Who is using Zone Alarm?
poatt
And Sygate's free personal firewall is discontinued.
So I downloaded Zone Alarms free firewall.
Seems to be working very well. Internet page loading seems to be faster
also. But that just may be my imagination.
I was wondering if anyone has had any ill effects from Zone Alarms firewall
useing Win98SE.
Am asking this because I am thinking about buying their package program.
TIA!
bobster
have found it to be reliable and effective.
Their package deal appears to be a good one. As I recall, it includes the
firewall, a version of CAs myEtrust and a ZA version of one of the better
popup stopper, anti spyware suites. They have specials whereby you can sign
up for the package for one year for $30 or so ($70 after that), if you
don't like the cost, you can opt out, download the free firewall, get CA
myEtrust for $30 and download free antispyware stuff (SpyBot S&D, Spyware
Blaster, Adaware, etc). I do the latter and have a trouble free Win98SE
system that does everything I need. My fear is that due to a lack of MS
support, I will be forced to go to Vista with the potential problems of a
new system and a year long learning process.
Galen Somerville
"poatt" <po...@discussions.microsoft.com> wrote in message
news:F78BD35D-8557-469F...@microsoft.com...
I use the free ZoneAlarm. Watch out when you download an upgrade as it's too
easy to answer the questions wrong and end up with a trial version of the
ZoneAlarmPro !!!
The few people I know that got the Pro version had many problems. So unless
you are an expert, stick with the free version.
Galen
jt3
now--prior to that I had used Trend PCcillin 2000.
I initially used the trial package including the CA av, the e-Trust package,
for a year, and didn't have problems with it on this machine, but when I
purchased it for the XP machine I was putting together, I had problems.
The XP machine had more problems than 'Beecham's has pills' as the old
saying goes, so the problems I had with the CA and then the ZA package were
probably not all CA or ZA's fault, but there was a matter of some bug in it
that CA took a long time getting down the chain.
The sum of it is that I stopped using the eTrust on this (98) machine as a
result, even though it had no problems (98 machine).
When I stopped the eTrust, I started the ZA package on the free trial (what
Galen was warning you about) and *it* gave me plenty of difficulty, so I
terminated the trial, and tried the free ZA firewall and AVG, and have had
no problems with either since that time. I feel I should purchase one or
the other since so many companies have gone the way of Sygate, and I feel
that I should support them, but I'm not sure there's a necessary connection
there--hard to say.
hth,
Joe
"poatt" <po...@discussions.microsoft.com> wrote in message
news:F78BD35D-8557-469F...@microsoft.com...
glee
version) a number of times recently, when problems with ZA caused it to prevent all
Internet access....even after being disabled, and even after being uninstalled
formally through Add/Remove Programs. Only manually removing all traces allowed the
users to regain Internet access. The problem is apparently frequent enough that the
manufacturer provides manual removal instructions via its support channels (also
available online if you search enough).
ZA is one of the more "invasive" applications of its kind, sticking its claws deep
into the operating system. many have good luck with it, but have seen enough
problems to no longer recommend it myself.
I have had good success with the older version 2.1.5 of Kerio Personal Firewall
(free). Although Kerio no longer distributes any versions, the older version is
still available, and the new version has been bought by Sunbelt Software, and is
available here:
http://www.sunbelt-software.com/Kerio.cfm
It has a full feature set for the trial period of 30 days, then "it shuts down
selected features, but will continue to run in 'free' mode", according to its web
page. The full "pay-for" version is only $14.95 USD till the end of March, when it
goes up to $19.95.
Just something to consider.....
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"poatt" <po...@discussions.microsoft.com> wrote in message
news:F78BD35D-8557-469F...@microsoft.com...
Franc Zabkar
<po...@discussions.microsoft.com> put finger to keyboard and composed:
I've been using the free version of ZA for many years. The only recent
issue I've encountered is that ZA refuses to install or upgrade itself
if it finds certain incompatible antivirus products, eg PC-cillin. I
circumvent this annoyance by temporarily renaming the "Trend Micro"
key in the registry.
- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.
Jonny
Glen's right about the current 6.xxx version, its claws are in everything.
Zone Labs says some of ZA Pro version 6.xxx's assets won't work in
98/98SE/ME. Am using this version in XP.
For those who haven't figured out the ZA upgrade version numbering scheme,
here's what I came up with. The first one or two numbers indicate a
version, if an upgrade has the first 2 numbers identical to the installed
version, it can be installed as an upgrade. It not, the prior version must
be uninstalled, then the new version installed.
ZA Pro uninstall leaves behind many of the user preferences in the registry
for the new version to use.
............
Jonny
"poatt" <po...@discussions.microsoft.com> wrote in message
news:F78BD35D-8557-469F...@microsoft.com...
Galen Somerville
but miraclessly solved itself if you re-downloaded the same version a few
days later.
The current version has no problems.
Galen
"glee" <gle...@spamindspring.com> wrote in message
news:uosmFJmG...@TK2MSFTNGP10.phx.gbl...
PCR
Suggested to me by Dundat, this little app is the cat's meow of
Firewalls. Well, it's the only I've ever tried, but it seems to have it
all & hasn't crashed yet. Free for personal use.
www.geocities.com/yosponge
As BoB has said, this site will show you every last little thing you can
do with it. Don't get confused with all the possibilities, though.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ip.htm
What a packet looks like, thanks Blanton.
http://www.cisco.com/en/US/about/ac123/ac114/about_cisco_packet_magazine.html
Packet Magazine, again Blanton's discovery.
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"poatt" <po...@discussions.microsoft.com> wrote in message news:F78BD35D-8557-469F...@microsoft.com...
RJK
Dreamweaver 4 would not work so I got rid of it (Zonealarm that is) !
S**t! I uninstalled everything Norton yesterday, and installed free
Zonealarm, ....my old DreamWeaver 4 better still be working !!!!
...have so many other things to do , can't check for an hour or two. !
regards, Richard
"poatt" <po...@discussions.microsoft.com> wrote in message
news:F78BD35D-8557-469F...@microsoft.com...
RJK
TrueVector service, ....or perhaps, (roughly last year), it was my XP
platform/software mix that caused the problem with DW4 / ZA's TrueVector
service. ...though having said that, while I was having that problem, ages
ago, Google revealed other people having the same problem, and they had
pinned it down to ZA's TrueVector service, which was why I dumped ZA at
that time !
regards, Richard
"RJK" <notat...@hotmail.com> wrote in message
news:uGbp3jtG...@TK2MSFTNGP14.phx.gbl...
jt3
on the XP machine, but not on W98. Are the instances you mentioned above on
98, or are some of them on XP? At the time I was having trouble, I
discovered that they used filter drivers in order to check the disk boot
sectors; those sort of drivers (NT type things) are especially difficult to
remove, and I came to the conclusion that they were the source of much of
the difficulty. Does this comport with your experience in the matter?
Joe
"glee" <gle...@spamindspring.com> wrote in message
news:uosmFJmG...@TK2MSFTNGP10.phx.gbl...
glee
However, I have seen the problems I described in both Win98 and XP; i.e. unable to
go on the Internet, though IM and email worked, even with ZA disabled. In fact, it
was on 98 systems that I found it interfering even after being formally uninstalled
via Add/Remove. I had to use their manual uninstall procedure on Win98 to get back
Internet connectivity, after it had been uninstalled.
This page deals with a slightly modified formal uninstall that is supposed to do a
cleaner uninstall:
http://www.donhoover.net/uninstall.html
Here are some basic instructions for manual removal:
http://nh2.nohold.net/noHoldCust25/Prod_1/Articles55646/CompleteUninstallNonNT.html
...But the info below also roots out the Registry keys, and deals with the issue of
root certificates that were apparently a problem a while back with ZA...I've lost
the link where found it:
<quote>
SOLUTION
In order to protect our software client from being tampered with, we sign our dll's.
