Avast WEBforum
Other => General Topics => Topic started by: justin1278 on December 23, 2005, 02:05:04 AM
-
Sunbelt has finished the Kerio buyout. You can download the Sunbelt Kerio Personal Firewall at
http://www.sunbelt-software.com/Kerio.cfm
Sunbelt has not changed much about the firewall except the name. I think they fixed the interface glitch because I haven't had it yet.
Note: If you have an Older Version of Sunbelt Kerio Personal Firewall you should uninstall it before installing the Sunbelt version.
-
They have also changed the price of the full version: now under ten quid ($14.95) for a limited time.
Cheap as chips!
Sadly, avast! pro at almost $50 reamains too expensive for me to justify.
Maybe a special offer on avast! would bring in some more cash?
-
why You need avast! pro version ?
-
I don't. I'd just like to support Alwil. New virus analysts don't work for nothing!
-
We have also hired new sales people, to be more precise... ;D
-
I don't. I'd just like to support Alwil. New virus analysts don't work for nothing!
I think you don't have to worry about that...
But if alwil would drop the prices for avast pro! a little that would be cool cause the current prices are really too much IMHO.
-
But if alwil would drop the prices for avast pro! a little that would be cool cause the current prices are really too much IMHO.
I agree with you.
For many developing countries in Asia (like my country), the current price of avast! Pro (39.95 USD) is really too much for us. When the salary of bachelor's degree is about 230 USD/month so most of us can't afford avast! Pro (39.95 USD) for sure.
I think if Alwil wants to sell avast! Pro (through local reseller) for home users in poor-developing countries in Asia so Alwil HAVE TO drop the price for avast Pro a little.
Eset already drops the price for NOD32 in my country so local reseller can sell NOD32 for home users only about 6.5 USD and I'd say legal NOD32 license is more and more popular in my country while many people use illegal avast! Pro. :-\
I have my own computer repair shop and I used to think to become avast! reseller but I think I don't do that because avast! Pro's price can't compete to NOD32's price so all I have to do for my beloved avast! is that set up a dedicated website in my language to promote avast! Home Edition for home users. :)
-
While many people use illegal avast! Pro. :-\
I won't believe on this... just try to download any P2P pirated version of avast and you'll see you can't update. At least, almost last week, there isn't an available working pirated Pro version key in the web 8)
All I have to do for my beloved avast! is that set up a dedicated website in my language to promote avast! Home Edition for home users. :)
I've asked a lot of times to them... without a final answer... Why don't we receive a stripped version of the website for translation?
-
While many people use illegal avast! Pro. :-\
I won't believe on this... just try to download any P2P pirated version of avast and you'll see you can't update. At least, almost last week, there isn't an available working pirated Pro version key in the web 8)
Ohhh, I hope it's true.
But according to many local software forum in my country I've always seen people use/ask for illegal avast! Pro, it seems to me that novice people always think that avast! Home (free) can't catch virus so well and inferior to avast! Pro (shareware) and I think they happy to use avast! Pro than Home even they don't know how to use many options in avast! Pro.
And when someone wants to purchase antivirus software, I think 98% of them go to NOD32 because it's very very cheap as I said. :-\
-
And when someone wants to purchase antivirus software, I think 98% of them go to NOD32 because it's very very cheap as I said. :-\
Like me ;)
-
Yep TAP & ReVaN,
That is why they should have a regional pricing strategy. If you earn dollars you can spend dollars, but you have to sell hamburgers at hamburger value. Going to the hairdressers in Amsterdam is more expensive than going there in Moscow.
There could also be special packet or bundle arrangements, like Penicillin did in the past, came included with a new install. I also saw a lot of Xmas rebates as to 35% off for the Season (Ad-Aware pro), you could also think of an upgrade version at 40% less expensive as the full new version. Benefit you have people accustomed to using the free Avast and let them upgrade to a Pro Version as a bonus for staying with the product. But I am not an AV product seller, I am just an enthusiast end-user. Thanks heaven that Avast has chosen the ZoneAlarm model, living from the business versions and let the home user have a reliable fullfletched solid security product. I like this philosophy very much.
polonus
-
because I'm just lone :) my best support to Alwil is that i recommend theirs products to my partners and customers ...
