Kerio Personal Firewall for windows....Free version

[CityK]

So I've got Kerio Personal Firewall v4.0.6 up and running and I'm highly impressed. Nice interface and features.

Notes:
- this version is still classified as a beta, but its perfectly stable for me, and I imagine that they will release it as a non beta version very soon.
- comes with full documentation that seems decent enough. There are a few areas where its obvious the final edits haven't yet been applied, but nothing you couldn't figure out.
- you can find information about the older v2.1 release here but I would highly recommend that, like me, you go straight for the beta version that is found here.
- its options may be overwhelming for a novice, but nonetheless, the "straight out of the box" settings are perfectly secure.

CK

 

[CityK]

There is also a Kerio user group on Yahoo....but you have to subject your self to the ads etc.

http://groups.yahoo.com/group/keriofirewall/

 

[Mercutio]

Mmmm. Firebird Image Permissions....

 

[CityK]

Mmmm. Firebird Image Permissions...

So true, so true.

Anyways, just thought I would update this thread to let you know that KPF 4 has been released to the public under non-beta status. Release version 4.0.7 available from here.

In case anyone missed it before, KPF is freeware for home use.

CK

 

[Jan Kivar]

I miss the "master switch": deny all/ask me...

It seems that I have to do "Block all not permitted" -rule for my parent's computer to lessen the support calls. It's bit slower to disable than the "master switch" though (when I'm using the computer).

BTW, CityK, do You see where the "time interval" -setting is (under the advanced packet filter)? Is it really missing, or do I have a corrupted install (I did install on top of some older version)?

Cheers,

Jan

 

[CityK]

Jan, moving the slider over to the right, I see "Time interval" right between "Protocol" and "Applications".

BTW, there may be a bug in Overview > Preferences > Check Now. Whenever I try, it sends something out but I always get a message that there was a server error. However, that may be because I just installed the release version right over top, without uninstalling, the older beta. I had noticed (the two times I checked out the check for updates feature while running the beta) that it didn't do anything except cause my CPU util. to go and become stuck at 100%, and consequently require a reboot. So obviously they've corrected that little bug, but whether or not they haven't set their server up properly yet, or if another bug remains, or what I don't know. I'm not terribly worried as everything else is running smoothly for me.

CK

 

[Buck]

Thanks for the update, and I appreciate people posting valuable tools and applications in this section.

 

[Jan Kivar]

Jan, moving the slider over to the right, I see "Time interval" right between "Protocol" and "Applications".

Yep, now where I could change that? I don't need it, to be honest.

Jan

 

[CityK]

Ahhhh, I see what you mean now Jan. I had figured that you had read about it in the documentation but didn't see it on screen. After checking the documentation myself, I see that there is no mention of it. I did a search on the Yahoo group I linked above, and someone else was asking about this too back in Sept. One of the developers responded on Sept 16th that:

both things (password protection and time intervals) are not implemented up
to now in 4.0.3 version. It depends on development progress only.

Radek Siman (rsiman@k...)
Developer
.................................................................
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. +420 377 338 901, fax +420 377 338 921
www.kerio.cz

Additonally, while browsing around in that Yahoo group, I noticed a couple of messages that announced a new official Kerio support forums. I didn't see mention of it on there yet, so I guess that it still hasn't made its way into any of the releases.

-----------------
Juicy gossip In regards to the new Kerio forums
As a side note, some Yahoo group members seemed to be a little angry because Kerio or someone (which looks more likely to be the case) is posting messages that the Yahoo group is no longer for Kerio discussion. There is also some conjecture that Kerio is going to abandon its v2.15. Example,

Hi,
It looks like Kerio is dropping support for 2.1.5. The new Kerio forum everyone has been saying is so great is owned and controlled by Kerio.
Not that that is totally bad, but that coupled with the drop in support for 2.1.5 for a bloated version than many here will probably not upgrade to, this group now become very relevant and important again. This group is
also independent from Kerio, something that seems to be over looked when the new Kerio owned group is being talked about or when putting this group down for the occasional Spam. I for one will be keeping my membership to this group for the time being. This may become the support group for 2.1.5. We can only wait and see.
Given all of this, I think that it is in-appropriate for the user new_kerio_forum to post that this group is dead. I don't see a problem advertising the new Kerio owned Forum, But I don't think this group is
dead by any stretch of the imagination.

Paul Coleman

This group is defiantly for Kerio Personal Firewall discussions and peer
to peer support. It is not going anywhere.