Every time a dll is loaded, we check if it has our certificate.
In order to do certificate checking, the machine needs to have a root certificate on
it. If the root certificate in missing, we can't validate the dll and the client
will not start.
We have determined that on systems with a validation error the root certificates
were missing.
The Zone Labs client has 100% nothing to do with any kind of certificate removals
and we can only assume that something malicious has removed them from effected
machines.
The following 4 STEPS will fix your system if followed very closely.
STEP1: UNINSTALL ZONEALARM
Please follow the steps below to manually uninstall ZoneAlarm from your system.
Please make sure to follow the steps for whichever operating system you may have.
After ZoneAlarm is uninstalled, please make sure you have all of the Windows Updates
installed and run a complete virus scan on your system to make sure there is not a
virus on the system. You can run a free virus scan from the link below.
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Thank you for choosing Zone Labs,
==============
Windows 2000/XP
==============
01.) Restart your computer
02.) When you see the screen go black and it starts booting back up keep tapping the
"F8" key (at the top of your keyboard)
03.) This should bring up a menu. Choose Safe Mode off the menu by using the arrow
keys on the keyboard to highlight Safe Mode and press Enter
04.) If you get a message asking to go to Safe Mode, choose Yes. If you get a help
and support window, close this.
05.) Once you are at the desktop, Click Start, My Computer
06.) Click Tools, Folder Options, View Tab
07.) Place a dot next to "Show Hidden Files and Folders"
08.) Remove the check from "Hide Protected Operating System Files (Recommended)"
09.) Choose Yes to the warning
10.) Click OK
11.) Double click C:
Note: In the future steps if you do not see any files or folders, please click the
"Show Files" link to view them.
12.) Double Click the Program Files Folder
13.) Right Click the Zone Labs Folder, click Delete, and choose Yes
14.) Close this window
15.) Click Start, My Computer
16.) Double Click the C:
17.) Double Click the Windows Folder (It may say WinNT if you have Windows 2000)
18.) Right Click the Internet Logs Folder, click Delete, and choose Yes
19.) Double Click the System32 Folder
20.) Right Click the Zone Labs Folder, click Delete, and choose Yes
21.) Right Click the file Vsdatant.sys, click Delete, and choose Yes
22.) Right Click the file VSUtil.dll, click Delete, and choose Yes
23.) Right Click the file VSInit.dll, click Delete, and choose Yes
24.) Restart the computer
============
Windows 98/ME
============
01.) Click Start, Run
02.) In the Run box type in MSConfig
03.) Click OK
04.) Click the Advanced Button
05.) Place a check in Enable Startup Menu
06.) Click OK, then OK again
07.) Restart your computer
08.) Upon restart choose Safe Mode off the menu by using the arrow keys on the
keyboard and pressing Enter
09.) Once in Safe Mode close the help and support screen
10.) Double Click My Computer
11.) Click View, Folder Options, View Tab
12.) Place a dot next to "Show Hidden Files and Folders" or "Show All Files"
13.) Remove the check from "Hide Protected Operating System Files (Recommended)"
14.) Choose Yes to the warning
15.) Click OK
16.) Double click "C:"
Note: In the future steps if you do not see any files or folders, please click the
"Show Files" link to view them.
17.) Double Click the Program Files Folder
18.) Right Click the Zone Labs Folder, click Delete, and choose Yes
19.) Close this window
20.) Click Start, My Computer
21.) Double Click the C:
22.) Double Click the Windows Folder
23.) Right Click the Internet Logs Folder, click Delete, and choose Yes
24.) Double Click the System Folder
25.) Click View, Details
26.) Right Click the Zone Labs Folder, click Delete, and choose Yes
27.) Right Click the file VSData95.VxD, click Delete, and choose Yes
28.) Right Click the file VSUtil.dll, click Delete, and choose Yes
29.) Right Click the file VSInit.dll, click Delete, and choose Yes
30.) Close this window
31.) Click Start, Run
32.) In the Run box type in RegEdit
33.) Click OK
34.) Click the + next to HKEY_LOCAL_MACHINE
35.) Click the + next to SYSTEM
36.) Click the + next to CurrentControlSet
37.) Click the + next to Services
38.) Click the + next to VxD
39.) Highlight the "VSData95" folder
40.) Press Delete, click Yes
41.) close the registry Editor
42.) Click Start, Run
43.) In the Run box type in MSConfig
44.) Click OK
45.) Click the Advanced Button
46.) Remove check in Enable Startup Menu
47.) Click OK, then OK again
48.) Restart your computer
STEP 2: FIX THE ROOT CERTIFICATES ON YOUR SYSTEM
Open Your browser and navigate to the following URL.
Once at the web page follow the directions to reset your root certificates.
https://getca.verisign.com/
STEP 3: DOWNLOAD AND REINSTALL YOUR PREVIOUS VERSION OF ZONEALARM
Select the appropriate download link below to download ZoneAlarm.
Remember to SAVE the download to your desktop. DO NOT select RUN or OPEN when
downloading.
ZoneAlarm (FREE)
http://www.zonelabs.com/zadownload
ZoneAlarm with Antivirus
http://www.zonelabs.com/zaavdownload
ZoneAlarm Pro
http://www.zonelabs.com/zapdownload
ZoneAlarm Security Suite
http://www.zonelabs.com/zasuitedownload
</quote>
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"jt3" <j...@cranky.computer> wrote in message
news:uPcnSNuG...@TK2MSFTNGP14.phx.gbl...
glee
Kerio was sold to Sunbelt software a while back; it is now here:
http://www.sunbelt-software.com/Kerio.cfm
(Read my earlier post in this thread).
Version 2.1.5 of Kerio (likely the one Bindar referred to) is still available here,
though with no support other than the forums there):
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"PCR" <pcr...@netzero.net> wrote in message
news:O0jILJtG...@TK2MSFTNGP14.phx.gbl...
Bill in Co.
on Win98SE. Have you changed operating systems, or did I misread that?
glee
"Kerio Personal Firewall 4 DOES NOT run on Windows 95, 98, Me, NT, 2000 Server and
2003 Server"
A Win9x user would have to use version 2.1.5:
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:uFo0%23%23vGGH...@TK2MSFTNGP11.phx.gbl...
Curt Christianson
--
Curt
"glee" <gle...@spamindspring.com> wrote in message
news:ev4JiFvG...@tk2msftngp13.phx.gbl...
> It gets deeper into the system on WinXP (NT kernel operating systems), I
think.
> However, I have seen the problems I described in both Win98 and XP; i.e.
unable to
> go on the Internet, though IM and email worked, even with ZA disabled. In
fact, it
> was on 98 systems that I found it interfering even after being formally
uninstalled
> via Add/Remove. I had to use their manual uninstall procedure on Win98 to
get back
> Internet connectivity, after it had been uninstalled.
>
> This page deals with a slightly modified formal uninstall that is supposed
to do a
> cleaner uninstall:
> http://www.donhoover.net/uninstall.html
>
> Here are some basic instructions for manual removal:
<SNIPPED>
Bill in Co.
the older Kerio 2.1.5, the older ZoneAlarm 2.6, or SoftPerfect Personal
Firewall), on an older Win98SE machine, using dial up, to try and get a
taste of what it's all about (before going to Cable - someday)? (I've
already downloaded those).
I've never used a firewall program, and don't know about configuring it, and
would like something simple and automatic (one where I don't have to specify
an approved list or disapproved list of sites, for example).
