Kerio in WinXP

[jp]

Archived from groups: comp.security.firewalls (More info?)

I've been looking at personal firewalls and just tried Kerio 4.x (I use
2.1.x a whle ago on a Win2000 install and it worked fine). I basically
want to be told what is trying to get "out/in" to my network and only
allow things that I want. This may give me an idea if I get some nasty
internet infection.

After the install the system rebooted but failed to display the login
box. I booted up in Safe Mode and disabled the Kerio service and on
rebooting the login screen appeared, I was then able to start the
firewall manually (not the ideal fix...)

Whenever I changed the configuration to start the firewall automatically
the system would not display the login screen and had to be reset, I've
since removed Kerio from my system and am using the built in firewall
which isn't as good IMHO but I guess it does the job even though it's a
pain to configure.

Has anyone else had this problem?

Cheers

JP

OS: Windows XP Pro SP1 (all updates installed)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

JP <ft00mch@hotmail.com> wrote in news:ODHuc.2668$ez4.619
@pathologist.blueyonder.net:

> I've been looking at personal firewalls and just tried Kerio 4.x (I use
> 2.1.x a whle ago on a Win2000 install and it worked fine). I basically
> want to be told what is trying to get "out/in" to my network and only
> allow things that I want. This may give me an idea if I get some nasty
> internet infection.
>
> After the install the system rebooted but failed to display the login
> box. I booted up in Safe Mode and disabled the Kerio service and on
> rebooting the login screen appeared, I was then able to start the
> firewall manually (not the ideal fix...)
>
> Whenever I changed the configuration to start the firewall
automatically
> the system would not display the login screen and had to be reset, I've
> since removed Kerio from my system and am using the built in firewall
> which isn't as good IMHO but I guess it does the job even though it's a
> pain to configure.
>
> Has anyone else had this problem?
>
> Cheers
>
> JP
>
> OS: Windows XP Pro SP1 (all updates installed)
>

Since you're using the XP FW, it's not a bad FW at all. IMHO, the XP FW
is as good as the others and does its job in stopping unsolicited inbound
traffic.

http://support.microsoft.com/default.aspx?scid=kb;en-us;q321050#appliesto

Soon with the release of SP2 for XP, the XP FW will have application
control and has been programmed to get to TCP/IP connection at boot,
which I think is a vulnerable spot and PFW(s) don't seem to cover this
area.

There is another element on the XP O/S that acts very much like a FW and
is a good complement to any host based FW it runs behind and that's IPsec
and is a very powerful piece of software that can protect a server or
workstation. It too gets to the TCP/IP connection at boot and can stop
inbound or outbound by port, IP or protocol.

http://www.securityfocus.com/infocus/1559
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

The AnalogX file when implemented will provide instant protection. You
may have to enable an APS SecPol Client service or two like POP3 and
NNTP.

http://www.analogx.com/contents/articles/ipsec.htm

http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.msp
x

You may want to look into *hardening* the XP O/S a little bit.

http://www.uksecurityonline.com/husdg/windowsxp.php

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

> My initial feeling about XP's built-in firewall is that it would
>obviously let through traffic that M$ wants to let through without
>asking me about it. You might as well trust a fox to guard the chicken
>coop. I think a 3rd party firewall is inherently more trustworthy than
>that of the OS vendor.

If you don't trust Microsoft, you shouldn't install their operating system. If
they really wanted to sneak in and steal your soul, no software firewall would
protect you. They'd just include the bypass in the TCP/IP driver. An exterior
hardware firewall might block the Evil Empire, but if you are really that
paranoid, you shouldn't run Windows in the first place.
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <10bot1rjbvece51@corp.supernews.com>, dvader@deathstar.mil
says...
> > My initial feeling about XP's built-in firewall is that it would
> >obviously let through traffic that M$ wants to let through without
> >asking me about it. You might as well trust a fox to guard the chicken
> >coop. I think a 3rd party firewall is inherently more trustworthy than
> >that of the OS vendor.
>
> If you don't trust Microsoft, you shouldn't install their operating system. If
> they really wanted to sneak in and steal your soul, no software firewall would
> protect you. They'd just include the bypass in the TCP/IP driver. An exterior
> hardware firewall might block the Evil Empire, but if you are really that
> paranoid, you shouldn't run Windows in the first place.

Sound advise from someone that doesn't understand that the same could be
true in ANY OS. The Evil empire is not MS, but the massive number of
lamers that post/hack all OS platforms for the fun of it.

