: Here is the response we have received from this vendor: [quote] Sunbelt Software is committed to providing the strongest possible security products to its customers, and we will be working to correct demonstrable issues in the Sunbelt Personal Firewall. Users can expect these and other continuing enhancements for the Sunbelt Personal Firewall in the near future.

However, we have some reservations about personal firewall "leak testing" in general. While we appreciate and support the unique value of independent security testing, we are admittedly skeptical as to just how meaningful these leak tests really are, especially as they reflect real-world environments.

The key assumption of "leak testing" -- namely, that it is somehow useful to measure the outbound protection provided by personal firewalls in cases where malware has already executed on the test box -- strikes us as a questionable basis on which to build a security assessment. Today's malware is so malicious and cleverly designed that it is often safest to regard PCs as so thoroughly compromised that nothing on the box can be trusted once the malware executes. In short, "leak testing" starts after the game is already lost, as the malware has already gotten past the inbound firewall protection.

Moreover, "leak testing" is predicated on the further assumption that personal firewalls should warn users about outbound connections even when the involved code components are not demonstrably malicious or suspicious (as is the case with the simulator programs used for "leak testing"). In fact, this kind of program design risks pop-up fatigue in users, effectively lowering the overall security of the system -- the reason developers are increasingly shunning this design for security applications.

Finally, leak testing typically relies on simulator programs, the use of which is widely discredited among respected anti-malware researchers -- and for good reason. Simulators simply cannot approximate the actual behavior of real malware in real world conditions. Furthermore, when simulators are used for anti-malware testing, the testing process is almost unavoidably tailored to fit the limitations of simulator instead of the complexity of real world conditions. What gets lost is a sense for how the tested products actually perform against live, kicking malware that exhibits behavior too complex to be captured in narrowly designed simulators. [/quote]

If you are on WinXP activate the in-build version.

Reply to
Kayman

Thanks for the heads up, Kayman. I was really just relying on the traffic volume indicators in this situation, and wondering how to interpret them.

reading:

formatting link

Reply to
AndyMHancock

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.