But then again, I'm still on dialup, so maybe I should just wait (until and
if I switch to cable)???
jt3
the ZA free on this machine is a time bomb waiting to go off, as well.
Though this may still be benign compared to the Symantec rootkit mess,
judging from what I've read on the ngs.
It's been a while since I removed it on the XP machine, but I started out
using the uninstall facility, then went to the ZA article (very much the
same as your link, iirc), and it still didn't get gone. Initially, I was
using reinstallation as a guide to cleanliness. I ended up combing through
the registry--spending about a month in this hit/miss fashion before I
finally got rid of it, which was when I put the Sygate firewall on it.
I've saved your post for use as needed, since I plan to try Kerio out, and
if I like it, will remove ZA from this machine as well.
Thanks again,
Joe
"glee" <gle...@spamindspring.com> wrote in message
news:ev4JiFvG...@tk2msftngp13.phx.gbl...
glee
RAM, with no problem. I have used Tiny PF v2.1.5 on Win95B on a 333MHz MMD K6-2 and
128MB RAM, with dial-up.....no problem.
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:uREiSky...@TK2MSFTNGP15.phx.gbl...
glee
Kerio will not install on Win98. You will have to use v2.1.5 on that platform.
"jt3" <j...@cranky.computer> wrote in message
news:%23rzxpqz...@TK2MSFTNGP14.phx.gbl...
Bill in Co.
all the others are "rule based". Right? So, if you're just getting
started, like me (and don't know squat about rules, and which rules to apply
where and all that stuff), wouldn't ZA (at least the BASIC version, 2.6),
possibly be a better choice? I was considering Kerio, but then I read
about this rules stuff (which it is based on), and figured it might be
better to use the "application based" (apparently simpler) ZA 2.6. ???
PCR
http://www.kerio.com/us/kpf_download.html
.....Quote..........
Supported Platforms: Windows 2000 Professional / XP Home / XP Professional
.....EOQ............
SO... I'll grab your URL...
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW
...into my Master Post. Thanks. I am still quite pleased with Kerio Personal Firewall. Tell Dundat to come out of hiding!
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"glee" <gle...@spamindspring.com> wrote in message news:%23S5ImWv...@TK2MSFTNGP09.phx.gbl...
PCR
Definitely, grab Kerio Firewall Engine 2.1.5, Driver version 3.0.0, while you can! I don't see what more there can be over that! It's as easy or as difficult to formulate rules as you want it to be! The app itself is easy to install & use.
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:O0wB9f5G...@tk2msftngp13.phx.gbl...
Bill in Co.
what I've read, the latter is "applications based", and Kerio is "rules
based", even if can generate some of its rules automatically. I haven't
been able to find a comparison between these two early versions (of Kerio
and Zone Alarm) yet.
jt3
before.
Joe
"glee" <gle...@spamindspring.com> wrote in message
news:ucEPoA2G...@TK2MSFTNGP15.phx.gbl...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:urh3z$5GGH...@TK2MSFTNGP15.phx.gbl...
gram pappy
(watch wrap)
http://www.321download.com/LastFreeware/page7.html#Kerio%20Personal%20Firewall
Or short URL: http://surl.co.uk/?2408
Kerio Personal Firewall 2.1.5 (last freeware version)
OS: Win98/Me/NT4/2000/XP
Download (2018 kB)
On last line of artical click download for v2.1.5
-
gram
> "PCR" <pcr...@netzero.net> wrote in message
> news:O1FZ8g5G...@TK2MSFTNGP15.phx.gbl
> Yea, I read it, but didn't suspect the URL itself would change. Seems it
> still does work, now that I've clicked it! HOWEVER, pitiably, yea, only
> Kerio Personal Firewall 4 is offered there now-- NOT Firewall Engine
> 2.1.5, Driver version 3.0.0. Right. WORSE, as Colorado suggested...
> http://www.kerio.com/us/kpf_download.html
> .....Quote..........
> Supported Platforms: Windows 2000 Professional / XP Home / XP
> Professional
> .....EOQ............
mae
Found it out first because MSN Messenger problems encountered by others.
It was similar to what you found
Everything now wants to be your OS.
Kerio 2.5 was the best I have ever used.
--
mae
"glee" <gle...@spamindspring.com> wrote in message
news:uosmFJmG...@TK2MSFTNGP10.phx.gbl...
| I have had to remove, or guide users through manual removal, of Zone Alarm
(the free
| version) a number of times recently, when problems with ZA caused it to
prevent all
| Internet access....even after being disabled, and even after being
uninstalled
| formally through Add/Remove Programs. Only manually removing all traces
allowed the
| users to regain Internet access. The problem is apparently frequent
enough that the
| manufacturer provides manual removal instructions via its support channels
(also
| available online if you search enough).
|
| ZA is one of the more "invasive" applications of its kind, sticking its
claws deep
| into the operating system. many have good luck with it, but have seen
enough
| problems to no longer recommend it myself.
|
| I have had good success with the older version 2.1.5 of Kerio Personal
Firewall
| (free). Although Kerio no longer distributes any versions, the older
version is
--snip-
| "poatt" <po...@discussions.microsoft.com> wrote in message
| news:F78BD35D-8557-469F...@microsoft.com...
-snip-
mae
4.2.0 - July 21, 2005 - dropped support for Windows 98, ME, NT4
This was last version for 98x if you can find it.
4.1.3 - March 30, 2005
I had it but deleted the download (didn't like as well as 2.5)
Had I known, I would have kept it.
I am still searching for one.
I will never use Zone Alarm.
Can't remember my dislikes-was some time ago.
I hate anything that tries to takeover.
--
mae
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:uFo0%23%23vGGH...@TK2MSFTNGP11.phx.gbl...
| I thought the Kerio series (except for the old version 2.1.5) will not
work
| on Win98SE. Have you changed operating systems, or did I misread that?
|
| PCR wrote:
| > http://www.kerio.com/us/kpf_download.html
| > "poatt" <po...@discussions.microsoft.com> wrote in message
Bill in Co.
doesn't try to take over either (like Kerio).
Seems that at least a couple of ya prefer Kerio 2.1.5, though. Although
nobody has reported in on the OLD verion of Zone Alarm (2.6 - pre version 3,
that is). (I gather ZA 2.6 might have been the last good old ZA version).
glee
interfering with other software and with certain Windows Updates for Win98/98SE.
One example, older versions of ZA cause freezes and crashes with KB891711 installed,
IIRC.
Nothing of the sort occurs with Kerio 2.1.5....and there is no reason why it can't
be used just because it is not the latest version. IMHO, Kerio 2.1.5 ROCKS.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:emEGw3$GGHA...@TK2MSFTNGP09.phx.gbl...
glee
"gram pappy" <nos...@example.invalid> wrote in message
news:%23Zp4LS9...@TK2MSFTNGP10.phx.gbl...
poatt
http://scan.sygate.com/
Still working.
Did the first 3 scans. All reported blocked.
I had to do a few personal changes in the ZA. But did not have to do all
the application tweaks like in the Sygate.
I am downloading the Kerio firewall V.2.1.5,to a folder, and will use it
later if need be.
Thanks for all the input,all.
This post would not be welcome on the XP NG. Too chatty.
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"poatt" <po...@discussions.microsoft.com> wrote in message news:6B2DA4FE-7A59-40C4...@microsoft.com...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
"gram pappy" <nos...@example.invalid> wrote in message news:%23Zp4LS9...@TK2MSFTNGP10.phx.gbl...
Bill in Co.
Can I ask another question? Do these firewall programs (like Kerio) have
to be told each and every step of the way, to "allow this to come through,
or block it"? If so, I would think it would be a royal PITA to use it!