and of course ... i spread the word about to world :)))
i want to see what new system Alwil brings for suspicious files submission :)
-
Sunbelt has finished the Kerio buyout. You can download the Sunbelt Kerio Personal Firewall at
http://www.sunbelt-software.com/Kerio.cfm
On Sunbelt Kerio's website (the link above) a review is recommended. http://www.pcmag.com/article2/0,1759,1864604,00.asp
Of the cons for Kerio is that it is "Fairly easily disabled by malicious software". The other firewalls in that review also are able to be disabled by malicious software except ZoneAlarm. ZA couldn't be disabled. Some put down ZA freeware because it fails the infamous "tool leaky" test. I have never had a problem with anything getting by the "tool leaky" leak, but I got a pop up from ZA that said someone or something was trying to disable ZA (not exact words). ZA Free held strong! My computer was safe.
This one for Paul Harvey to tell. The Rest of the Story
-
The point of the article on ZA's dealing with port 113 at GRC (https://www.grc.com/port_113.htm) is that ZA deals with packets more flexibly than Kerio does. Kerio deals with packets statically, which makes it venerable to packet attacks once targeted.
I once even saw Kerio shut down in front of me when I was listening to BBC radio streaming. For some reason, at times, BBC site keeps sending numerous packets at a port with a random huge number, which seems to be useless since I can listen to the radio stream even when Kerio is totally blocking the port.
-
The point of the article on ZA's dealing with port 113 at GRC (https://www.grc.com/port_113.htm) is that ZA deals with packets more flexibly than Kerio does. Kerio deals with packets statically, which makes it venerable to packet attacks once targeted.
I once even saw Kerio shut down in front of me when I was listening to BBC radio streaming. For some reason, at times, BBC site keeps sending numerous packets at a port with a random huge number, which seems to be useless since I can listen to the radio stream even when Kerio is totally blocking the port.
I've noticed exactly the same thing and that really makes me wonder... So far, best possible solution(s) at this moment are Comodo personal firewall and ZoneAlarm Pro.
-
Unfortunately ZA Pro is overbloated with features i don't need IMO.
-
And when someone wants to purchase antivirus software, I think 98% of them go to NOD32 because it's very very cheap as I said.
What do you mean? Nod32 is more expensive than avast pro (single license is the same price - $39/year, but volume licensing is less expensive in the case of avast, and so is the possibility of longer subscriptions (2 or 3 years)).
-
Well in my country Nod32 is cheaper...
-
Well in my country Nod32 is cheaper...
what's approx difference in prices ?
-
what's approx difference in prices ?
Let me think 1-2 € ;D . I know it's nothing but they have special discounts for students(up to 50% of the original price)with Nod and you can get other AV programs such as Bitdefender for half the price of avast!.
-
hmm then suggest some STUDent like licence
(EDUcation one already exist for non profit education bodies)
to ALWIL software :)
-
hmm then suggest some STUDent like licence
(EDUcation one already exist for non profit education bodies)
to ALWIL software :)
I also think Nod32 is too expensive see?But at least i get tech support in my language and the program is in my language too.But i am working on getting avast! translated in my language.I think Bitdefender has a very good price and i came very close to buying it is just i think Nod32 and avast! are better IMHO.That being said i say again IMHO avast! pro is too expensive.
-
Sunbelt has finished the Kerio buyout. You can download the Sunbelt Kerio Personal Firewall at
http://www.sunbelt-software.com/Kerio.cfm
On Sunbelt Kerio's website (the link above) a review is recommended. http://www.pcmag.com/article2/0,1759,1864604,00.asp
Of the cons for Kerio is that it is "Fairly easily disabled by malicious software". The other firewalls in that review also are able to be disabled by malicious software except ZoneAlarm. ZA couldn't be disabled. Some put down ZA freeware because it fails the infamous "tool leaky" test. I have never had a problem with anything getting by the "tool leaky" leak, but I got a pop up from ZA that said someone or something was trying to disable ZA (not exact words). ZA Free held strong! My computer was safe.
This one for Paul Harvey to tell. The Rest of the Story
Hi rdmaloyjr,
This is the biggest nonsense I have read, I experienced it twice that ZoneAlarm was taken down. how easy that could be done by a trojan, you can read here:
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0146.html
There is also a four line bat file mentioned that can take ZoneAlarm down. I must mention here that breaking through firewalls is an offense, and some countries have the death penalty for it. To prevent this from happening advanced users change using software firewalls, two months ZA, two months Kerio, two months Comodo etc. I must mention here that the bat file for bringing ZoneAlarm down does not work for the pro version when a password is set, all free versions are not protected as far as I know up to date.
polonus
-
...users change using software firewalls, two months ZA, two months Kerio, two months Comodo etc.
