I've changed firewalls.

[Simon]

Both I guess. I tell ZA what should or shouldn't be allowed software
wise, it hopefully blocks the rest regarding ports accessible from the
outside.



I'm not that bothered about it really as ZA seems to what it is
supposed to. Was just curious.

George

as I understand it (and I won't pretend I do), kerio/tiny allows you to
'fine tune' your firewall to block traffic to/from specific IP
addresses/DNS names. This can be used to block some (all?) ad's, popups,
spyware, undesirable sites, etc by filtering on their addresses. A benefit
of this is that it can speed up your browing 'cos your not loading all
those bloated flash ad's etc.

if your happy with ZA, you could get a similar result (to using Kerio/Tiny)
by using a proxy like Proxomitron or Privoxy.

There is plenty of support for all these programs so a bit of googling
should turn up some relevant documentation/assistance.

S

 

[Blinky the Shark]

as I understand it (and I won't pretend I do), kerio/tiny allows you to
'fine tune' your firewall to block traffic to/from specific IP
addresses/DNS names. This can be used to block some (all?) ad's, popups,
spyware, undesirable sites, etc by filtering on their addresses. A benefit
of this is that it can speed up your browing 'cos your not loading all
those bloated flash ad's etc.

And also by port(s), local/remote; protocol (TCP? UDP? ICMP?); and, if
ICMP, ICMP type (echo? echo reply?......).

And each rule trigger (whether an accept or a deny) can be set to be quiet
(just do it), to log data to a file, to pop up an alert, or both of the
last two.

It's simply a lot more configurable to one's needs.

 

[John Fitzsimons]

On Wed, 30 Jul 2003 16:20:44 -0700, John Corliss

I am indeed enjoying the faster startups. And what I meant by the last
statement was "Maybe newer version of ZoneAlarm take fewer resources
and start faster *than ZA 2.6* , but I'm going to stick with Kerio
anyway."

Or an older version. My ZA 2.1.44 version has caused me none of the
problems everyone else seems to have had. Sometimes IMO it is NOT
time to upgrade programs.


Regards, John.

--
****************************************************
,-._|\ (A.C.F FAQ) http://clients.net2000.com.au/~johnf/faq.html
/ Oz \ John Fitzsimons - Melbourne, Australia.
\_,--.x/ http://www.aspects.org.au/index.htm
v http://clients.net2000.com.au/~johnf/

 

[John Fitzsimons]

John Corliss wrote:

< snip >

What I would like to see are comments by someone who has tried Kerio
AND Agnitum. Outpost Free 1.0

at : http://www.agnitum.com/products/#

Has anyone here tried both ? Has one any advantages/disadvantages over
the other ? Development appears to have stopped on both freeware
versions though. :-(


Regards, John.

 

[George]

On Wed, 30 Jul 2003 16:20:44 -0700, John Corliss



Or an older version. My ZA 2.1.44 version has caused me none of the
problems everyone else seems to have had. Sometimes IMO it is NOT
time to upgrade programs.

Personally I think not upgrading security software defeats the purpose.
ymmv.

 

[George]

And also by port(s), local/remote; protocol (TCP? UDP? ICMP?); and, if
ICMP, ICMP type (echo? echo reply?......).

And each rule trigger (whether an accept or a deny) can be set to be quiet
(just do it), to log data to a file, to pop up an alert, or both of the
last two.

It's simply a lot more configurable to one's needs.

Ta, I think I'll stick to ZA and maybe look into the others as a future
project.

 

[Steve H]

What I would like to see are comments by someone who has tried Kerio
AND Agnitum. Outpost Free 1.0

at : http://www.agnitum.com/products/#

Has anyone here tried both ? Has one any advantages/disadvantages over
the other ? Development appears to have stopped on both freeware
versions though. :-(

I have ( see earlier post in this thread ).
Unfortunately, due to the problem with mouse latency I had to ditch
both of them before really getting to grips with them.

I returned to ZA on the basis that it didn't bring the mouse to a
grinding halt, and that much of the functionality of Kerio/Outpost was
already there in my ZA/Proxomitron combo.

I also found myself asking how much time I really needed to devote to
munging this URL and stopping that cookie - an awful lot of which was
solved by making better use of a ram disk.