IOW, can this Kerio 2.1.5 (for example), make SOME or ANY decisions on its
own, or are there going to be an incessant number of prompts for every site
I connect to, that involves ANY exchange of information (like Internet
Banking, buying something on line, etc)?? (I'm on dial up right now, so
I'm not sure I even need it, anyways, but may go to cable in the future
someday).
Oh yeah, and one other question: how much did your system resources (in
Win98) drop when you installed it (the System, User, GDI stuff)? Do you
even recall? Like perhaps 5%??? Does anyone know or remember?
Thanks!
gram pappy
I am running Win98E and have been using Kerio 2.1.5 for 3+ years
with no problems. Yes it rule based and has a learning curve, but
there is lots of help online. The BroadBand Forum link above is one
the best...
(see inline)> news:us#BSkHHG...@TK2MSFTNGP12.phx.gbl
>
> Can I ask another question? Do these firewall programs (like Kerio)
> have to be told each and every step of the way, to "allow this to come
> through, or block it"? If so, I would think it would be a royal PITA
> to use it!
>
> IOW, can this Kerio 2.1.5 (for example), make SOME or ANY decisions on
> its own, or are there going to be an incessant number of prompts for
> every site I connect to,
will ask to permit or deny, permit and a rule is created. This is a one time
deal for each browser or application you want to acess the internet. Later
offline you can edit the rule as to IP addresses and ports, etc...
> that involves ANY exchange of information (like
> Internet Banking, buying something on line, etc)?? (I'm on dial up
> right now, so I'm not sure I even need it, anyways, but may go to cable
> in the future someday).
> Oh yeah, and one other question: how much did your system resources (in
> Win98) drop when you installed it (the System, User, GDI stuff)? Do
> you even recall? Like perhaps 5%??? Does anyone know or remember?
Kerio using less that 1%CPU. When online and Kerio Adminstration open
shows Kerio using 2 to 3%CPU
> Thanks!
>
gram
Bill in Co.
> Bill,
> I am running Win98E and have been using Kerio 2.1.5 for 3+ years
> with no problems. Yes it rule based and has a learning curve, but
> there is lots of help online. The BroadBand Forum link above is one
> the best...
What link above???>> (wasn't any) (more below..)
> (see inline)
>> "Bill in Co." <not_rea...@earthlink.net> wrote in message
>> news:us#BSkHHG...@TK2MSFTNGP12.phx.gbl
>> Thanks for the update on that, Glen.
>>
>> Can I ask another question? Do these firewall programs (like Kerio)
>> have to be told each and every step of the way, to "allow this to come
>> through, or block it"? If so, I would think it would be a royal PITA
>> to use it!
>>
>> IOW, can this Kerio 2.1.5 (for example), make SOME or ANY decisions on
>> its own, or are there going to be an incessant number of prompts for
>> every site I connect to,
>
> Not really, when you attempt to connect to the web with browser xxx, Kerio
> will ask to permit or deny, permit and a rule is created. This is a one
time
> deal for each browser or application you want to acess the internet.
> Later offline you can edit the rule as to IP addresses and ports, etc...
But I can check this (or see this) for myself, just by looking at the web
page as it comes in. I'm on dial up, so it takes time to come in, so
what's the big advantage?
I mean, if I see the incoming web page looks problematic, I can immediately
close it down. So what's the advantage of being explicitly asked? *You
wouldn't know anyways*, until you see the page, unless it had some
suspicious name (isn't that right)? If you know enough to set up the rule,
you'll either not go to that web site, or catch it before it has a chance to
take over (as I see it). (That probably doesn't apply if you're on cable
or DSL, though). I must be missing something here.
>
>> that involves ANY exchange of information (like
>> Internet Banking, buying something on line, etc)?? (I'm on dial up
>> right now, so I'm not sure I even need it, anyways, but may go to cable
>> in the future someday).
>>
>> Oh yeah, and one other question: how much did your system resources (in
>> Win98) drop when you installed it (the System, User, GDI stuff)? Do
>> you even recall? Like perhaps 5%??? Does anyone know or remember?
>
> I just looked at this with WinTop, and working off line with Kerio closed
> shows Kerio using less that 1%CPU. When online and Kerio Adminstration
open
> shows Kerio using 2 to 3%CPU
BUT - is that in *System Resources*? I don't think so. You need to use
Resource Meter to know. And you would have to compare having Kerio
*completely disabled* with enabled. I'm not sure you can completely
disable it w/o uninstalling it, since it runs at such a low level.
>> Thanks!
>>
> gram
glee
http://www.oldversion.com/
They don't list Kerio, but they have old versions of Zone Alarm, Sygate, and Tiny
Personal Firewall. Tiny was the precursor of Kerio.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"PCR" <pcr...@netzero.net> wrote in message
news:OguAHsGH...@TK2MSFTNGP15.phx.gbl...
gram pappy
>
>> gram pappy wrote:
>> I am running Win98FE and have been using Kerio 2.1.5 for 3+ years
>> with no problems. Yes it is rule based and has a learning curve, but
>> there is lots of help online. The BroadBand Forum link above is one
>>
> What link above???>> (wasn't any) (more below..)
Msg from "glee" Jan 16, 6:35 pm Here is the link:
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny...
>> (see inline)
>>> "Bill in Co." <not_rea...@earthlink.net> wrote in message
>>> news:us#BSkHHG...@TK2MSFTNGP12.phx.gbl
>>>
>>> IOW, can this Kerio 2.1.5 (for example), make SOME or ANY
>>> decisions on its own, or are there going to be an incessant
>>> number of prompts for every site I connect to,
>>
>> Not really, when you attempt to connect to the web with browser xxx,
>> Kerio will ask to permit or deny, permit and a rule is created. This is
>> a one time deal for each browser or application you want to acess the
>> internet. Later offline you can edit the rule as to IP addresses and
>> ports, etc...
>
> But I can check this (or see this) for myself, just by looking at the web
> page as it comes in. I'm on dial up, so it takes time to come in, so
> what's the big advantage?
>
> I mean, if I see the incoming web page looks problematic, I can
> immediately close it down. So what's the advantage of being
> explicitly asked? *You wouldn't know anyways*, until you see the page,
> unless it had some suspicious name (isn't that right)? If you know
> enough to set up the rule, you'll either not go to that web site, or
> catch it before it has a chance to take over (as I see it). (That
> probably doesn't apply if you're on cable or DSL, though). I must be
> missing something here.
The browser surfing rule created is to allow your browser web access,
not as a web page filter. This rule tells Kerio to allow this indentified
browser anywhere on the web, and no prompts...
>>> Oh yeah, and one other question: how much did your system resources
>>> (in Win98) drop when you installed it (the System, User, GDI stuff)?
>>> Do you even recall? Like perhaps 5%??? Does anyone know or
>>> remember?
>>
>> I just looked at this with WinTop, and working off line with Kerio
>> closed shows Kerio using less that 1%CPU. When online and Kerio
>> Adminstration is open shows Kerio using 2 to 3%CPU
I know this Wintop %CPU has little value as this old pc has a Pentium,
and any value would be quite defferent with say a Pentium ll or lll, etc.
I am on dial-up too, and have not noticed Kerio causing any slowdown...
RJK
some migrated to XP gen. NG and some still keep an eye out in here.
In fact, the odd postee that takes trouble to answer posts in detail, almost
always is one that came from here - or is keeping an eye out in here !!!
regards, Richard
"poatt" <po...@discussions.microsoft.com> wrote in message
news:6B2DA4FE-7A59-40C4...@microsoft.com...
PCR
OK, OK, thanks.
