Older PFWs: Sygate, Kerio 2.1.5, etc.

I realize that some here are of the opinion that effective outbound
protection on a Windows system is impossible and that all PFWs are
useless. That aside...

I still see people recommending Sygate's PFW and Kerio 2.1.5. It
doesn't seem prudent to me to use security software that hasn't been
updated in a long time.

At approximately the same time (middle/end of 2005) Kerio was sold to
Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
product(s) (ProcessGuard?) stopped.

Was some major flaw in these products disclosed at that time?

Given that any PFW is of value, is it wise to run PFWs that have long
since been supported?

--
Bob

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

Bob Jones wrote:
> I realize that some here are of the opinion that effective outbound
> protection on a Windows system is impossible and that all PFWs are
> useless.

"Outbound protection" is not a good idea at all, if it would be
possible. Additionally it's not possible to implement it in a secure
way.

> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
> doesn't seem prudent to me to use security software that hasn't been
> updated in a long time.

Yes. Right.

> At approximately the same time (middle/end of 2005) Kerio was sold to
> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
> product(s) (ProcessGuard?) stopped.
> Was some major flaw in these products disclosed at that time?

Kerio just is buggy. Sygate has bad security design flaws, for example
implementing a system service, which opens windows.

> Given that any PFW is of value, is it wise to run PFWs that have long
> since been supported?

It would be wise to have a security concept, to see, what threats are
there and to think about counter measures first. To buy security in
yellow boxes will not work, never.

Yours,
VB.
--
"Life was simple before World War II. After that, we had systems."
Grace Hopper

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

On 16 Dec 2006 18:51:16 +0200, Volker Birk wrote:

>Bob Jones wrote:
>> I realize that some here are of the opinion that effective outbound
>> protection on a Windows system is impossible and that all PFWs are
>> useless.
>
>"Outbound protection" is not a good idea at all, if it would be
>possible. Additionally it's not possible to implement it in a secure
>way.
>
>> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
>> doesn't seem prudent to me to use security software that hasn't been
>> updated in a long time.
>
>Yes. Right.
>
>> At approximately the same time (middle/end of 2005) Kerio was sold to
>> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
>> product(s) (ProcessGuard?) stopped.
>> Was some major flaw in these products disclosed at that time?
>
>Kerio just is buggy. Sygate has bad security design flaws, for example
>implementing a system service, which opens windows.
>
>> Given that any PFW is of value, is it wise to run PFWs that have long
>> since been supported?
>
>It would be wise to have a security concept, to see, what threats are
>there and to think about counter measures first. To buy security in
>yellow boxes will not work, never.

Thanks.

--
Bob

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

In article ,
none@invalid.address says...
> I realize that some here are of the opinion that effective outbound
> protection on a Windows system is impossible and that all PFWs are
> useless. That aside...
>
> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
> doesn't seem prudent to me to use security software that hasn't been
> updated in a long time.
>
> At approximately the same time (middle/end of 2005) Kerio was sold to
> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
> product(s) (ProcessGuard?) stopped.
>
> Was some major flaw in these products disclosed at that time?
>
> Given that any PFW is of value, is it wise to run PFWs that have long
> since been supported?
>
>
It is possible to have effective outbound protection using kerio 2.15 and
/ or sygate.Not 100% of course ...but every little helps.I personally
prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
prefer the puritanical approach ,which in laboratory conditions or being
members of the said families ..may suffice.The choice is yours...suck it
and see ;)
me

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

Bob Jones wrote:

> I realize that some here are of the opinion that effective outbound
> protection on a Windows system is impossible and that all PFWs are
> useless. That aside...
>
> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
> doesn't seem prudent to me to use security software that hasn't been
> updated in a long time.
>
> At approximately the same time (middle/end of 2005) Kerio was sold to
> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
> product(s) (ProcessGuard?) stopped.
>
> Was some major flaw in these products disclosed at that time?
>
> Given that any PFW is of value, is it wise to run PFWs that have long
> since been supported?


