Author Topic: Kerio is finally back!  (Read 18260 times)

0 Members and 1 Guest are viewing this topic.

..::ReVaN::..

  • Guest
Re: Kerio is finally back!
« Reply #15 on: December 26, 2005, 11:13:48 AM »
Unfortunately ZA Pro is overbloated with features i don't need IMO.
« Last Edit: December 26, 2005, 11:16:18 AM by ..::ReVaN::.. »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Kerio is finally back!
« Reply #16 on: December 26, 2005, 11:19:22 AM »
Quote
And when someone wants to purchase antivirus software, I think 98% of them go to NOD32 because it's very very cheap as I said. 


What do you mean? Nod32 is more expensive than avast pro (single license is the same price - $39/year, but volume licensing is less expensive in the case of avast, and so is the possibility of longer subscriptions (2 or 3 years)).
If at first you don't succeed, then skydiving's not for you.

..::ReVaN::..

  • Guest
Re: Kerio is finally back!
« Reply #17 on: December 26, 2005, 11:24:41 AM »
Well in my country Nod32 is cheaper...

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Kerio is finally back!
« Reply #18 on: December 26, 2005, 07:34:55 PM »
Well in my country Nod32 is cheaper...

what's approx difference in prices ?
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

..::ReVaN::..

  • Guest
Re: Kerio is finally back!
« Reply #19 on: December 26, 2005, 07:47:05 PM »
what's approx difference in prices ?

Let me think 1-2 €  ;D  . I know it's nothing but they have special discounts for students(up to 50% of the original price)with Nod and you can get other AV programs such as Bitdefender for half the price of avast!.

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Kerio is finally back!
« Reply #20 on: December 26, 2005, 07:59:31 PM »
hmm then suggest some STUDent like licence
(EDUcation one already exist for non profit education bodies)
to ALWIL software :)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

..::ReVaN::..

  • Guest
Re: Kerio is finally back!
« Reply #21 on: December 26, 2005, 08:38:59 PM »
hmm then suggest some STUDent like licence
(EDUcation one already exist for non profit education bodies)
to ALWIL software :)

I also think Nod32 is too expensive see?But at least i get tech support in my language and the program is in my language too.But i am working on getting avast! translated in my language.I think Bitdefender has a very good price and i came very close to buying it is just i think Nod32 and avast! are better IMHO.That being said i say again IMHO avast! pro is too expensive.
« Last Edit: December 26, 2005, 08:42:05 PM by ..::ReVaN::.. »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32448
  • malware fighter
Re: Kerio is finally back!
« Reply #22 on: December 29, 2005, 12:26:16 AM »
Sunbelt has finished the Kerio buyout. You can download the Sunbelt Kerio Personal Firewall at
http://www.sunbelt-software.com/Kerio.cfm

On Sunbelt Kerio's website (the link above) a review is recommended. http://www.pcmag.com/article2/0,1759,1864604,00.asp

Of the cons for Kerio is that it is "Fairly easily disabled by malicious software".  The other firewalls in that review also are able to be disabled by malicious software except ZoneAlarm.  ZA couldn't be disabled.  Some put down ZA freeware because it fails the infamous "tool leaky" test.  I have never had a problem with anything getting by the "tool leaky" leak, but I got a pop up from ZA that said someone or something was trying to disable ZA (not exact words).  ZA Free held strong!  My computer was safe.

This one for Paul Harvey to tell.  The Rest of the Story

Hi rdmaloyjr,

This is the biggest nonsense I have read, I experienced it twice that ZoneAlarm was taken down. how easy that could be done by a trojan, you can read here:
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0146.html
There is also a four line bat file mentioned that can take ZoneAlarm down. I must mention here that breaking through firewalls is an offense, and some countries have the death penalty for it. To prevent this from happening advanced users change using software firewalls, two months ZA, two months Kerio, two months Comodo etc. I must mention here that the bat file for bringing ZoneAlarm down does not work for the pro version when a password is set, all free versions are not protected as far as I know up to date.


polonus
« Last Edit: December 29, 2005, 12:32:10 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

..::ReVaN::..

  • Guest
Re: Kerio is finally back!
« Reply #23 on: December 29, 2005, 12:43:14 AM »
Quote
...users change using software firewalls, two months ZA, two months Kerio, two months Comodo etc.

Are you describing me perhaps?  ;D   ;D  ;D Cause those are exactly the programs i keep switching  ;) But i must say i keep coming back to Kerio....