To which the same developer I quoted above replied:

Hi Paul,

it is your choice to stay here, but please know that forums at Kerio are
also "independent" since there are no restrictions except those traditional
(see disclaimer at http://forums.kerio.com). Kerio's focus is surely on
version 4.x but if you look at the forum you will notice there are two main
KPF groups: one for 2.x and the other for 4.x. Try it, I hope you will be
satisfied. Is is very difficult for us to post answers to several discussion
groups like Yahoo, DSL Reports, etc... My personal feeling is that Kerio
forum is your advantage but if you don't like it or if you do not believe
it, it's imposible to satisfy you of its effectiveness. Give the new forum a
try ;-)

See you there.
Radek Siman

And then I guess Paul kissed and made up:

Hi Radek,

I have already joined the forum at Kerio, I never said for anyone to stay
away. I like that it can be used via email and there is not a need to use
the web interface. I encourage everyone that has an interest in Kerio to
join.
That said, I choose to keep using this group at Yahoo and hope that it
stays a peer to peer support group for Kerio. I also hope that the people
from Kerio keep connected to this group and the DSL Reports group, if not to
answer questions, but to keep informed about the wishes and feelings of your
customers. You will see thing here you won't see at the Kerio forums. I am
opposed to the people that try to discourage the use of this group.

Paul Coleman

Personally, moving away from Yahoo ads (although they are blocked by Firebird, you still have to click twice to see message content), SPAMers on Yahoo, and the typical idiot that you might encounter on a Yahoo group in general are enough grounds alone to move to the offical Kerio forum for information.

------------------

Anyways, soap opera issues aside, I also noticed that the "bugs" that I mentioned above (100% CPU when checking for updates in v4.0.6, and "an error has occured" while checking for updates in v4.0.7) have also been discussed on both forums. Example.

CK

 

[CityK]

Alright, despite the fact that its getting late and I should be heading to beddy-by, this thread should definitely be amended.

Since having last updated this thread, Kerio has released v4.0.8, which supposedly addresses and corrects a number of bugs/issues. That's nice and all, but my initial warm and fuzzy impressions of kpf v4, and of Kerio in general, are waning.

Most of what I have been reading from vetern Kerio users seems to point to the very obvious that v4 is a bloated and is still bug ridden (I personally think its better then Zonealarms and Symantec's offering, but otherwise am inclined to agree).

First off, it has been discovered that port 44334 is vulnerable and that the user can not close the port no matter what they try.
Example thread discussing this issue.. In my own case, checking on Steve-what's-his-face's Shields Up website or PCflank confirms this.

- Second, the bug in the manual update feature still presists

Although the following does not affect me in anyway, it shows a fundamental turn for which Kerio is taking: they have now removed support for OSes of the "server" variety. This has pissed off a number of users. An example of which can be seen in the official announcement thread on the Kerio forums. I had read the comments of one user somewhere who was quite disappointed by what he refered to as something that was rushed out the door in an effort to out bloat Symantec etc. Far be it for me to criticise Kerio's business goals, but they do indeed seem intent on becoming a mainstream commercial product.

Having started this thread off with a recomendation to skip over the older v2.1.5, I now find myself recanting that statement. It would seem more prudent that a user stick with the mature, and much smaller, v2.1.5. However, so far as to the info that I have garnered from the various forums (DSL, Kerio, Yahoo, and a few other sites) v2.1.5 is not the easiest thing to configure on your own...especially if your a networking ignorent knob like myself. Nonetheless, I think I will give the older version a go. It will be interesting to see how much mem resources the older version takes up incomparison to v4, which lamentably has an insatiable appetite which knows no bounds....alright, maybe I exaggerate a little, but its got to have a smaller footprint.

As a curious sidenote, a noticed a few people mention Outpost Firewall as another free alternative. I, however, think I am through playing lab rat for a while....

CK

 

[Will Rickards WT]

Aside from a stint of a few months were ZoneAlarm (free version) and Win2kSP3 did not get along, I have been using zonealarm happily. Recently it asked me to update to version 4. something. I said NO. Last time I said yes I got the buggy version that cause windows2000 to hang everytime outlook ran or something accessed the internet. I've never tested the firewall and I don't even look through the logs. I am blissfully happy in ignorance, trusting that the software works as advertised.

 

[Jan Kivar]

I can't understand why they made it look like ZA. Most likely to attract new users. I think that I'll re-install 2.1.5 back too.

Cheers,

Jan

 

[CougTek]

I'm using Zone Alarm Pro v.4.5.53 on my main computer and it never froze it (Win2K Pro SP4). Nothing but positive comments about it.

