Older PFWs: Sygate, Kerio 2.1.5, etc. - Firewalls

This is a discussion on Older PFWs: Sygate, Kerio 2.1.5, etc. - Firewalls ; I realize that some here are of the opinion that effective outbound protection on a Windows system is impossible and that all PFWs are useless. That aside... I still see people recommending Sygate's PFW and Kerio 2.1.5. It doesn't seem ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Older PFWs: Sygate, Kerio 2.1.5, etc.

  1. Older PFWs: Sygate, Kerio 2.1.5, etc.

    I realize that some here are of the opinion that effective outbound
    protection on a Windows system is impossible and that all PFWs are
    useless. That aside...

    I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    doesn't seem prudent to me to use security software that hasn't been
    updated in a long time.

    At approximately the same time (middle/end of 2005) Kerio was sold to
    Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    product(s) (ProcessGuard?) stopped.

    Was some major flaw in these products disclosed at that time?

    Given that any PFW is of value, is it wise to run PFWs that have long
    since been supported?

    --
    Bob

  2. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    Bob Jones wrote:
    > I realize that some here are of the opinion that effective outbound
    > protection on a Windows system is impossible and that all PFWs are
    > useless.


    "Outbound protection" is not a good idea at all, if it would be
    possible. Additionally it's not possible to implement it in a secure
    way.

    > I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    > doesn't seem prudent to me to use security software that hasn't been
    > updated in a long time.


    Yes. Right.

    > At approximately the same time (middle/end of 2005) Kerio was sold to
    > Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    > product(s) (ProcessGuard?) stopped.
    > Was some major flaw in these products disclosed at that time?


    Kerio just is buggy. Sygate has bad security design flaws, for example
    implementing a system service, which opens windows.

    > Given that any PFW is of value, is it wise to run PFWs that have long
    > since been supported?


    It would be wise to have a security concept, to see, what threats are
    there and to think about counter measures first. To buy security in
    yellow boxes will not work, never.

    Yours,
    VB.
    --
    "Life was simple before World War II. After that, we had systems."
    Grace Hopper

  3. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    On 16 Dec 2006 18:51:16 +0200, Volker Birk wrote:

    >Bob Jones wrote:
    >> I realize that some here are of the opinion that effective outbound
    >> protection on a Windows system is impossible and that all PFWs are
    >> useless.

    >
    >"Outbound protection" is not a good idea at all, if it would be
    >possible. Additionally it's not possible to implement it in a secure
    >way.
    >
    >> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    >> doesn't seem prudent to me to use security software that hasn't been
    >> updated in a long time.

    >
    >Yes. Right.
    >
    >> At approximately the same time (middle/end of 2005) Kerio was sold to
    >> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    >> product(s) (ProcessGuard?) stopped.
    >> Was some major flaw in these products disclosed at that time?

    >
    >Kerio just is buggy. Sygate has bad security design flaws, for example
    >implementing a system service, which opens windows.
    >
    >> Given that any PFW is of value, is it wise to run PFWs that have long
    >> since been supported?

    >
    >It would be wise to have a security concept, to see, what threats are
    >there and to think about counter measures first. To buy security in
    >yellow boxes will not work, never.


    Thanks.

    --
    Bob

  4. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    In article ,
    none@invalid.address says...
    > I realize that some here are of the opinion that effective outbound
    > protection on a Windows system is impossible and that all PFWs are
    > useless. That aside...
    >
    > I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    > doesn't seem prudent to me to use security software that hasn't been
    > updated in a long time.
    >
    > At approximately the same time (middle/end of 2005) Kerio was sold to
    > Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    > product(s) (ProcessGuard?) stopped.
    >
    > Was some major flaw in these products disclosed at that time?
    >
    > Given that any PFW is of value, is it wise to run PFWs that have long
    > since been supported?
    >
    >

    It is possible to have effective outbound protection using kerio 2.15 and
    / or sygate.Not 100% of course ...but every little helps.I personally
    prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
    prefer the puritanical approach ,which in laboratory conditions or being
    members of the said families ..may suffice.The choice is yours...suck it
    and see
    me

  5. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    Bob Jones wrote:

    > I realize that some here are of the opinion that effective outbound
    > protection on a Windows system is impossible and that all PFWs are
    > useless. That aside...
    >
    > I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    > doesn't seem prudent to me to use security software that hasn't been
    > updated in a long time.
    >
    > At approximately the same time (middle/end of 2005) Kerio was sold to
    > Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    > product(s) (ProcessGuard?) stopped.
    >
    > Was some major flaw in these products disclosed at that time?
    >
    > Given that any PFW is of value, is it wise to run PFWs that have long
    > since been supported?