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"glee" <gle...@spamindspring.com> wrote in message news:%23LdGe4J...@TK2MSFTNGP14.phx.gbl...
glee
I think others have already answered most of your questions. Kerio will work right
out of the box with no extra tweaking if you don't want to. You just have to permit
or deny programs....for most that's a one-time deal as you can have it create a rule
when you allow or deny, if you want.
As for resources, I don't recall exactly, but IIRC when I tested that, it was minor.
Free resources without Kerio at boot were maybe 89%, with Kerio about 84%....in that
relational neighborhood anyway.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:ecULPDJH...@TK2MSFTNGP14.phx.gbl...
Bill in Co.
I've been doing some more reading of reviews of BOTH the old Zone Alarm
(2.6) and the old Kerio 2.1.5 (and Tiny), and the general consensus of what
they said seems to be (I'm trying to summarize this): (NB: talking ONLY
about the *early versions* of both programs, that is, versions 2.x)
Incidentally, the downloaded exe file sizes for these two programs are (just
for the record):
Kerio 2.1.5 2.1 KB
Zone Alarm 2.6 2.8 KB
(which are pretty comparable)
1) Zone Alarm works w/o requiring any firewall knowledge, and is made for
the "average Joe" (so to speak), but is LESS configurable than Kerio, and (I
believe) is applications-based (in addition to rules based???),
2) Kerio is a bit trickier to set up and configure correctly, and is "rules
based", and is really preferred by those who are into the rules and know
exactly what they want to block and what to pass. And Kerio is
apparently quite a bit lighter on using system resources, too. But Kerio
offers less "hand holding" . :-)
Anybody care to comment on those reader comments (summary)?
Again, from what I've gleaned, it seemed the problems with ZA (like being
able to uninstall it) happened with the later versions, not version 2.6,
which came out in 2001!
mae
Just try Kerio. If unsatisfactory, simple to remove -nothing left.
After all you are on dialup and a good time to experiment and learn
with much less danger. You will be proficient when you get broadband.
If you make what you think is a mistake, just remove all the rules and start
over anytime. You can't do any harm. I knew nothing either when I started .
My idea of a port, packet, protochol was not related to computers.
I started with Tiny, which Kerio took over. Tiny kept losing the rules.
Never had a problem with Kerio-uses minimal resources, low memory.
No interference with other programs, etc.
So "just do it" and post any questions for help.
--
mae
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:emEGw3$GGHA...@TK2MSFTNGP09.phx.gbl...
| > "Bill in Co." <not_rea...@earthlink.net> wrote in message
| > news:uFo0%23%23vGGH...@TK2MSFTNGP11.phx.gbl...
| >> PCR wrote:
glee
To add: I never saw Kerio lock someone out of the Internet where they could not fix
it by simply deleting a rule, but I have seen it happen with ZA more than once or
twice.
"mae" <agra...@notemail.msn.com> wrote in message
news:eswD8GbH...@TK2MSFTNGP12.phx.gbl...
glee
configure it quite a bit more, and though there is a learning curve for that, it
isn't too bad......the forums I linked have some guidelines I can send you.....but
it isn't necessary to mess with it. It sets up like ZA....you are prompted for each
new app that attempts connection, and you permit or deny, and make a rule if you
want it permanent.
I can't say about ZA 2.x and uninstall problems....I do know they have had to have
manual uninstall instructions on their site for years. Earlier versions gave some
machines trouble running as a "service"....meaning running from the RunServices
registry key, and required manually changing its startup location for those
machines. And as I stated earlier, old versions caused problems with KB891711.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:eqTgR$XHGHA...@TK2MSFTNGP11.phx.gbl...
Bill in Co.
until - if - I ever go to broadband, cause I really don't need it on dial
up, right? Besides, the idea of every day having to answer those stupid
prompts AND losing 5% more in System Resources doesn't appeal to me! But
if I get sufficiently bored, I will try it soon, and *definitely* before I
go to Broadband (I gather you almost HAVE to have a firewall on Broadband).
Franc Zabkar
put finger to keyboard and composed:
>You know - don't fret so much.:)
>Just try Kerio. If unsatisfactory, simple to remove -nothing left.
>After all you are on dialup and a good time to experiment and learn
>with much less danger. You will be proficient when you get broadband.
>If you make what you think is a mistake, just remove all the rules and start
> over anytime. You can't do any harm. I knew nothing either when I started .
>My idea of a port, packet, protochol was not related to computers.
>I started with Tiny, which Kerio took over. Tiny kept losing the rules.
>Never had a problem with Kerio-uses minimal resources, low memory.
>No interference with other programs, etc.
>So "just do it" and post any questions for help.
Do I understand correctly that Kerio has reached end-of-life status
for Windows 98? If so, then what are the future security implications
for this product?
Is it possible to install both Kerio and ZA (free versions), disable
automatic startup for both firewalls, and then launch one or the other
on demand? In ZA's case I have disabled email monitoring, and have not
installed its AV component. Does ZA make any system changes that would
interfere with Kerio even if ZA were not running?
- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.
Franc Zabkar
<fza...@iinternode.on.net> put finger to keyboard and composed:
>Is it possible to install both Kerio and ZA (free versions), disable
>automatic startup for both firewalls, and then launch one or the other
>on demand? In ZA's case I have disabled email monitoring, and have not
>installed its AV component. Does ZA make any system changes that would
>interfere with Kerio even if ZA were not running?
OK, I've answered my own questions. It is possible to install both
firewalls and launch either on demand, and my ZA installation does not
interfere with Kerio. Kerio launches a *lot* faster, though. I think
I'll stick with Kerio until I find a reason not to. BTW, its default
rule set did not allow me to get through my NAT router. I had to
permit ICMP [3] Destination Unreachable under Other ICMP.
Franc Zabkar
<fza...@iinternode.on.net> put finger to keyboard and composed:
>On Sun, 22 Jan 2006 13:39:51 +1100, Franc Zabkar
><fza...@iinternode.on.net> put finger to keyboard and composed:
>
>>Is it possible to install both Kerio and ZA (free versions), disable
>>automatic startup for both firewalls, and then launch one or the other
>>on demand? In ZA's case I have disabled email monitoring, and have not
>>installed its AV component. Does ZA make any system changes that would
>>interfere with Kerio even if ZA were not running?
>
>OK, I've answered my own questions. It is possible to install both
>firewalls and launch either on demand, and my ZA installation does not
>interfere with Kerio. Kerio launches a *lot* faster, though. I think
>I'll stick with Kerio until I find a reason not to. BTW, its default
>rule set did not allow me to get through my NAT router. I had to
>permit ICMP [3] Destination Unreachable under Other ICMP.
One more observation. Wintop shows that, when no data are being
transferred, Kerio uses about 0.3% of CPU time whereas ZA uses about
5%. During data transfer Kerio's CPU utilisation rises to about 0.8%
max.
PCR
| for Windows 98? If so, then what are the future security implications
| for this product?
| I'll stick with Kerio until I find a reason not to.
Near as I can figure, Kerio Personal Firewall (Engine 2.1.5, Driver version 3.0.0) does it all already & with a wonderful interface. It isn't like you have to download virus definitions. Unless someone invents a new protocol, maybe, how can it need an update? And what more can it do?
Yea, WinTop shows similar minimal CPU% usage for me, no more than .59%.
| BTW, its default
| rule set did not allow me to get through my NAT router. I had to
| permit ICMP [3] Destination Unreachable under Other ICMP.
I have that one disallowed, but I have no router.
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Franc Zabkar" <fza...@iinternode.on.net> wrote in message news:gjo7t1p80kqfvddpl...@4ax.com...
