Older PFWs: Sygate, Kerio 2.1.5, etc.

I realize that some here are of the opinion that effective outbound protection on a Windows system is impossible and that all PFWs are useless. That aside...

I still see people recommending Sygate's PFW and Kerio 2.1.5. It doesn't seem prudent to me to use security software that hasn't been updated in a long time.

At approximately the same time (middle/end of 2005) Kerio was sold to Sunbelt, Sygate was sold to Symantec and development of some DiamondCS product(s) (ProcessGuard?) stopped.

Was some major flaw in these products disclosed at that time?

Given that any PFW is of value, is it wise to run PFWs that have long since been supported?

Reply to
Bob Jones
Loading thread data ...

"Outbound protection" is not a good idea at all, if it would be possible. Additionally it's not possible to implement it in a secure way.

Yes. Right.

Kerio just is buggy. Sygate has bad security design flaws, for example implementing a system service, which opens windows.

It would be wise to have a security concept, to see, what threats are there and to think about counter measures first. To buy security in yellow boxes will not work, never.

Yours, VB.

Reply to
Volker Birk

Thanks.

Reply to
Bob Jones

It is possible to have effective outbound protection using kerio 2.15 and / or sygate.Not 100% of course ...but every little helps.I personally prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and prefer the puritanical approach ,which in laboratory conditions or being members of the said families ..may suffice.The choice is yours...suck it and see ;) me

Reply to
bassbag

Kerio 2.1.5 has bugs and some minor vulnerabilities, possibly insignificant, if combined with other safety measures. That are:

  1. Install carefully the Windows updates. I do that manually to be able to later install them at one go in case of fresh Windows install:
    formatting link
  2. Use only secure software with internet access and abandon or block insecure ones. I have currently blocked Internet Explorer 6 from net, but since some other software uses it for internal help or some components of it, it has stayed in my machine for internal use only. Since I don't use autoupdate and because of constant development of browsers like Mozilla and Opera, IE is not needed for web use anymore.

  1. Adjust the services off that you don't need. This has the advantage of reducing memory consumption. The ng experts recommended this:
    formatting link
    I did run this solution, but it looks that the most hardened option may create some minor problems, at least I had some temporary non- functionality with USB devices, but I can't positively confirm this. It could be that the Windows and applications may be capable to do "readjustments" to services after this, so do not put too much trust on this one alone and check occasionally what's going on.

  2. Using NAT router or real firewall device will block inbound access. At least for me.

Whether or not this kind of tweaking pays off is up to oneself. Getting a commercial security suite like F-Secure means that software does the monitoring for you - that makes life so much easier, especially if no hardware firewall is in use. But for slow, older PC's with less RAM manual adjustments with Kerio 2.1.5 may work well enough.

Reply to
S.T. Suikkanen

I think this question is of particular interest.

The very nature of security is "changing". Kerio and such were once very nice. But time has plagued them into what I would say "unusable" state given they are not being polished from time to time.

If you get what I mean.

Chris

Reply to
good.freeware.chau

I'm still using an old Sygate on my desktop and Windows Firewall on my laptop which is often used wirelessly.

I'm not really happy with either solution even though at home I run a NAT router.

Why do you prefer Kerio over Sygate?

TIA

Louise

Reply to
louise

I have a couple of questions. Why do some people think they need to update their PFW? If it used to work, why do you think it won't work now?

The argument that a PFW is just a packet filter is correct, isn't that what all firewalls are? They examine packets of data that are sent or received and filter out the "bad" ones according to rules you have set. Am I missing something here?

Subscribing to updates for an antiviral program makes sense, viruses change and the writers come up with better ways to implant their malware. But if your PFW can tell which program exactly is attempting to send packets, then isn't it doing what you want it to do?

Jack

Reply to
You guess

On 12/28/2006 8:40 AM, something possessed You guess to write:

Certain "packet filters" may contain discovered vulnerabilities in the older versions which, when exploited, may give a remote user improper privileges on the local machine/network. Not to mention we want to keep an eye out for all those "zero-day vulnerabilities" as well ;-)

Reply to
William

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.