Cheers

Mikey
« Last Edit: December 29, 2005, 12:44:50 AM by ..::ReVaN::.. »

Offline rdmaloyjr

  • Super Poster
  • ***
  • Posts: 1864
  • The beatings will continue until morale improves!
    • The Cross
Re: Kerio is finally back!
« Reply #24 on: December 29, 2005, 04:44:53 AM »
Hi rdmaloyjr,

This is the biggest nonsense I have read, I experienced it twice that ZoneAlarm was taken down. how easy that could be done by a trojan, you can read here:
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0146.html
There is also a four line bat file mentioned that can take ZoneAlarm down. I must mention here that breaking through firewalls is an offense, and some countries have the death penalty for it. To prevent this from happening advanced users change using software firewalls, two months ZA, two months Kerio, two months Comodo etc. I must mention here that the bat file for bringing ZoneAlarm down does not work for the pro version when a password is set, all free versions are not protected as far as I know up to date.

polonus

Polonus,

I quoted what I read in the review (4stars) that was recommended by Sunbelt Kerio & I told of an experience I had.

Maybe you should inform Sunbelt Kerio & PC Mag about the "nonsense".

I'm using Kerio now because I had a serious problem with my computer crashing.  I thought it might be ZA at fault so I tried comodo, avast! web shield wouldn't work with comodo & it wouldn't pass Shields Up so I went to Kerio.  I had the same crashing with Kerio & it won't pass Shields Up either.  I didnt keep comodo long enough to see if my computer would crash with it.

I think I got the problem fixed & will soon return to ZA.  Whatever anyone might say about ZA at least I can get it configured the way I want it & ZA passes Shields Up.

I know everyone claims comodo & Kerio will pass Shields Up.  How about letting me in on the secret?  I was told I was the only one that web shield wouldn't work with comodo.  Any ideas why?

It's the ping test that comodo & Kerio failed in Shields Up.  I tried deny on all ping tracerts in & out with Kerio but it still failed.
"If you want to make a Conservative angry, tell him a lie. If you want to make a Liberal angry, tell him the truth." - Rush Limbaugh

avast! Free    Mbam Pro   Privatefirewll  WinPatrol Plus               Pentium Dual-Core  Windows 7 64bit SP1  8 gigs of RAM

Offline Umath

  • Sr. Member
  • ****
  • Posts: 204
Re: Kerio is finally back!
« Reply #25 on: December 29, 2005, 07:02:53 AM »
I end up with being a royal Kerio user except some trials with some other popular apps.  Also, since I don't have a server of my own or fixed IP, I make it a rule to turning off the modem when no PCs are online.  Of course, all the probe tests I had found confirmed that my system was stealthed.

I know everyone claims comodo & Kerio will pass Shields Up.  How about letting me in on the secret?  I was told I was the only one that web shield wouldn't work with comodo.  Any ideas why?

It's the ping test that comodo & Kerio failed in Shields Up.  I tried deny on all ping tracerts in & out with Kerio but it still failed.

I cannot remember what Kerio default settings were but did you uncheck "Enable predefined network security" in Network Security/Predefined tab?  It shouldn't be too tough to pass the test and even WinXP SP2 Firewall can pass it if configured properly while it is needless to say that it is not designed to offer any protection against leak tests.

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Kerio is finally back!
« Reply #26 on: December 29, 2005, 12:42:27 PM »
in response to rdmaloyjr

problems described by You (failing ShieldsUp test an ping etc.) are configuration issues (KPF settings) not software bugs or missing features ...

in short ... problem is between chair and keyboard ...

and ... nothing against You ... this is just fact ...

---

to discussion about application terminating / obey ...
so far there is NONE software firewall on market capable alive all types of 'termination'  ...

some went prety far with tries to defend but in the end i will suggest use some specialised utils to add one protective layer on kernel level ...
« Last Edit: December 29, 2005, 12:45:09 PM by Dwarden »
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32448
  • malware fighter
Re: Kerio is finally back!
« Reply #27 on: December 29, 2005, 02:45:01 PM »
Hi rdmaloyjr,


I think Steve Gibson and others gave the free ZA a mythical status it cannot live up to. Read this here. I do not know if ZA is still vulnerable to this mutex exploit, but ZA must not acquire a sort of Snort status, the software Firewall of choice. Read this:
------------------------
DESCRIPTION:
Zone Labs "ZoneAlarm" and "ZoneAlarm Pro" programs both use a Mutex - an
event synchronisation memory object - to determine if it has already loaded
(to prevent loading a second instance of the firewall).

THE PROBLEM:
By design, ZoneAlarm\ZoneAlarm Pro has no way of determining WHICH program
actually set the Mutex, thus allowing a trojan to use the Mutex and block
both ZoneAlarm and ZoneAlarm Pro from loading.