Bill in Co.
don't really need it (IMO).
I wonder how much Kerio drops your *system resources* (not CPU time) when
active vs inactive.
I may still get around to trying it out. I definitely will if I go to
broadband.
Franc Zabkar
finger to keyboard and composed:
>| Do I understand correctly that Kerio has reached end-of-life status
>| for Windows 98? If so, then what are the future security implications
>| for this product?
>
>| I'll stick with Kerio until I find a reason not to.
>
>Near as I can figure, Kerio Personal Firewall (Engine 2.1.5, Driver version 3.0.0) does it all already & with a wonderful interface. It isn't like you have to download virus definitions. Unless someone invents a new protocol, maybe, how can it need an update?
Zone Labs is always upgrading ZoneAlarm for security reasons, whatever
they are (more than just AV, AFAIK).
>And what more can it do?
Suppose a malware author found yet another way for a rogue application
to masquerade as a trusted one. Wouldn't that render your firewall
useless?
>Yea, WinTop shows similar minimal CPU% usage for me, no more than .59%.
My CPU is an AMD K6-2-450.
>| BTW, its default
>| rule set did not allow me to get through my NAT router. I had to
>| permit ICMP [3] Destination Unreachable under Other ICMP.
>I have that one disallowed, but I have no router.
Sorry, I think this may have been a red herring. This morning I had
the same issues, but there were no alerts to tell me what was really
happening. I've since allowed all ICMP and TCP traffic to 10.1.1.1 (my
router's address) and all is OK so far. <shrug>
One other concern I have is in regard to applications running in
client or server mode. ZA allows me to permit or deny server mode, but
I don't see a corresponding setting in KPF. I suspect I would need to
restrict certain outgoing traffic, but I really don't have a clue what
to do, or what it all means, or even if it necessary. Perhaps this is
a question for a security or firewall NG?
PCR
1,[22/Dec/2005 19:10:22] Rule 'Packet to unopened port received': Blocked: In TCP, 172.176.207.216:3806->localhost:1433, Owner: no owner
1,[22/Dec/2005 19:37:28] Rule 'Packet to unopened port received': Blocked: In TCP, 222.56.118.23:34843->localhost:80, Owner: no owner
1,[22/Dec/2005 19:40:14] Rule 'TCP ack packet attack': Blocked: In TCP, 216.239.57.103:80->localhost:1115, Owner: no owner
1,[22/Dec/2005 19:40:14] Rule 'TCP ack packet attack': Blocked: In TCP, 216.239.57.103:80->localhost:1115, Owner: no owner
The system resource hit is minimal. With it (& all else) installed, I boot up with over 90% GDI & over 80% User resources, sometimes MUCH over. Those number suffer greatly after I go online & open NetZero, OE, IE-- BUT that was also so! Even before Kerio!
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:eOzm155H...@TK2MSFTNGP11.phx.gbl...
PCR
| On Sun, 22 Jan 2006 16:00:19 -0500, "PCR" <pcr...@netzero.net> put
| finger to keyboard and composed:
|
| >| Do I understand correctly that Kerio has reached end-of-life status
| >| for Windows 98? If so, then what are the future security implications
| >| for this product?
| >
| >| I'll stick with Kerio until I find a reason not to.
| >
| >Near as I can figure, Kerio Personal Firewall (Engine 2.1.5, Driver version 3.0.0) does it all already & with a wonderful interface. It isn't like you have to download virus definitions. Unless someone invents a new protocol, maybe, how can it need an update?
|
| Zone Labs is always upgrading ZoneAlarm for security reasons, whatever
| they are (more than just AV, AFAIK).
I don't know what that can be about, unless the program itself doesn't work or they are adding a new GUI feature. There are a limited number of comunication protocols. Once they are all properly blockable using any field within it imaginable (app name, port number, IP address, outgoing, ingoing, protocol type & sub-type, etc.)-- what more can there be? Someone would have to write a new one!
|
| >And what more can it do?
|
| Suppose a malware author found yet another way for a rogue application
| to masquerade as a trusted one. Wouldn't that render your firewall
| useless?
Kerio keeps a SIGNATURE of the apps installed. If it changes, you are informed & may allow it or not. It happens now/then with my NetZero signature. And I surly hope it was them doing it! Probably it was!
|
| >Yea, WinTop shows similar minimal CPU% usage for me, no more than .59%.
|
| My CPU is an AMD K6-2-450.
|
| >| BTW, its default
| >| rule set did not allow me to get through my NAT router. I had to
| >| permit ICMP [3] Destination Unreachable under Other ICMP.
|
| >I have that one disallowed, but I have no router.
|
| Sorry, I think this may have been a red herring. This morning I had
| the same issues, but there were no alerts to tell me what was really
| happening. I've since allowed all ICMP and TCP traffic to 10.1.1.1 (my
| router's address) and all is OK so far. <shrug>
OK. I guess you need the TWO rules for routing described at...
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny
The famous BroadBand Forum link gram pappy said Glee posted & neither me nor Colorado could find it! Scroll to "Q: How do I allow DHCP?".
|
| One other concern I have is in regard to applications running in
| client or server mode. ZA allows me to permit or deny server mode, but
| I don't see a corresponding setting in KPF. I suspect I would need to
| restrict certain outgoing traffic, but I really don't have a clue what
| to do, or what it all means, or even if it necessary. Perhaps this is
| a question for a security or firewall NG?
It certainly isn't a question for me. There is talk of "server" in that BroadBand URL. Also, search for "server" in Kerio Help. I believe, yea, once you identify it, you can set specific rules or it, if necessary.
glee
If you really want to go overboard, in addition to this link:
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny
have a look here:
http://www.dslreports.com/forum/remark,6642367~root=kerio~mode=flat
and
http://www.dslreports.com/forum/remark,8023708
"Franc Zabkar" <fza...@iinternode.on.net> wrote in message
news:rqf8t1tgjkk2s7t47...@4ax.com...
Franc Zabkar
finger to keyboard and composed:
>OK. I guess you need the TWO rules for routing described at...
>http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny
>The famous BroadBand Forum link gram pappy said Glee posted & neither me nor Colorado could find it! Scroll to "Q: How do I allow DHCP?".
The very first thing I did was to disallow DHCP, after reading the
FAQ. The reason is that I have also disabled DHCP in my router and am
instead assigning a fixed IP address (10.1.1.3 - 10.1.1.32) to each PC
on the LAN (currently only one machine). Furthermore, the reason I am
not using DHCP is to avoid the 2 or 3 minute delay that would
otherwise occur at each boot if my modem/router were powered off.
Anyway, everything was working fine ... until I tried to post this.
:-(
It seems that my router has decided to go offline for some reason.
This is what I see in Kerio's log (edited for clarity):
2,[06:57:50] Rule 'Router TCP': Permitted: Out TCP,
localhost:1089->10.1.1.1:80, Owner: \OPERA.EXE
2,[06:57:50] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
2,[06:57:54] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
2,[06:58:00] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
2,[06:58:12] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
2,[06:58:42] Rule 'Router TCP': Permitted: Out TCP,
localhost:1090->10.1.1.1:80, Owner: \OPERA.EXE
2,[06:58:42] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
2,[06:58:44] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
2,[06:58:50] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
2,[06:59:02] Rule 'Router Ping': Permitted: In ICMP [3] Destination
Unreachable, 10.1.1.1->localhost, Owner: Tcpip Kernel Driver
Cycling power to my router does not rectify the problem. Neither does
shutting down and restarting KPF. However, shutting down KPF and
launching ZA restores normal function. Strangely, if I now shut down
ZA and relaunch Kerio, all is well. <shrug>
PCR
Read through those URLs on Kerio. The BroadBand URL said...
