Kerio Personal Firewall traffic chart - Firewalls

This is a discussion on Kerio Personal Firewall traffic chart - Firewalls ; I'm using Kerio Personal Firewall 4.1. In the Configuration window, under NetworkSecurity->Applications tab, is a chart of "traffic load" (in the words of the online help). It is green, the same color as outgoing traffic. Is this the total load, ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Kerio Personal Firewall traffic chart

  1. Kerio Personal Firewall traffic chart

    I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    under NetworkSecurity->Applications tab, is a chart of "traffic
    load" (in the words of the online help). It is green, the same color
    as outgoing traffic. Is this the total load, input and output, or
    simply the output load?

  2. Re: Kerio Personal Firewall traffic chart

    On Mar 25, 11:07 pm, AndyMHanc...@gmail.com wrote:
    > I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    > under NetworkSecurity->Applications tab, is a chart of "traffic
    > load" (in the words of the online help). It is green, the same color
    > as outgoing traffic. Is this the total load, input and output, or
    > simply the output load?


    Hmm, something about the behaviour of the traffic chart which I find
    confusing. It takes the form of a ticker-tape plot i.e. it shows the
    plot for the last 60 seconds or so. The strange behaviour is that
    when the machine is brought out of screen saver mode e.g. by touching
    the touch pad, the ticker tape shows nearly no traffic, though there
    is a bit of trace activity. Thereafter, any new segments of the plot
    shows highly active throughput. Hopefully, this does not mean that a
    long data transfer is throttled to nearly nothing when screen saver
    kicks in. Has anyone observed this in their own KPF?

  3. Re: Kerio Personal Firewall traffic chart

    On Tue, 25 Mar 2008 20:07:19 -0700 (PDT), AndyMHan****@gmail.com wrote:

    > I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    > under NetworkSecurity->Applications tab, is a chart of "traffic
    > load" (in the words of the online help). It is green, the same color
    > as outgoing traffic. Is this the total load, input and output, or
    > simply the output load?


    Here is some interisting reading:
    http://www.matousec.com/projects/win...ewalls-ratings

    Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall

    2007-08-07: Here is the response we have received from this vendor:
    Sunbelt Software is committed to providing the strongest possible security
    products to its customers, and we will be working to correct demonstrable
    issues in the Sunbelt Personal Firewall. Users can expect these and other
    continuing enhancements for the Sunbelt Personal Firewall in the near
    future.

    However, we have some reservations about personal firewall "leak testing"
    in general. While we appreciate and support the unique value of independent
    security testing, we are admittedly skeptical as to just how meaningful
    these leak tests really are, especially as they reflect real-world
    environments.

    The key assumption of "leak testing" -- namely, that it is somehow useful
    to measure the outbound protection provided by personal firewalls in cases
    where malware has already executed on the test box -- strikes us as a
    questionable basis on which to build a security assessment. Today's malware
    is so malicious and cleverly designed that it is often safest to regard PCs
    as so thoroughly compromised that nothing on the box can be trusted once
    the malware executes. In short, "leak testing" starts after the game is
    already lost, as the malware has already gotten past the inbound firewall
    protection.

    Moreover, "leak testing" is predicated on the further assumption that
    personal firewalls should warn users about outbound connections even when
    the involved code components are not demonstrably malicious or suspicious
    (as is the case with the simulator programs used for "leak testing"). In
    fact, this kind of program design risks pop-up fatigue in users,
    effectively lowering the overall security of the system -- the reason
    developers are increasingly shunning this design for security applications.

    Finally, leak testing typically relies on simulator programs, the use of
    which is widely discredited among respected anti-malware researchers -- and
    for good reason. Simulators simply cannot approximate the actual behavior
    of real malware in real world conditions. Furthermore, when simulators are
    used for anti-malware testing, the testing process is almost unavoidably
    tailored to fit the limitations of simulator instead of the complexity of
    real world conditions. What gets lost is a sense for how the tested
    products actually perform against live, kicking malware that exhibits
    behavior too complex to be captured in narrowly designed simulators.
    If you are on WinXP activate the in-build version.

  4. Re: Kerio Personal Firewall traffic chart

    On Mar 26, 5:34 am, Kayman wrote:
    > On Tue, 25 Mar 2008 20:07:19 -0700 (PDT), AndyMHanc...@gmail.com wrote:
    > > I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    > > under NetworkSecurity->Applications tab, is a chart of "traffic
    > > load" (in the words of the online help). It is green, the same color
    > > as outgoing traffic. Is this the total load, input and output, or
    > > simply the output load?


    Thanks for the heads up, Kayman. I was really just relying on the
    traffic volume indicators in this situation, and wondering how to
    interpret them.

    > Here is some interisting reading:http://www.matousec.com/projects/win...all-analysis/l...
    >
    > Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
    >
    > 2007-08-07: Here is the response we have received from this vendor:
    >
    > Sunbelt Software is committed to providing the strongest possible security
    > products to its customers, and we will be working to correct demonstrable
    > issues in the Sunbelt Personal Firewall. Users can expect these and other
    > continuing enhancements for the Sunbelt Personal Firewall in the near
    > future.
    >
    > However, we have some reservations about personal firewall "leak testing"
    > in general. While we appreciate and support the unique value of independent
    > security testing, we are admittedly skeptical as to just how meaningful
    > these leak tests really are, especially as they reflect real-world
    > environments.
    >
    > The key assumption of "leak testing" -- namely, that it is somehow useful
    > to measure the outbound protection provided by personal firewalls in cases
    > where malware has already executed on the test box -- strikes us as a
    > questionable basis on which to build a security assessment. Today's malware
    > is so malicious and cleverly designed that it is often safest to regard PCs
    > as so thoroughly compromised that nothing on the box can be trusted once
    > the malware executes. In short, "leak testing" starts after the game is
    > already lost, as the malware has already gotten past the inbound firewall
    > protection.
    >
    > Moreover, "leak testing" is predicated on the further assumption that
    > personal firewalls should warn users about outbound connections even when
    > the involved code components are not demonstrably malicious or suspicious
    > (as is the case with the simulator programs used for "leak testing"). In
    > fact, this kind of program design risks pop-up fatigue in users,
    > effectively lowering the overall security of the system -- the reason
    > developers are increasingly shunning this design for security applications.
    >
    > Finally, leak testing typically relies on simulator programs, the use of
    > which is widely discredited among respected anti-malware researchers -- and
    > for good reason. Simulators simply cannot approximate the actual behavior
    > of real malware in real world conditions. Furthermore, when simulators are
    > used for anti-malware testing, the testing process is almost unavoidably
    > tailored to fit the limitations of simulator instead of the complexity of
    > real world conditions. What gets lost is a sense for how the tested
    > products actually perform against live, kicking malware that exhibits
    > behavior too complex to be captured in narrowly designed simulators.
    >
    >
    > If you are on WinXP activate the in-build version.



+ Reply to Thread