Are you describing me perhaps? ;D ;D ;D Cause those are exactly the programs i keep switching ;) But i must say i keep coming back to Kerio....
Cheers
Mikey
-
Hi rdmaloyjr,
This is the biggest nonsense I have read, I experienced it twice that ZoneAlarm was taken down. how easy that could be done by a trojan, you can read here:
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0146.html
There is also a four line bat file mentioned that can take ZoneAlarm down. I must mention here that breaking through firewalls is an offense, and some countries have the death penalty for it. To prevent this from happening advanced users change using software firewalls, two months ZA, two months Kerio, two months Comodo etc. I must mention here that the bat file for bringing ZoneAlarm down does not work for the pro version when a password is set, all free versions are not protected as far as I know up to date.
polonus
Polonus,
I quoted what I read in the review (4stars) that was recommended by Sunbelt Kerio & I told of an experience I had.
Maybe you should inform Sunbelt Kerio & PC Mag about the "nonsense".
I'm using Kerio now because I had a serious problem with my computer crashing. I thought it might be ZA at fault so I tried comodo, avast! web shield wouldn't work with comodo & it wouldn't pass Shields Up so I went to Kerio. I had the same crashing with Kerio & it won't pass Shields Up either. I didnt keep comodo long enough to see if my computer would crash with it.
I think I got the problem fixed & will soon return to ZA. Whatever anyone might say about ZA at least I can get it configured the way I want it & ZA passes Shields Up.
I know everyone claims comodo & Kerio will pass Shields Up. How about letting me in on the secret? I was told I was the only one that web shield wouldn't work with comodo. Any ideas why?
It's the ping test that comodo & Kerio failed in Shields Up. I tried deny on all ping tracerts in & out with Kerio but it still failed.
-
I end up with being a royal Kerio user except some trials with some other popular apps. Also, since I don't have a server of my own or fixed IP, I make it a rule to turning off the modem when no PCs are online. Of course, all the probe tests I had found confirmed that my system was stealthed.
I know everyone claims comodo & Kerio will pass Shields Up. How about letting me in on the secret? I was told I was the only one that web shield wouldn't work with comodo. Any ideas why?
It's the ping test that comodo & Kerio failed in Shields Up. I tried deny on all ping tracerts in & out with Kerio but it still failed.
I cannot remember what Kerio default settings were but did you uncheck "Enable predefined network security" in Network Security/Predefined tab? It shouldn't be too tough to pass the test and even WinXP SP2 Firewall can pass it if configured properly while it is needless to say that it is not designed to offer any protection against leak tests.
-
in response to rdmaloyjr
problems described by You (failing ShieldsUp test an ping etc.) are configuration issues (KPF settings) not software bugs or missing features ...
in short ... problem is between chair and keyboard ...
and ... nothing against You ... this is just fact ...
---
to discussion about application terminating / obey ...
so far there is NONE software firewall on market capable alive all types of 'termination' ...
some went prety far with tries to defend but in the end i will suggest use some specialised utils to add one protective layer on kernel level ...
-
Hi rdmaloyjr,
I think Steve Gibson and others gave the free ZA a mythical status it cannot live up to. Read this here. I do not know if ZA is still vulnerable to this mutex exploit, but ZA must not acquire a sort of Snort status, the software Firewall of choice. Read this:
------------------------
DESCRIPTION:
Zone Labs "ZoneAlarm" and "ZoneAlarm Pro" programs both use a Mutex - an
event synchronisation memory object - to determine if it has already loaded
(to prevent loading a second instance of the firewall).
THE PROBLEM:
By design, ZoneAlarm\ZoneAlarm Pro has no way of determining WHICH program
actually set the Mutex, thus allowing a trojan to use the Mutex and block
both ZoneAlarm and ZoneAlarm Pro from loading.
THE EXPLOIT:
A trojan can easily set this Mutex ("Zone Alarm Mutex") with one simple call
to the CreateMutex API (see msdn.microsoft.com for more information on
Mutexes). ZoneAlarm\ZoneAlarm Pro are then be prevented from loading while
the trojan is alive. If ZoneAlarm is running, all the trojan has to do is
terminate the processes of zonealarm.exe, vsmon.exe and minilog.exe first
before creating the Mutex. Despite being services, vsmon.exe and minilog.exe
can both be killed by any program by setting it's local process token
privileges to SeDebugPrivilege, giving it the power to kill any
process/service.