.......Quote..........
If you have a router or a proxy server that you connect through, you will only need DHCP if you use it to assign a local IP address to your machine on your LAN.
.......EOQ............
So, I guess you're right about that!
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Franc Zabkar" <fza...@iinternode.on.net> wrote in message news:o0gat116289jukn37...@4ax.com...
Franc Zabkar
finger to keyboard and composed:
>"Franc Zabkar" <fza...@iinternode.on.net> wrote in message news:rqf8t1tgjkk2s7t47...@4ax.com...
>| One other concern I have is in regard to applications running in
>| client or server mode. ZA allows me to permit or deny server mode, but
>| I don't see a corresponding setting in KPF. I suspect I would need to
>| restrict certain outgoing traffic, but I really don't have a clue what
>| to do, or what it all means, or even if it necessary. Perhaps this is
>| a question for a security or firewall NG?
>
>It certainly isn't a question for me. There is talk of "server" in that BroadBand URL. Also, search for "server" in Kerio Help. I believe, yea, once you identify it, you can set specific rules or it, if necessary.
I believe disabling "server mode" for individual applications in ZA is
equivalent to denying outgoing UDP traffic in KPF. Anyway, I've done
it and I haven't broken anything ... yet.
Franc Zabkar
put finger to keyboard and composed:
>Franc,
>If you really want to go overboard, in addition to this link:
>http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny
>have a look here:
>http://www.dslreports.com/forum/remark,6642367~root=kerio~mode=flat
>and
>http://www.dslreports.com/forum/remark,8023708
Thanks. I've printed them off and have been studying them all day. At
the very least I think I now have a proper set of rules and a much
better understanding. Kerio still misbehaves, but I think I'm getting
closer to a solution. When the problem arises, the following apps are
OK:
Eudora
Forte Agent
WebTime (atomic clock)
WS_FTP
ping.exe
... but these cannot get through the router or firewall:
Opera
Mozilla
AVG
AdAware
Spybot
These symptoms sound very similar to those that you've experienced, ie
"unable to go on the Internet, though IM and email worked, even with
ZA disabled". But the strange thing is that I'm now accessing the Net
using KPF, with ZA still installed but not running. I'll persevere a
little longer with my present configuration, but if I have no joy I'll
bite the bullet and uninstall ZA.
BTW, I notice that if I enable a bootlog there is an entry for
vsdata95.vxd. This is ZA's True Vector driver. Perhaps I could try
renaming this file, rebooting, and then launching Kerio ...
OK, I've done it and everything appears to be working perfectly (apart
from the expected error regarding the missing .vxd file). I'll let the
group know if the problem returns.
Franc Zabkar
finger to keyboard and composed:
>Looks like Glee has posted an additional two informative sites about Kerio, which I'll certainly look through. BUT, I have no router! My guess is... Zone Alarm has mussed things. There've been a bundle of pesky Zone Alarm threads here. So... fully uninstall Zone Alarm, per the special measures Glee posted elsewhere in this thread, if necessary.
I think you're right. See my response to Glen.
glee
IMHO, installing two third-party firewalls, even if one is "disabled", is going to
cause problems. I'll look for your next report in the continuing story.... <g>
PCR
I see. All right, but I know nothing of Zone Alarm.
PCR
Yea, I saw. Keep us informed, & ensure you read those URLs on how to expel Zone Alarm, if necessary. Although I intend to spend time at that BroadBand site (& it looks like a few years may be necessary), I REMAIN unwilling to admit it's a big, tough bugaboo to formulate Kerio rules! After all, it WILL do them automatically & mentions app names!
jt3
but . . . they have the thing set to check with their website for updates
(you can prevent it but it still is a pest) and when it finds one it keeps
pestering you until you download it *and* install it. As you say, I can't
see what there has to be new about port-blocking every month or so. I think
they mainly want to get you to purchase the pay version, which is fair, I
suppose, but I'd prefer a more straightforward approach.
"PCR" <pcr...@netzero.net> wrote in message
news:OhZyg1SI...@TK2MSFTNGP10.phx.gbl...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"jt3" <j...@cranky.computer> wrote in message news:uCCHjoYI...@TK2MSFTNGP12.phx.gbl...
Franc Zabkar
put finger to keyboard and composed:
>"Franc Zabkar" <fza...@iinternode.on.net> wrote in message
>news:uc2ct1564udti7uoe...@4ax.com...
>> BTW, I notice that if I enable a bootlog there is an entry for
>> vsdata95.vxd. This is ZA's True Vector driver. Perhaps I could try
>> renaming this file, rebooting, and then launching Kerio ...
>>
>> OK, I've done it and everything appears to be working perfectly (apart
>> from the expected error regarding the missing .vxd file). I'll let the
>> group know if the problem returns.
>IMHO, installing two third-party firewalls, even if one is "disabled", is going to
>cause problems.
KPF causes no problems for ZA, at least not that I can see. <shrug>
>I'll look for your next report in the continuing story.... <g>
OK, KPF is still working flawlessly, so it appears that ZA's
vsdata95.vxd was definitely the offender.
glee
Thanks for the update. It's not the first time that file has gotten into trouble.
RJK
regards, Richard
"PCR" <pcr...@netzero.net> wrote in message
news:%233dhohc...@TK2MSFTNGP10.phx.gbl...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"RJK" <notat...@hotmail.com> wrote in message news:e1ClgJhI...@TK2MSFTNGP12.phx.gbl...
gram pappy
the latest data that applies to your system.
Another good Personal Firewall reference link:
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
This document explains what you see in firewall logs, especially what
port numbers means. (by firewall expert Robert Graham)
-
gram
> "PCR" <pcr...@netzero.net> wrote in message
> news:ebbRv3hI...@TK2MSFTNGP14.phx.gbl
RJK
!! ...that series is so adictive !!
...and I have to retract my comment on Zonealarm seeing as I'm using
eTrust's EZarmour Internet Secrurity suite, whose firewall module screens
are all strangely identical to Zonealarm ! :-)
regards, Richard
"PCR" <pcr...@netzero.net> wrote in message
news:ebbRv3hI...@TK2MSFTNGP14.phx.gbl...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"gram pappy" <nos...@example.invalid> wrote in message news:eLsMmujI...@TK2MSFTNGP14.phx.gbl...
PCR
Kerio was the first I tried, & it seems to have it all. The subject matter of Internet communication-- packets, proxy, ports, router, DNS, UDP, whatever-- is huge & complex. I guess it won't be impossible to get rules straight. The question is, how much of the subject matter must I know?
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"RJK" <notat...@hotmail.com> wrote in message news:en%23lNKnI...@TK2MSFTNGP12.phx.gbl...
Bill in Co.
> Lost Season 2? Hasn't that just started, 3/so episodes? Or did you get
more
> over there in The Statelessness? Don't tell me the end!
>
> Kerio was the first I tried, & it seems to have it all. The subject matter
of
> Internet communication-- packets, proxy, ports, router, DNS, UDP,
whatever--
> is huge & complex. I guess it won't be impossible to get rules straight.
The
> question is, how much of the subject matter must I know?
Probably less IF you use the *earliest* versions of Zone Alarm instead, from
all I have read!!
As I've said before, from what I've read (so far) on the net reviews, ZA 2.6
(dated 2001) is also supposed to be pretty good - especially in that regard
(of easy to use properly, w/o knowing all the rules for each case).
Unless I'm mistaken - (and so far, I don't think I've found much negative on
THAT particular version; and nobody here (at least AFAIK), has addressed
THAT early version, just the later ones).