Kerio 2.1.5 has bugs and some minor vulnerabilities, possibly
insignificant, if combined with other safety measures. That are:

1. Install carefully the Windows updates. I do that manually to be
able to later install them at one go in case of fresh Windows install:
http://www.microsoft.com/technet/security/current.aspx

2. Use only secure software with internet access and abandon or
block insecure ones. I have currently blocked Internet Explorer 6
from net, but since some other software uses it for internal help
or some components of it, it has stayed in my machine for internal
use only. Since I don't use autoupdate and because of constant
development of browsers like Mozilla and Opera, IE is not needed
for web use anymore.

3. Adjust the services off that you don't need. This has the advantage
of reducing memory consumption. The ng experts recommended this:
http://www.ntsvcfg.de/ntsvcfg_eng.html

I did run this solution, but it looks that the most hardened option
may create some minor problems, at least I had some temporary non-
functionality with USB devices, but I can't positively confirm this.
It could be that the Windows and applications may be capable to do
"readjustments" to services after this, so do not put too much trust
on this one alone and check occasionally what's going on.

3. Using NAT router or real firewall device will block inbound access.
At least for me.


Whether or not this kind of tweaking pays off is up to oneself. Getting
a commercial security suite like F-Secure means that software does the
monitoring for you - that makes life so much easier, especially if no
hardware firewall is in use. But for slow, older PC's with less RAM
manual adjustments with Kerio 2.1.5 may work well enough.


--
S.Suikkanen

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

On Dec 17, 12:05 am, Bob Jones wrote:
> Given that any PFW is of value, is it wise to run PFWs that have long
> since been supported?

I think this question is of particular interest.

The very nature of security is "changing". Kerio and such were once
very nice. But time has plagued them into what I would say "unusable"
state given they are not being polished from time to time.

If you get what I mean.

Chris
--
We review the best freeware (SM)
http://goodfreeware.blogspot.com/

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

bassbag wrote:
> In article ,
> none@invalid.address says...
>> I realize that some here are of the opinion that effective outbound
>> protection on a Windows system is impossible and that all PFWs are
>> useless. That aside...
>>
>> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
>> doesn't seem prudent to me to use security software that hasn't been
>> updated in a long time.
>>
>> At approximately the same time (middle/end of 2005) Kerio was sold to
>> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
>> product(s) (ProcessGuard?) stopped.
>>
>> Was some major flaw in these products disclosed at that time?
>>
>> Given that any PFW is of value, is it wise to run PFWs that have long
>> since been supported?
>>
>>
> It is possible to have effective outbound protection using kerio 2.15 and
> / or sygate.Not 100% of course ...but every little helps.I personally
> prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
> prefer the puritanical approach ,which in laboratory conditions or being
> members of the said families ..may suffice.The choice is yours...suck it
> and see ;)
> me
I'm still using an old Sygate on my desktop and Windows
Firewall on my laptop which is often used wirelessly.

I'm not really happy with either solution even though at
home I run a NAT router.

Why do you prefer Kerio over Sygate?

TIA

Louise

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

On Thu, 21 Dec 2006 22:51:53 -0500, louise
wrote:

>bassbag wrote:
>> In article ,
>> none@invalid.address says...
>>> I realize that some here are of the opinion that effective outbound
>>> protection on a Windows system is impossible and that all PFWs are
>>> useless. That aside...
>>>
>>> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
>>> doesn't seem prudent to me to use security software that hasn't been
>>> updated in a long time.
>>>
>>> At approximately the same time (middle/end of 2005) Kerio was sold to
>>> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
>>> product(s) (ProcessGuard?) stopped.
>>>
>>> Was some major flaw in these products disclosed at that time?
>>>
>>> Given that any PFW is of value, is it wise to run PFWs that have long
>>> since been supported?
>>>
>>>
>> It is possible to have effective outbound protection using kerio 2.15 and
>> / or sygate.Not 100% of course ...but every little helps.I personally
>> prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
>> prefer the puritanical approach ,which in laboratory conditions or being
>> members of the said families ..may suffice.The choice is yours...suck it
>> and see ;)
>> me
>I'm still using an old Sygate on my desktop and Windows
>Firewall on my laptop which is often used wirelessly.
>
>I'm not really happy with either solution even though at
>home I run a NAT router.
>
>Why do you prefer Kerio over Sygate?
>
>TIA
>
>Louise

I have a couple of questions. Why do some people think they need to
update their PFW? If it used to work, why do you think it won't work
now?