Regards,

 

[Steve H]

On Fri, 1 Aug 2003 02:01:15 +0100, "Mel"

Kerio has an option to log port scans, Sygate
automatically logs them and can issue a port
scanning alert and changes the tray icon.
(ZA alert box pops up if someone sneezes
and always gets turned off, Sygate's is useful)
Both will tell you which programs have active
connections and how many bytes each have
sent / received. As I recall with ZA you get no idea
of which of the programs that have permission are
currently using your connection.

I think you do - one the Programs tab of ZA, it flashes the icon for
each app that's currently actively connected.

I've used ZoneAlarm, Kerio and Sygate, all are good
firewalls, but an up to date version of any is better than
an obsolete version of any. (eg za 2.6)

How much of the 'improvements' are dedicated to 'eye candy', and how
much are dedicated to functionality?
Is there any particular reason why ZA 2.6 is less effective than the
current version?

Regards,

 

[Aaron]

(e-mail address removed) wrote in


</snip>

The disadvanatage of trusting other people to block sites for you is that
you are subject to a form of censorship based on their citeria. I'm sure
most of them are honest but sometimes you might disagree about sites
that are blocked or they might be overly paranoid.

Noticeably, some of sponge's kerio setups block Microsoft ips by default,
IMHO that's over-kill.

Wow, another opportunity to display my ignorance!!

excuse my asking what may be a stupid question, but wouldn't using
Proxo AND the Hosts file be duplication (as I understand it, Proxo
does everything that Hosts does, and then some, AND I seem to recall
that it's faster if your hosts file is large - something to do with
the number of lines that are processed for each request)

It is faster yes. But proxomotrion only filters traffic on TCP 80 and
http related ports, so it protects only your browser. Host files prevent
connections for all outbound connections on all ports i believe.

and, FWIW, there are several sites (notably Sponges - but you've
probably already been there) that provide ready to go config files for
Tiny/Kerio (takes ALL the hard work out of it)

I disagree, Sponge's setup is highly specific for his own use, you still
have to tighten it up and customise it a bit on your own. E.g Browser
setups, email, so on so forth



Aaron

 

[rir3760]

It was a dark and stormy night when John Corliss

Why, so it is. Thanks! Only problem I notice is that clicking on
the column heads doesn't re-sort the list like the indicators
imply it will (pressing the "Reload" button doesn't help either.)
I'm going to email Pär Thernström and mention that.

The author is already aware, if you read the readme.txt file:
<Quote>
Version history

Version 0.10.1 (2002-05-20)
- improved: faster statistics
- improved: faster search
- new: added a progressbar to the searh window
- new: also finds the log file for Kerio when first started
- note: sorting still don't work ...

Version 0.10.0 (2002-03-22)
- improved: waaaay faster loading of the log. 500 % faster or
something like that (on my computer atleast)
- fixed: scroll bar not visible on screens with resolution 800x600.
Users who had this problem please let me know if I fixed it or
not..
- note: sorting does not currently work will work again in next
version
</Quote>

Regards

 

[Aaron]

George

as I understand it (and I won't pretend I do), kerio/tiny allows you
to 'fine tune' your firewall to block traffic to/from specific IP
addresses/DNS names.

I think Ip addresses only (though it catchs domain names indirectly, if you
do a dns lookup and enter the ip address into the filters).

Hosts files on the other hand filters on Domain names. So if spyware
directly connects using ip addresses, without the need to do a domain name
lookup it will bypass the hosts file.

Here's a list of common security software used, and the pros and cons as i
understand them. I'm here what i say contain inaccuracies, so please
correct them if you spot any.

To illustrate the differences let us pretend that some spyware is trying to
connect outwards to www.microsoft.com or 207.46.134.155

Host files - Filters on domain names, protects outbound on all ports. Slow,
Have to specify the full domain name to block. Allowed :
"www.advertisements.com" , not allowed "advertisments" (which will block
all domains with the phrase adverts in them i.e myadvertisement.com)

If the spyware connects directly to 207.46.134.155 (which means the spyware
is hardcoded with the ip address and does not have to look it up), hosts
files dont block it. But if the spyware connects to www.microsoft.com, the
computer will try to do a DNS look up (the ip address that correpsonds to
the ip address), it looks in the hosts file first sees microsoft.com, and
sends microsoft.com to the loopback address 127.0.0.1 hence blocking it.