    Kerio 2.1.5 has bugs and some minor vulnerabilities, possibly
    insignificant, if combined with other safety measures. That are:

    1. Install carefully the Windows updates. I do that manually to be
    able to later install them at one go in case of fresh Windows install:
    http://www.microsoft.com/technet/security/current.aspx

    2. Use only secure software with internet access and abandon or
    block insecure ones. I have currently blocked Internet Explorer 6
    from net, but since some other software uses it for internal help
    or some components of it, it has stayed in my machine for internal
    use only. Since I don't use autoupdate and because of constant
    development of browsers like Mozilla and Opera, IE is not needed
    for web use anymore.

    3. Adjust the services off that you don't need. This has the advantage
    of reducing memory consumption. The ng experts recommended this:
    http://www.ntsvcfg.de/ntsvcfg_eng.html

    I did run this solution, but it looks that the most hardened option
    may create some minor problems, at least I had some temporary non-
    functionality with USB devices, but I can't positively confirm this.
    It could be that the Windows and applications may be capable to do
    "readjustments" to services after this, so do not put too much trust
    on this one alone and check occasionally what's going on.

    3. Using NAT router or real firewall device will block inbound access.
    At least for me.


    Whether or not this kind of tweaking pays off is up to oneself. Getting
    a commercial security suite like F-Secure means that software does the
    monitoring for you - that makes life so much easier, especially if no
    hardware firewall is in use. But for slow, older PC's with less RAM
    manual adjustments with Kerio 2.1.5 may work well enough.


    --
    S.Suikkanen

  6. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    On Dec 17, 12:05 am, Bob Jones wrote:
    > Given that any PFW is of value, is it wise to run PFWs that have long
    > since been supported?


    I think this question is of particular interest.

    The very nature of security is "changing". Kerio and such were once
    very nice. But time has plagued them into what I would say "unusable"
    state given they are not being polished from time to time.

    If you get what I mean.

    Chris
    --
    We review the best freeware (SM)
    http://goodfreeware.blogspot.com/


  7. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    bassbag wrote:
    > In article ,
    > none@invalid.address says...
    >> I realize that some here are of the opinion that effective outbound
    >> protection on a Windows system is impossible and that all PFWs are
    >> useless. That aside...
    >>
    >> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    >> doesn't seem prudent to me to use security software that hasn't been
    >> updated in a long time.
    >>
    >> At approximately the same time (middle/end of 2005) Kerio was sold to
    >> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    >> product(s) (ProcessGuard?) stopped.
    >>
    >> Was some major flaw in these products disclosed at that time?
    >>
    >> Given that any PFW is of value, is it wise to run PFWs that have long
    >> since been supported?
    >>
    >>

    > It is possible to have effective outbound protection using kerio 2.15 and
    > / or sygate.Not 100% of course ...but every little helps.I personally
    > prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
    > prefer the puritanical approach ,which in laboratory conditions or being
    > members of the said families ..may suffice.The choice is yours...suck it
    > and see
    > me

    I'm still using an old Sygate on my desktop and Windows
    Firewall on my laptop which is often used wirelessly.

    I'm not really happy with either solution even though at
    home I run a NAT router.

    Why do you prefer Kerio over Sygate?

    TIA

    Louise


  8. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    On Thu, 21 Dec 2006 22:51:53 -0500, louise
    wrote:

    >bassbag wrote:
    >> In article ,
    >> none@invalid.address says...
    >>> I realize that some here are of the opinion that effective outbound
    >>> protection on a Windows system is impossible and that all PFWs are
    >>> useless. That aside...
    >>>
    >>> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    >>> doesn't seem prudent to me to use security software that hasn't been
    >>> updated in a long time.
    >>>
    >>> At approximately the same time (middle/end of 2005) Kerio was sold to
    >>> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    >>> product(s) (ProcessGuard?) stopped.
    >>>
    >>> Was some major flaw in these products disclosed at that time?
    >>>
    >>> Given that any PFW is of value, is it wise to run PFWs that have long
    >>> since been supported?
    >>>
    >>>

