What is UTM?

I'm home user with a limited knowladge and I'm not very familiar with UTM. Recently I tried to "fix" several zombies. The thing they had was using uPnP to forward port and reconfigure router firewall, Rootkit and process infection was succesfull in beating software firewalls, AV, anti-spam softvare and rootkit revealers. Pracitcally nothing was preventing zombie to operate. User was become aware that something is wrong after his/her ISP has locked his/her account becouse of sending spam.

Now, I'm interested is UTM has uPnP or similar interface for auto-configuration (unexperienced users). Could "the thing" reconfigure it in a same way as it reconfigured uPnP capable NAT router with built-in firewall? For example by turning off it's features or configure it in a way that malicius traffic is allowed without warnning (for example by adding exceptions to UTM box by uPnP)?

Enyone has experience in working with UTM? If it cannot be reconfigured by uPnP or similar with "the thing" in a way that zombie start to operate without warnning, this might be interesting security solution that actually does some work. Well, zombie machine still have to be flatten and rebuilt but no damage to other internet users is done (zombie is unoperational -> no spam -> no rootkit/virus dispatching).

Note that unexperienced users work as Administrators and they are very often familiar only with IE, OE, Word/Excel and of course Solitare. So please don't tell me something like you don't need UTM, update and configure OS and watch what sites you are visting, and what you are running. I know that I keep uPnP off and configure router myself, I work as a limited user on Windows/Linux etc. etc. but not every home user is like me.

And I forgot.

What OS/software is used in UTM box, and what protect that OS/software from being attacked or exploited?

Hi,

UTM is not a removal or fixing tool! it's an appliance with one side hooked to the Internet and the other side to you LAN where it will prevent all known Internet threats from reaching and harming your computers.

Internet ------------- UTM appliance --------- LAN (PCs and Servers).

No need for any software piece or agent to be installed in each PC or server in you Local Area Network (LAN).

You can still get personel software copies of UTM from Vendors like FORTINET under the name Forti Client I guess.

As for removing sticky programs from your computer, you can still try this FREE Stratup tool:

Naim

@lf wrote:

Hi Naim, or Panda,

Your response raises a few more questions, and failed to answer the majority of questions posed by @lf.

My questions, from your response are:

How does it 'prevent' all known Internet threats from reaching and harming my computers? Exactly what threats does it block? ALL of them? That's a bold claim...

How does it cope with unknown threats?

How does it keep up-to-date? There are new threats arising daily.

It sounds as though the UTM device is acting just like my router firewall, which was provided free by my ISP. Is there much of a difference? Why would I buy the UTM device?

I look forward to your answer,

Bogwitch

sending spam.

reconfigure

reconfigured

solution

dispatching).

Hi Bogwitch,

UTM appliance is not a static device like Routers or Wireless Access Points. You have to register your machine to the Vendor support center and it can be programed ( every day or even every hour) to upload the latest protection software including new threats prevention from that center.

Most UTM appliances come with FREE trail service, but later on you have to buy the service from your Vendor to have an active and living machine.

Yes, it can protect hundreds or even thousands of PC and servers in your LAN from Viruses, Spayware, Adware, bad contets, hacking and Intrusion ..... in one BoX!

FORTINET - USA is leading this UTM market with over 180,000 units shipped since 2002 while keeping their in-house service support.

Hope this answers raised questions!

Naim

Bogwitch wrote:

Hi Naim, or Panda,

So, is the UTM device signature based, or address based?

If it blocks ALL malware, does that make my Anti-virus/ anti-spyware/ anti-adware software redundant? My company would want to make a cost saving, you see.

Again, can you tell me if there is any protection afforded by the UTM box to UNKNOWN malware?

Thanks,

Bogwitch.

PS, with the marketing stats, etc. included in your post, it is starting to sound a lot like spam.

Hello Bogwitch,

All known and new viruses or worms signatures are stored in the machine and will be pushed or updated from the Vendor service center.

Yes, your protection software will be redundant! but please keep in mind you have to clean all LAN PCs and Servers before deploying any UTM solution.

Some UTM boxes do provide protection to suspicious or UNKNOWN threats.

Hope this answers all you questions!

good luck!

Naim

Bogwitch wrote:

Utter bollocks.

I would not buy anyting from you on the strength of that advice.

machine

threats.

anti-spyware/

router

firewalls, AV,

nothing was

warnning (for

Thank you for the " Utter bollocks"!!!!

I am not selling any thing here but I am tying to help to spead this kind of knowledge.

regards,

Naim (Panda)

messagenews: snipped-for-privacy@l12g2000cwl.googlegroups.com...

text -- Show quoted text -

Naim,

With the knowledge you are spreading, you will not be helping anyone.

There is NO WAY a UTM device would remove the requirement for AV software or any anti-malware software.

Bogwitch.

messagenews: snipped-for-privacy@l12g2000cwl.googlegroups.com...

quoted text -- Show quoted text -