THE EXPLOIT:
A trojan can easily set this Mutex ("Zone Alarm Mutex") with one simple call
to the CreateMutex API (see msdn.microsoft.com for more information on
Mutexes). ZoneAlarm\ZoneAlarm Pro are then be prevented from loading while
the trojan is alive. If ZoneAlarm is running, all the trojan has to do is
terminate the processes of zonealarm.exe, vsmon.exe and minilog.exe first
before creating the Mutex. Despite being services, vsmon.exe and minilog.exe
can both be killed by any program by setting it's local process token
privileges to SeDebugPrivilege, giving it the power to kill any
process/service.

SOLUTION:
We offered suggestions to Zone Labs Inc. in October/November, including
encryption/hashing of the Mutex, but all were dismissed, and none have been
implemented.

ZONE LABS RESPONSE:
From Conrad Hermann, VP of Engineering at Zone Labs, in regards to
encrypting the mutex:
"... the solution you propose is one of "security through obscurity", which
isn't really good enough for us--mainly because it means it will eventually
need to be re-implemented to be truly secure. It would not be impossible to
discover the same base information, re-implement the same encryption
algorithm, and use the same key we use to encrypt/hash the data--this is
precisely the methodology that most software crackers use, and most software
that anyone cares to crack has been cracked."

In other words, encryption isn't good enough for Zone Labs, so they have
opted to use plain-text. Even despite exhaustive correspondance to Zone Labs
between DiamondCS and Steve Gibson / GRC, they have expressed no desire in
fixing the vulnerability. Because of this, trojan authors are now free to
exploit it, knowing that the vendor will not be fixing the problem. This
alone escalates the magnitude of the problem.

DEMONSTRATION:
We have created a harmless, simple, working executable to demonstrate the
vulnerability, available at http://www.diamondcs.com.au/alerts/zonemutx.exe
(16kb). (not available here)
While the demo program is running, you will not be able to load ZoneAlarm or
ZoneAlarm Pro, and if it finds that ZoneAlarm\ZoneAlarm Pro is running, it
will terminate the ZoneAlarm processes and services first using
SeDebugPrivilege before stealing the ZoneAlarm Mutex. The demo also opens an
echo server socket to listen on TCP 7, allowing you to test socket
connectivity/data transfer (try telnetting to 127.0.0.1 on port 7 and saying
hello).


--
DiamondCS would like to thank Steve Gibson of grc.com for his mutual
assistance to both DiamondCS and Zone Labs.

Publishing of this document is permitted providing the text is published in it's entirety and with no modifications.

Copyright (C) 2000, Diamond Computer Systems Pty. Ltd.
http://www.diamondcs.com.au - http://www.diamondcslabs.com
--------------------------
I quoted this in its entirety, because this should be with this source, but what do you think about this? I think in future, especially DSL users should have mutual FW-alling a hardware packet-filtering device and a software firewall period.

polonus
« Last Edit: December 29, 2005, 02:49:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rdmaloyjr

  • Super Poster
  • ***
  • Posts: 1864
  • The beatings will continue until morale improves!
    • The Cross
Re: Kerio is finally back!
« Reply #28 on: December 29, 2005, 03:28:08 PM »

I quoted this in its entirety, because this should be with this source, but what do you think about this? I think in future, especially DSL users should have mutual FW-alling a hardware packet-filtering device and a software firewall period.

polonus


Since no fw is secure then we should use whatever fw works best for us.  ZA is easiest for me so I will use it.  I don't know what kind of disabling attack I experienced on ZA, all I know is ZA held.  My computer wasn't compromised. 

"If you want to make a Conservative angry, tell him a lie. If you want to make a Liberal angry, tell him the truth." - Rush Limbaugh

avast! Free    Mbam Pro   Privatefirewll  WinPatrol Plus               Pentium Dual-Core  Windows 7 64bit SP1  8 gigs of RAM

Offline szc

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6957
Re: Kerio is finally back!
« Reply #29 on: December 29, 2005, 03:48:48 PM »
Kerio and Comodod both passes ShieldsUP! with no problems at all. See some of those threads we started, especially the one with Comodo. I posted all those screenshots and also screenshots from ShieldsUp!!

ZA freeware doesn't pass tooleaky.exe as mentioned many times in the past. Both Comodo and Kerio, plus of course ZoneAlarm Pro can pass it with no problems. ZA free doesn't have those rules, so it will easily fail.
MB: GIGABYTE GA-Z77X-UD3H Intel 7 Series  - LGA1155, CPU: Intel Core i5-3570K - Quad Core, 3.40GHz (3.80GHz Max Turbo), CPU COOLER: Cooler Master Hyper 212 EVO Direct Heat Pipe R2, RAM: 16 GB Kingston HyperX Blu DDR3, VIDEO CARD: Galaxy GeForce GTX 560 Ti - 1GB, GDDR5, POWER SUPPLY: Corsair Enthusiast Series TX750 V2 - 750 Watts, HD: Seagate Barracuda - 2TB, 7200RPM, 64MB, SATA 6Gb/s