I use the free version of Zone Alarm on my other computers (one Win2K3 Server .Nut and others being Win2K Pro SP4) and the issues have been fairly rare.

 

[Mercutio]

I'd suggest reading on the links in Blake's thread about making a router in the Computers forum. I know not everyone has the time to set up a router/firewall but that really is the best way to go.

 

[Fushigi]

I use Tiny Personal Firewall V. 2. The free one that, IIRC, is no longer available. They went commercial with version 3 and I haven't followed it since then.

It's not that user-friendly initially, but I like the interface better than anything from Norton and the others.

 

[The JoJo]

I used to use Tiny/Kerio in versions ~2, but after that it got bloated and I skipped it. The info here makes me think the choice was right.

I've used ZA and F-secure after that.

 

[blakerwry]

i have been trying kerio... i think it's OK... but overall I dont like it... my idea of a good software firewall is the one that comes with winXP

 

[Howell]

I'd suggest reading on the links in Blake's thread about making a router in the Computers forum. I know not everyone has the time to set up a router/firewall but that really is the best way to go.

There are still travelling laptops to consider.

 

[blakerwry]

after some more trying I found kerio to freeze firebird/thunderbird on my laptop (which is the only machine I use a software firewall on)

I just uninstalled kerio... maybe I'll go firewall-less (it's win98se) or find a better firewall.

 

[Handruin]

I've had good luck with sygates personal (free) firewall.

 

[CityK]

after some more trying I found kerio to freeze firebird/thunderbird on my laptop

Although I haven't had time to fool around with this some anymore, I can report that I'm having no such problems with either Firebird or Thunderbird on my desktop.

Perhaps I came off a little harsh in my last post about this app. Let me try to restate a couple of things.

- there are a some known bugs in the current release i.e. autoupdates and that "open" unstealthed port.

- As for the "open" unstealthed port, you would have read through that link I gave up above to discover that your not absolutely vulnerable as in the case of an open door flapping in the breeze. It is, however, unfortunate that port scans can detect your machine and that a desired level of security is partially compromised right off the bat. To draw an analogy to the current state - its sort of like leaving your home at night but leaving all the lights on and the blinds not drawn. Perhaps a tempting target, but that's pretty much where the analogy ends, because unlike breaking into a house, most people don't have the skills to negotiate through the firewall. I would like to think that those who are truly skilled and determined enough to find a way around the firewall are not the type who would be setting their sights on average you or me. So, in terms of preventing low to medium level threats, I would say that this product will suffice just fine. In time, I don't doubt that some ingenius idiot would find an exploit and that it would eventually reach its way down to the script kiddie level. However, I imagine that Kerio will address and resolve this issue in their next release, and hopefully long before this present shortfall ever becomes a serious security threat to the average user.

- it is a bit of a resource hog. But no more so (and even less in some cases) than what I've seen with a few other s/w firewalls (Norton, Sygate, Zone). Part of my displeasure with this is the very fact that (if you haven't noticed from some of my other postings) I am continously looking for fully functional apps with low footprints

- its not for the noob, as its configuration options can overwhelm

- its got a lot of unnecessary eye candy/bloat. The eye candy clearly looks like its meant for attracting the mass market, but as I just mentioned, the knob could get very lost with this app. So, it is my opinion that Kerio has mismanaged their own product - The many satisfied users of v2.15 (which, as I've mentioned, was definitely more tailored to an intermediate user level) have been put off by the newer and bloated v4.0.x., while at the very same time, the (novice) users that Kerio seeks to attract with v4 will quite possibly feel overwhelmed by the many configuration options held over from the older v2.xx. Kerio should have produced seperate trunks, but have, instead, probably managed to alienate both markets.

CK

 

[i]

Current firewall too bloated? Not secure enough?

Sounds like you need ...

... dah dah daaaaaaahh ...

...an OpenBSD box configured as a bridge, with an integrated firewall!

 

[Fushigi]

...an OpenBSD box configured as a bridge, with an integrated firewall!

But...

Will you be blocking outbound comm as well? So that if you somehow acquire a virus/'bad thing' while surfing/emailing it won't be able to call the mother ship?

Will it stop the 'bad thing' that your kid brings home on an infected floppy/CD-R from a friend from communicating?

Will your bridge secure the PC from wardrivers who find and break into your WAP?

Security, like ogres and onions, is made up of layers. Having an outer firewall is good, but the individual machines also need to be protected.