SOLUTION:
We offered suggestions to Zone Labs Inc. in October/November, including
encryption/hashing of the Mutex, but all were dismissed, and none have been
implemented.
ZONE LABS RESPONSE:
From Conrad Hermann, VP of Engineering at Zone Labs, in regards to
encrypting the mutex:
"... the solution you propose is one of "security through obscurity", which
isn't really good enough for us--mainly because it means it will eventually
need to be re-implemented to be truly secure. It would not be impossible to
discover the same base information, re-implement the same encryption
algorithm, and use the same key we use to encrypt/hash the data--this is
precisely the methodology that most software crackers use, and most software
that anyone cares to crack has been cracked."
In other words, encryption isn't good enough for Zone Labs, so they have
opted to use plain-text. Even despite exhaustive correspondance to Zone Labs
between DiamondCS and Steve Gibson / GRC, they have expressed no desire in
fixing the vulnerability. Because of this, trojan authors are now free to
exploit it, knowing that the vendor will not be fixing the problem. This
alone escalates the magnitude of the problem.
DEMONSTRATION:
We have created a harmless, simple, working executable to demonstrate the
vulnerability, available at http://www.diamondcs.com.au/alerts/zonemutx.exe
(16kb). (not available here)
While the demo program is running, you will not be able to load ZoneAlarm or
ZoneAlarm Pro, and if it finds that ZoneAlarm\ZoneAlarm Pro is running, it
will terminate the ZoneAlarm processes and services first using
SeDebugPrivilege before stealing the ZoneAlarm Mutex. The demo also opens an
echo server socket to listen on TCP 7, allowing you to test socket
connectivity/data transfer (try telnetting to 127.0.0.1 on port 7 and saying
hello).
--
DiamondCS would like to thank Steve Gibson of grc.com for his mutual
assistance to both DiamondCS and Zone Labs.
Publishing of this document is permitted providing the text is published in it's entirety and with no modifications.
Copyright (C) 2000, Diamond Computer Systems Pty. Ltd.
http://www.diamondcs.com.au - http://www.diamondcslabs.com
--------------------------
I quoted this in its entirety, because this should be with this source, but what do you think about this? I think in future, especially DSL users should have mutual FW-alling a hardware packet-filtering device and a software firewall period.
polonus
-
I quoted this in its entirety, because this should be with this source, but what do you think about this? I think in future, especially DSL users should have mutual FW-alling a hardware packet-filtering device and a software firewall period.
polonus
Since no fw is secure then we should use whatever fw works best for us. ZA is easiest for me so I will use it. I don't know what kind of disabling attack I experienced on ZA, all I know is ZA held. My computer wasn't compromised.
-
Kerio and Comodod both passes ShieldsUP! with no problems at all. See some of those threads we started, especially the one with Comodo. I posted all those screenshots and also screenshots from ShieldsUp!!
ZA freeware doesn't pass tooleaky.exe as mentioned many times in the past. Both Comodo and Kerio, plus of course ZoneAlarm Pro can pass it with no problems. ZA free doesn't have those rules, so it will easily fail.
-
Kerio and Comodod both passes ShieldsUP! with no problems at all. See some of those threads we started, especially the one with Comodo. I posted all those screenshots and also screenshots from ShieldsUp!!
ZA freeware doesn't pass tooleaky.exe as mentioned many times in the past. Both Comodo and Kerio, plus of course ZoneAlarm Pro can pass it with no problems. ZA free doesn't have those rules, so it will easily fail.
Here are the results of Shields Up with Kerio 4.2.2 on my machine:
GRC Port Authority Report created on UTC: 2005-12-29 at 22:42:57
Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
I hope now maybe a Kerio user may be able to help me get a passing grade with Shields Up.
"Enable predefined network security" is checked by default on my copy of Kerio 4.2.2.
I have no dislike for Kerio. In fact one of the reasons I'm slow to return to ZA is Kerio starts up quicker than ZA when I boot my computer. The main reason I'm delaying the return to ZA is I want to be sure I've fixed the crashing problem. I've upgraded some hardware drivers & I haven't crashed since. The crashing seemed worse with Kerio than ZA. If I can get Kerio by Shields Up I may keep it as long as it gives good protection.