Windows platforms can be secured in a manner that will prevent
infections from spreading, but, as many users are not technical, don't
have a clue, don't even do any form of update, there is no expectation
that it will stop. The same is true with non-technical Linux types,
there are many holes in their OS/apps, and as long as they leave them
unpatched they present easy targets. The real issue is the size of the
target, the larger the target (MS) the more things that will attack it.

While I use both platforms, and enjoy both, I'm almost hoping that Linux
never makes it to the home user in the same level as the Windows
platform has - once it becomes as big a target we'll have two (or more)
versions of every virus running around the net and even more problems.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

JP wrote:
> I've been looking at personal firewalls and just tried Kerio 4.x (I
> use
> 2.1.x a whle ago on a Win2000 install and it worked fine). I basically
> want to be told what is trying to get "out/in" to my network and only
> allow things that I want. This may give me an idea if I get some nasty
> internet infection.

<snip problem>

> Has anyone else had this problem?
> OS: Windows XP Pro SP1 (all updates installed)

No, but I didn't like the overkill in Kerio 4 so I went back to version
2.1.5, and it works perfect for me.
You still can download version 2.1.5 and 2.1.4 from kerio.com (for example:
http://eu.download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe)

Good luck,

GJ

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Taking a moment's reflection, Leythos mused:
|
| Sound advise from someone that doesn't understand that the same could be
| true in ANY OS. The Evil empire is not MS, but the massive number of
| lamers that post/hack all OS platforms for the fun of it.

I think the point was ... if you don't trust the software (any software)
to that extent, then you shouldn't have it installed in the first place.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

> I think the point was ... if you don't trust the software (any software)
>to that extent, then you shouldn't have it installed in the first place.

Exactly. Thank you. As a matter of fact, I have been using Windows client and
server for over ten years without a single successful intrusion, infection or
exploitation.
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <10bpg1d89sa6q7c@corp.supernews.com>, dvader@deathstar.mil
says...
> > I think the point was ... if you don't trust the software (any software)
> >to that extent, then you shouldn't have it installed in the first place.
>
> Exactly. Thank you. As a matter of fact, I have been using Windows client and
> server for over ten years without a single successful intrusion, infection or
> exploitation.

I've been working with computers, designing motherboards, designing
code, etc... since the 70's and never had a single computer under my
responsibility compromised. It's easy to do once you understand the
threats and protection methods.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote:
> I've been working with computers, designing motherboards, designing
> code, etc... since the 70's and never had a single computer under my
> responsibility compromised. It's easy to do once you understand the
> threats and protection methods.

That background is hardly typical of the average Windows user, so
protection is not as simple to most of us as it is to you.

R. P.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"R. P." <r_pol12gar@hotmail.com> wrote in message
news:QDbvc.29194$pt3.20623@attbi_s03...
> "Leythos" <void@nowhere.com> wrote:
> > I've been working with computers, designing motherboards, designing
> > code, etc... since the 70's and never had a single computer under my
> > responsibility compromised. It's easy to do once you understand the
> > threats and protection methods.
>
> That background is hardly typical of the average Windows user, so
> protection is not as simple to most of us as it is to you.
>

I don't think anyone who replied to you is a typical/average Windows user.


Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <QDbvc.29194$pt3.20623@attbi_s03>, r_pol12gar@hotmail.com
says...
> "Leythos" <void@nowhere.com> wrote:
> > I've been working with computers, designing motherboards, designing
> > code, etc... since the 70's and never had a single computer under my
> > responsibility compromised. It's easy to do once you understand the
> > threats and protection methods.
>
> That background is hardly typical of the average Windows user, so
> protection is not as simple to most of us as it is to you.

I think you are wrong, the fact that there are a zillion sites that
explain how to secure you computer seems to indicate that you just need
to read a little.

Even MS tells you how to lock down a system, on every platform.

My background gives me the ability to work with many platforms, Windows
being just one of them. I happen to also use a RH9 system daily too, but
I stick with my Windows based systems due to my clients needs and
software constraints.

If you want to secure a windows PC there are only a few things that you
need to do:

1) Get your system behind a NAT device.
2) Install Antivirus software that gets frequent updates
and runs all the time (must scan in/out email).
3) Run Windows Update every day (can be automated).
4) Change the default IE settings so that your internet zone
is set to HIGH and your Trusted Zone is set to MEDIUM, put
the sites you trust in the trusted zone.
5) Uninstall windows options and applications you don't need.
6) Don't open attachments from ANYONE unless you asked them to
send you the attachment - not even from your mom.
7) Don't run P2P sharing programs or other lame pirate ware.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote:
> I think you are wrong, the fact that there are a zillion sites that
> explain how to secure you computer seems to indicate that you just
need
> to read a little.