This works regardless of what ports or apps the spyware is running through.

PAC file - Filters on domain names, only protects the browser - Faster then
Hosts file ,more flexible since you can block domain names which contain
terms like "ads" "adverts" as well as allow wildcards

Similar to hosts files except that it prevents the browser from connecting
if the spyware is indepdeent of the browser it's not blocked.


Proxomitron - Filters on domain names, only filters on HTTP ports (I
believe other apps other then web-browsers will be filtered by it) , -
Other advanatages are similar to PAC

Proxomitron filters all outward connections to port 80. Any software that
tries to connect there will be filtered by proxomitron. So spyware that
attempts to connect to www.microsoft.com:80 (port 80) via http will be
blocked. (assuming microsoft is in the filters)

DNS kong - DNS server that does the DNS lookups. So like hosts file,pac
files etc it filters on domain names. However it has the advanatage of the
hosts files in that it filters all DNS lookup requests (unlike proxomitron
which does only http streams), yet has the advanatages of proxomitron in
that it is faster then hosts files, and you can specific phrases to block.
(I think it can't block specfic urls or use wildcards i'm not sure )

One indidivual on the net, the much mentioned "Sponge" highly promotes
this product. In my experience it's hardest to get working though espically
on Win2k.


Firewall - Filters on IP addresses directly, all ports.

A spyware that tries to connect directly via the ip address will be blocked
of course. But I suspect even if it's done via the domain name, eventually
the request still has to be sent using the ip address of the domain name
and the firewall will still catch it.

It might seem it's better to block ip ranges and forget domain name
blocking.

Still there are advanatages to blocking sites by domain names rather then
ip addresses ranges, depending on whether it's harder for spyware makers to
change their ip addresses or domain names.


Aaron

 

[Aaron]

Aaron, who are you addressing this remark to? Your reply was to *my*
post, yet you seem to be replying to George.

I'm replying to the geroge. The comment about "asking all sorts of
protocol stuff that was more than I wanted to know about" is his right?

This differs from my remark only in that it is more defined.

Yes ,it's more defined.

Are you
trying to discourage people from using Kerio? That makes no sense. The
degree to which a person employs the options in a program is entirely
their business because various options may or may not suit a person's
needs.

Huh? I'm discouraging people (in this case George) from using Kerio
because he confessed that he didnt like "asking all sorts of protocol
stuff" . Nothing more nothing less, is that a problem?

I've being using kerio since they split from Tiny, i'm even thinking
about trying the new betas they announce on the mailing list, now that
they seem somewhat stable. Unfortunately, the new versions from what i
have read will be much more complicated then the current kerio.






Aaron

 

[John Corliss]

Right click in the Log window and Clear log.

Thanks for telling me this! I looked in the help file but couldn't
find how to do that. And even the guy who answered my email didn't
know about that feature. I think they will still consider putting a
button to do this on the Log Viewer window though.

TinyLogger has some nice copy-n-paste options.

http://hem.passagen.se/pluppis/dator_egnaprogram.html for those who
are interested.

I have never seen those functions requested in the Beta forum.

Thanks for the tips!

 

[John Corliss]

The author is already aware, if you read the readme.txt file:
<Quote>
Version history

Version 0.10.1 (2002-05-20)
- improved: faster statistics
- improved: faster search
- new: added a progressbar to the searh window
- new: also finds the log file for Kerio when first started
- note: sorting still don't work ...

Version 0.10.0 (2002-03-22)
- improved: waaaay faster loading of the log. 500 % faster or
something like that (on my computer atleast)
- fixed: scroll bar not visible on screens with resolution 800x600.
Users who had this problem please let me know if I fixed it or
not..
- note: sorting does not currently work will work again in next
version
</Quote>

Thanks for pointing this out. I don't spend enough time reading
version histories. I wonder when the next version will be out. Current
version dates back to May 20, 2002. Pär must be occupied with other
things.