    >> It is possible to have effective outbound protection using kerio 2.15 and
    >> / or sygate.Not 100% of course ...but every little helps.I personally
    >> prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
    >> prefer the puritanical approach ,which in laboratory conditions or being
    >> members of the said families ..may suffice.The choice is yours...suck it
    >> and see
    >> me

    >I'm still using an old Sygate on my desktop and Windows
    >Firewall on my laptop which is often used wirelessly.
    >
    >I'm not really happy with either solution even though at
    >home I run a NAT router.
    >
    >Why do you prefer Kerio over Sygate?
    >
    >TIA
    >
    >Louise


    I have a couple of questions. Why do some people think they need to
    update their PFW? If it used to work, why do you think it won't work
    now?

    The argument that a PFW is just a packet filter is correct, isn't that
    what all firewalls are? They examine packets of data that are sent or
    received and filter out the "bad" ones according to rules you have
    set. Am I missing something here?

    Subscribing to updates for an antiviral program makes sense, viruses
    change and the writers come up with better ways to implant their
    malware. But if your PFW can tell which program exactly is attempting
    to send packets, then isn't it doing what you want it to do?

    Jack


    ---
    avast! Antivirus: Outbound message clean.
    Virus Database (VPS): 0664-0, 12/28/2006
    Tested on: 12/28/2006 11:40:56 AM
    avast! - copyright (c) 1988-2006 ALWIL Software.
    http://www.avast.com




  9. Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

    On 12/28/2006 8:40 AM, something possessed You guess to write:
    > On Thu, 21 Dec 2006 22:51:53 -0500, louise
    > wrote:
    >
    >> bassbag wrote:
    >>> In article ,
    >>> none@invalid.address says...
    >>>> I realize that some here are of the opinion that effective outbound
    >>>> protection on a Windows system is impossible and that all PFWs are
    >>>> useless. That aside...
    >>>>
    >>>> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
    >>>> doesn't seem prudent to me to use security software that hasn't been
    >>>> updated in a long time.
    >>>>
    >>>> At approximately the same time (middle/end of 2005) Kerio was sold to
    >>>> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
    >>>> product(s) (ProcessGuard?) stopped.
    >>>>
    >>>> Was some major flaw in these products disclosed at that time?
    >>>>
    >>>> Given that any PFW is of value, is it wise to run PFWs that have long
    >>>> since been supported?
    >>>>
    >>>>
    >>> It is possible to have effective outbound protection using kerio 2.15 and
    >>> / or sygate.Not 100% of course ...but every little helps.I personally
    >>> prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
    >>> prefer the puritanical approach ,which in laboratory conditions or being
    >>> members of the said families ..may suffice.The choice is yours...suck it
    >>> and see
    >>> me

    >> I'm still using an old Sygate on my desktop and Windows
    >> Firewall on my laptop which is often used wirelessly.
    >>
    >> I'm not really happy with either solution even though at
    >> home I run a NAT router.
    >>
    >> Why do you prefer Kerio over Sygate?
    >>
    >> TIA
    >>
    >> Louise

    >
    > I have a couple of questions. Why do some people think they need to
    > update their PFW? If it used to work, why do you think it won't work
    > now?
    >
    > The argument that a PFW is just a packet filter is correct, isn't that
    > what all firewalls are? They examine packets of data that are sent or
    > received and filter out the "bad" ones according to rules you have
    > set. Am I missing something here?
    >
    > Subscribing to updates for an antiviral program makes sense, viruses
    > change and the writers come up with better ways to implant their
    > malware. But if your PFW can tell which program exactly is attempting
    > to send packets, then isn't it doing what you want it to do?
    >
    > Jack
    >
    >
    > ---
    > avast! Antivirus: Outbound message clean.
    > Virus Database (VPS): 0664-0, 12/28/2006
    > Tested on: 12/28/2006 11:40:56 AM
    > avast! - copyright (c) 1988-2006 ALWIL Software.
    > http://www.avast.com
    >
    >
    >

    Certain "packet filters" may contain discovered vulnerabilities in the
    older versions which, when exploited, may give a remote user improper
    privileges on the local machine/network. Not to mention we want to keep
    an eye out for all those "zero-day vulnerabilities" as well ;-)

+ Reply to Thread