The argument that a PFW is just a packet filter is correct, isn't that
what all firewalls are? They examine packets of data that are sent or
received and filter out the "bad" ones according to rules you have
set. Am I missing something here?

Subscribing to updates for an antiviral program makes sense, viruses
change and the writers come up with better ways to implant their
malware. But if your PFW can tell which program exactly is attempting
to send packets, then isn't it doing what you want it to do?

Jack


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0664-0, 12/28/2006
Tested on: 12/28/2006 11:40:56 AM
avast! - copyright (c) 1988-2006 ALWIL Software.
http://www.avast.com

Re: Older PFWs: Sygate, Kerio 2.1.5, etc.

On 12/28/2006 8:40 AM, something possessed You guess to write:
> On Thu, 21 Dec 2006 22:51:53 -0500, louise
> wrote:
>
>> bassbag wrote:
>>> In article ,
>>> none@invalid.address says...
>>>> I realize that some here are of the opinion that effective outbound
>>>> protection on a Windows system is impossible and that all PFWs are
>>>> useless. That aside...
>>>>
>>>> I still see people recommending Sygate's PFW and Kerio 2.1.5. It
>>>> doesn't seem prudent to me to use security software that hasn't been
>>>> updated in a long time.
>>>>
>>>> At approximately the same time (middle/end of 2005) Kerio was sold to
>>>> Sunbelt, Sygate was sold to Symantec and development of some DiamondCS
>>>> product(s) (ProcessGuard?) stopped.
>>>>
>>>> Was some major flaw in these products disclosed at that time?
>>>>
>>>> Given that any PFW is of value, is it wise to run PFWs that have long
>>>> since been supported?
>>>>
>>>>
>>> It is possible to have effective outbound protection using kerio 2.15 and
>>> / or sygate.Not 100% of course ...but every little helps.I personally
>>> prefer kerio 2.15.Volker and cohorts of course suggest otherwise ,and
>>> prefer the puritanical approach ,which in laboratory conditions or being
>>> members of the said families ..may suffice.The choice is yours...suck it
>>> and see ;)
>>> me
>> I'm still using an old Sygate on my desktop and Windows
>> Firewall on my laptop which is often used wirelessly.
>>
>> I'm not really happy with either solution even though at
>> home I run a NAT router.
>>
>> Why do you prefer Kerio over Sygate?
>>
>> TIA
>>
>> Louise
>
> I have a couple of questions. Why do some people think they need to
> update their PFW? If it used to work, why do you think it won't work
> now?
>
> The argument that a PFW is just a packet filter is correct, isn't that
> what all firewalls are? They examine packets of data that are sent or
> received and filter out the "bad" ones according to rules you have
> set. Am I missing something here?
>
> Subscribing to updates for an antiviral program makes sense, viruses
> change and the writers come up with better ways to implant their
> malware. But if your PFW can tell which program exactly is attempting
> to send packets, then isn't it doing what you want it to do?
>
> Jack
>
>
> ---
> avast! Antivirus: Outbound message clean.
> Virus Database (VPS): 0664-0, 12/28/2006
> Tested on: 12/28/2006 11:40:56 AM
> avast! - copyright (c) 1988-2006 ALWIL Software.
> http://www.avast.com
>
>
>
Certain "packet filters" may contain discovered vulnerabilities in the
older versions which, when exploited, may give a remote user improper
privileges on the local machine/network. Not to mention we want to keep
an eye out for all those "zero-day vulnerabilities" as well ;-)