 

[John Corliss]

I'm replying to the geroge. The comment about "asking all sorts of
protocol stuff that was more than I wanted to know about" is his right?

Yes. Thanks for the clarification.

Yes ,it's more defined.

However, Kerio doesn't really "ask" for those things but rather you
have the option of inputting them if you need to or want to. I didn't
have to do any of that when I set up Kerio.

Huh? I'm discouraging people (in this case George) from using Kerio
because he confessed that he didnt like "asking all sorts of protocol
stuff" . Nothing more nothing less, is that a problem?

I just don't see why anybody should be discouraged from using Kerio.
Its works just as well for novices as ZA does. The extra configuration
capabilities of Kerio are optional. You don't have to mess with them
if you don't want to.

I've being using kerio since they split from Tiny, i'm even thinking
about trying the new betas they announce on the mailing list, now that
they seem somewhat stable. Unfortunately, the new versions from what i
have read will be much more complicated then the current kerio.

I hope they're still as simple to set up basically though. Extra
options never hurt anybody. It's only when it becomes required that
you mess with them that problems arise.

 

[Mel]

I'll never go back to ZA. Besides, there was a module that ZA ran in
the background which I never trusted. I had contacted them and they
never really explained to my satisfaction the purpose of the encrypted
log that the module kept. Something about IAM and (computer name).db
in a c:\windows\internet files folder or somesuch. I know that one of
those files simply kept my preferences, but the other's purpose was a
mystery. I'm glad the stuff is off my computer.

This relates to ZA 3.7.159 which is still installed on my PC, however ZA 2.6
would probably be similar.

Iamdb.rdb would appear to contain settings for the list of applications with MD5 checks

computername.ldb would appear to contain the detailed log (viewable under Alerts & logs
- Entry Detail in 3.x versions).

There are two main processes to zonealarm

zonealarm.exe - The user interface I think, for changing settings and issuing alerts.

VSmon.exe (TrueVector service) - The actual firewall process.

Regards

Mel.

 

[John Corliss]

This relates to ZA 3.7.159 which is still installed on my PC, however ZA 2.6
would probably be similar.
Iamdb.rdb would appear to contain settings for the list of applications with MD5 checks

Yeah, that's what I think too. I know that if you delete it, you have
to configure ZA all over again.

computername.ldb would appear to contain the detailed log (viewable under Alerts & logs
- Entry Detail in 3.x versions).
There are two main processes to zonealarm
zonealarm.exe - The user interface I think, for changing settings and issuing alerts.
VSmon.exe (TrueVector service) - The actual firewall process.

Thanks for the explanation, Mel.

Still glad to be done with ZA though. I mean, I appreciate it for
being free software and it did the job, but Kerio is better for my
purposes.

 

[John Fitzsimons]

John Fitzsimons wrote:

Cite on development halt on Kerio, please? Thanks.

Hasn't it ? I thought it had stopped and then changed it's name ?
Are you saying that there are/will be new freeware releases ?
Perhaps I was getting confused between Tiny and Kerio ?

Is there a newsgroup and/or mailing list devoted to ONLY Kerio ?
I probably missed it if it has already been mentioned.

Has anyone used Kerio and ZA at the same time ? If so then are there
any comments/observations please ?

Regards, John.

--
****************************************************
,-._|\ (A.C.F FAQ) http://clients.net2000.com.au/~johnf/faq.html
/ Oz \ John Fitzsimons - Melbourne, Australia.
\_,--.x/ http://www.aspects.org.au/index.htm
v http://clients.net2000.com.au/~johnf/

 

[John Fitzsimons]

On Fri, 01 Aug 2003 11:12:16 +1000, John Fitzsimons

much of the functionality of Kerio/Outpost was
already there in my ZA/Proxomitron combo.

< snip >

Yes, I had been thinking along the same lines. Thanks for those. and
your other, comments.


Regards, John.

 

[Blinky the Shark]

The disadvanatage of trusting other people to block sites for you is that
you are subject to a form of censorship based on their citeria. I'm sure
most of them are honest but sometimes you might disagree about sites
that are blocked or they might be overly paranoid.

And you can remove any rule with which you disagree, with about 3
keystrokes.