-
so for example Your ping problem
Network Security > Predefined > Ping and Tracert out / Internet > deny
-
I tried deny on all ping tracerts in & out with Kerio but it still failed.
Dwarden,
Thank you for responding.
As you see above I did deny what you suggest. Other ICMP packets were by default deny.
Do you think the ping reply could be from something else besides a firewall? I've done scans with all my antispyware scanners, avast!, BitDefender & ewido. Everything came up clean. Kerio has a good reputation or I wouldn't have tried it. I suspect something is wrong somewhere else. S.Z.Craftec says "Kerio and Comodod both passes ShieldsUP! with no problems at all."
-
rdmaloyjr,
Since you wrote that Zone Alarm had passed the ping test, presuming that you are using the same machine under the same condition, logically, Kerio should not let your machine send ping as long as your configuration on Kerio is proper or your system has something wrong exclusively with Kerio.
If you are not sure, how about making an advanced packet filter rule on denying any ICMP in/out communication and check the log column? By doing this, Kerio would block any ICMP communication and log it.
As I wrote above, the system can shut down Kerio when Kerio keeps logging numerous data, which can flood the system memory in a long period, thogh. This is why I try not to leave my pc online for a long time.
-
rdmaloyjr ... ok that's definitely abnormal situation ... You got any special cable/ADSL/wifi router ?
umath ... You can avoid that messing with what KPF logs and what not ...
-
rdmaloyjr ... ok that's definitely abnormal situation ... You got any special cable/ADSL/wifi router ?
rdmaloyjr wrote that he/she didn't have the problem with ZA, which makes me think his/her system has a problem with Kerio.
umath ... You can avoid that messing with what KPF logs and what not ...
That's what we normally do but don't we have to let unexpected communications log or prompt at least? Of course, we can let Kerio deny them without logs once the rules are set but...
-
Hi rdmaloyjr,
Have you changed your default predefined network security settings, perchance?
They should look like this:
(http://donaldbroatch.users.btopenworld.com/predefined.jpg)
Passing shields up here!
-
FreewheelinFrank,
My default settings are just as you show. I changed them as Dwarden suggested without success. I have since reset them to default.
Dwarden,
I don't have any special cable/ADSL/wifi router. I am on DSL a plain DSL modem.
-
rdmaloyjr, I think your system has a problem with Kerio. However, why not give a try to what I wrote above as a last shot (while doing this, just temporary uncheck "Enable predefined network security")? If Kerio fails to log, it means Kerio doesn't recognize any ICMP communication. In this case, unfortunately, I don't think Kerio can deal with ping seeing the problem persistent even after re-installing. :-\
-
As far as I know, I got a few BSOD's running kerio.
What you told umath
"As I wrote above, the system can shut down Kerio when Kerio keeps logging numerous data, which can flood the system memory in a long period, thogh. This is why I try not to leave my pc online for a long time."
Does not make me very much trust the product :(
So back to my trustworthy Sygate again. Even with loosing a bit outbound control due to local proxy issue with Avast. They get logged in anyways.
Kerio IS very nice with features, but still problems I think with stability.
-
Kerio IS very nice with features, but still problems I think with stability.
That would be my point, too. I thought Kerio 4.x became stable when compared the memory usage with Kerio 2.x, which shoudn't be a problem for modern systems. However, after a numerous logs, I found it becomes unstable again. In my case, I use filtering function of my router, which is not online all the day. However, I don't recommend Kerio to an individual whose pc is not behind a router. If someone uses Kerio 4.x without logs, it may make Kerio stable but it also reduces the information which he/she can get.
Nowadays, I think it is desirable for users to use HW firewalls or equivalent protections, at least. I keep my eyes on Comodo/Kerio personal firewalls but am already wondering if I am going to buy Outpost or something else. :-\
-
umath what i meant with suggestion to disable log was to do it for NIPS 'low'
and i set 'medium' ones to just log because i already ran into multiple issues with blocked valid traffic ...
but i'm already covered by linux based firewall infront of this computer so i can do such step w/o fear :) ...
so for prevention i use only HIGH NIPS on this machine (i.e. WMF exploit 1.10 rule from bleeding snort) ...
anyway the exploit seems to be so bad (new variants exploiting RND WMF content rendering any detection in AV/IDS rules nill) i'm forced to install this temporary patch from hexblog.com just for sure ...