No kiddin'! I would actually have to read a little? You know what? If
that was the only thing that required a little reading, life would be so
easy. Unfortunately there are so many other, more important things that
also require reading and there are just so many hours in a day available
for it. Especially if one's got a life, too, besides reading computer
related stuff. After all, computers are supposed to make life easier
and free up more time for other things, right?

> My background gives me the ability to work with many platforms,
Windows
> being just one of them. I happen to also use a RH9 system daily too,
but
> I stick with my Windows based systems due to my clients needs and
> software constraints.

Well, good for you.

> If you want to secure a windows PC there are only a few things that
you
> need to do:
>
> 1) Get your system behind a NAT device.

I've got it. Behind a Syslink router. Still amazing how many attempts
are detected by ZoneAlarm.

> 2) Install Antivirus software that gets frequent updates
> and runs all the time (must scan in/out email).

Got it: PC-cillin 2003, with automatic virus pattern updates.

> 3) Run Windows Update every day (can be automated).

Have it, too.

> 4) Change the default IE settings so that your internet zone
> is set to HIGH and your Trusted Zone is set to MEDIUM, put
> the sites you trust in the trusted zone.

This I need to check, but how is one to know ahead of time if a new site
can be trusted?

> 5) Uninstall windows options and applications you don't need.

Oh, that would take some reading time I haven't found yet.

> 6) Don't open attachments from ANYONE unless you asked them to
> send you the attachment - not even from your mom.

Been there, done that.

> 7) Don't run P2P sharing programs or other lame pirate ware.

Never have, never will.
To my knowledge my system so far has been well protected, but that's no
reason to lower my guard, is it?

Thanks for sharing nevertheless,
R. P.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

You're wasting your time. The arrogance and the ignorance of the person are
unbelievable.

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <Hjxvc.35460$3x.5351@attbi_s54>, r_pol12gar@hotmail.com
says...
> > 4) Change the default IE settings so that your internet zone
> > is set to HIGH and your Trusted Zone is set to MEDIUM, put
> > the sites you trust in the trusted zone.
>
> This I need to check, but how is one to know ahead of time if a new site
> can be trusted?

A new site can only be trusted if it's a commercial site (like a bank)
or a site that you are somehow sure it's not a hacker site. It's one of
those things that you have to make the call on yourself. Worst case it
will act like the normal IE settings (since you set the Trusted Zone to
MEDIUM).

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <Hjxvc.35460$3x.5351@attbi_s54>, r_pol12gar@hotmail.com
says...
> > 2) Install Antivirus software that gets frequent updates
> > and runs all the time (must scan in/out email).
>
> Got it: PC-cillin 2003, with automatic virus pattern updates.

I never use PC-Cillian or McAfee, they have proven to miss thing in our
testing. While people may complain about it, Symantec AV products have
never failed any of our tests and we've never had a compromised system
while running Symantec AV products.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Taking a moment's reflection, R. P. mused:
|
| No kiddin'! I would actually have to read a little? You know what? If
| that was the only thing that required a little reading, life would be so
| easy. Unfortunately there are so many other, more important things that
| also require reading and there are just so many hours in a day available
| for it.

So, security through obtuseness? How's that working for you?
Obviously, you are interested in security, or you wouldn't be here ... yet
you profess to find it unimportant enough to take any time on. So, wait ...
why are you here?

 

[jp]

Archived from groups: comp.security.firewalls (More info?)

"GJ" <no@mail.invalid> wrote in message
news:c9i5vc$49i$1@netlx020.civ.utwente.nl...
> JP wrote:
> > I've been looking at personal firewalls and just tried Kerio 4.x (I
> > use
> > 2.1.x a whle ago on a Win2000 install and it worked fine). I basically
> > want to be told what is trying to get "out/in" to my network and only
> > allow things that I want. This may give me an idea if I get some nasty
> > internet infection.
>
> <snip problem>
>
> > Has anyone else had this problem?
> > OS: Windows XP Pro SP1 (all updates installed)
>
> No, but I didn't like the overkill in Kerio 4 so I went back to version
> 2.1.5, and it works perfect for me.
> You still can download version 2.1.5 and 2.1.4 from kerio.com (for
example:
> http://eu.download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe)
>


Thanks, got it and installed no probs. Nice to be able to monitor outgoing
connections again.

J

--
There are 10 types of people in this world
Those that understand binary and those that don't