PCR
| PCR wrote:
| > Lost Season 2? Hasn't that just started, 3/so episodes? Or did you get
| more
| > over there in The Statelessness? Don't tell me the end!
| >
| > Kerio was the first I tried, & it seems to have it all. The subject matter
| of
| > Internet communication-- packets, proxy, ports, router, DNS, UDP,
| whatever--
| > is huge & complex. I guess it won't be impossible to get rules straight.
| The
| > question is, how much of the subject matter must I know?
|
| Probably less IF you use the *earliest* versions of Zone Alarm instead, from
| all I have read!!
|
| As I've said before, from what I've read (so far) on the net reviews, ZA 2.6
| (dated 2001) is also supposed to be pretty good - especially in that regard
| (of easy to use properly, w/o knowing all the rules for each case).
Well, to be fair, I've been using Kerio, WITHOUT knowing all that, EITHER, & I still have reason to believe I am safe enough. I have begun a quest now, though, to discover why I have UDP rules near the top & near the bottom! I'm sure it has to do with recent tinkering.
|
| Unless I'm mistaken - (and so far, I don't think I've found much negative on
| THAT particular version; and nobody here (at least AFAIK), has addressed
| THAT early version, just the later ones).
|
news:%23XOMofb...@TK2MSFTNGP15.phx.gbl
What Glee knew. It doesn't seem insurmountable. But does Zone Alarm protect as well as Kerio? Do you need to constantly update Zone Alarm?
RJK
... well, we just couldn't wait !
regards, Richard
"PCR" <pcr...@netzero.net> wrote in message
news:ej9Xcar...@TK2MSFTNGP15.phx.gbl...
Bill in Co.
> "Bill in Co." <not_rea...@earthlink.net> wrote in message
> news:e0N8AkrI...@TK2MSFTNGP14.phx.gbl...
>> PCR wrote:
>>> Lost Season 2? Hasn't that just started, 3/so episodes? Or did you get
>>> more over there in The Statelessness? Don't tell me the end!
>>>
>>> Kerio was the first I tried, & it seems to have it all. The subject
matter of
>>> Internet communication-- packets, proxy, ports, router, DNS, UDP,
whatever
>>> The question is, how much of the subject matter must I know?
>>
>> Probably less IF you use the *earliest* versions of Zone Alarm instead,
from
>> all I have read!!
>>
>> As I've said before, from what I've read (so far) on the net reviews, ZA
2.6
>> (dated 2001) is also supposed to be pretty good - especially in that
regard
>> (of easy to use properly, w/o knowing all the rules for each case).
>
> Well, to be fair, I've been using Kerio, WITHOUT knowing all that, EITHER,
&
> I still have reason to believe I am safe enough. I have begun a quest now,
> though, to discover why I have UDP rules near the top & near the bottom!
I'm
> sure it has to do with recent tinkering.
>>
>> Unless I'm mistaken - (and so far, I don't think I've found much negative
on
>> THAT particular version; and nobody here (at least AFAIK), has addressed
>> THAT early version, just the later ones).
>
> news:%23XOMofb...@TK2MSFTNGP15.phx.gbl
> What Glee knew. It doesn't seem insurmountable. But does Zone Alarm
protect
> as well as Kerio? Do you need to constantly update Zone Alarm?
I don't think that link works anymore. I just tried it. Did Glee
*explicitly* address old version 2.6 of Zone Alarm?
PCR
news:%23XOMofb...@TK2MSFTNGP15.phx.gbl
......Quote...........
I can't say about ZA 2.x and uninstall problems....I do know they have had to have manual uninstall instructions on their site for years. Earlier versions gave some machines trouble running as a "service"....meaning running from the RunServices registry key, and required manually changing its startup location for those machines. And as I stated earlier, old versions caused problems with KB891711.
.......EOQ...............
I cannot add/subtract from it! And don't forget Zabcar's report...
news:rqf8t1tgjkk2s7t47...@4ax.com
......Quote..............
Zone Labs is always upgrading ZoneAlarm for security reasons, whatever
they are (more than just AV, AFAIK).
......EOQ.................
Kerio requires no updates from anyone, &, once the rules are quickly & easily set, needs no further tweaking in rules, either. Nevermind I've begun a huge study on it, anyhow!
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:%232LXTQs...@TK2MSFTNGP15.phx.gbl...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"RJK" <notat...@hotmail.com> wrote in message news:Ox0OzAs...@tk2msftngp13.phx.gbl...
| ...downloaded from http://www.mininova.org/sub/111 :-)
|
| ... well, we just couldn't wait !
|
| regards, Richard
|
|
| "PCR" <pcr...@netzero.net> wrote in message
| news:ej9Xcar...@TK2MSFTNGP15.phx.gbl...
| Lost Season 2? Hasn't that just started, 3/so episodes? Or did you get more
| over there in The Statelessness? Don't tell me the end!
...snip
RJK
regards, Richard
"PCR" <pcr...@netzero.net> wrote in message
news:O8vq7is...@TK2MSFTNGP14.phx.gbl...
Bill in Co.
Franc Zabkar
<fza...@iinternode.on.net> put finger to keyboard and composed:
>Zone Labs is always upgrading ZoneAlarm for security reasons, whatever
>they are (more than just AV, AFAIK).
Here they all are, or at least all the ones that Zone Labs admits to.
ZoneAlarm® Release History:
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
ZoneAlarm® Pro Release History:
http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:usrsKXt...@tk2msftngp13.phx.gbl...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"RJK" <notat...@hotmail.com> wrote in message news:OWaTUysI...@TK2MSFTNGP10.phx.gbl...
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Franc Zabkar" <fza...@iinternode.on.net> wrote in message news:92lit15ca79psvhtv...@4ax.com...
Bill in Co.
difference. You can't just lump "all earlier versions" together like that,
especially when there have been so many, going back over so many years.
It would be like lumping all Norton Utilities together, and the old Norton
ones WERE good (back in the DOS days, and the early windows days)
PCR
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:%23rDZNew...@TK2MSFTNGP15.phx.gbl...
Bill in Co.
retrieve the message" (blah blah blah)
Besides, where is ZA version 2.x **specifically** addressed?
You know ... it's not enough to say, "old versions" (at large), and it's not
enough to say, because there were a lot of updates over the years there was
something wrong with the program. (That doesn't necessarily follow).
Poor logic!
PCR
http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html
........Quote.............
New and improved features in ZoneAlarm Pro version 3.0:
Redesigned interface with all-new help system, quick-start tutorial, quick-reference text column, security overview panel and color-selectable interface
Improved trusted security engine is further hardened and tamper-resistant
New program component control to prevent abuse of trusted programs
Optional program learning mode for easy set-up
Optional program component learning mode for easy set-up
New Zone management area makes keeping track of networks and computers quicker and easier
Enhanced automatic network detection with wireless network identification and support
New active network indicator shows what networks are active in what Zone
Privacy protection: Cookie control, third-party spying control, Web bug and referrer header control, mobile code control
Ad blocking: Granular ad blocking including pop-up/pop-under ad blocking, banner ad blocking, animation ad blocking, performance-based banner ad blocking (blocks only banner ads that slow Web page loads)
New in-client logging with log filtering and sorting
New alert filtering: see all alerts, only high-rated alerts or no alerts
All new alert advisor with instant security advice from the experts at Zone Labs
New IP address mapping to locate potential attackers from anywhere in the world
..........EOQ..................
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:egDGM1xI...@TK2MSFTNGP11.phx.gbl...
jt3
consideration of survival in the marketplace when you give away a free
version of your product, the inference seems to be that one adds bells and
whistles to the product to make it both re-sellable and competitive; one
changes the free version not because it needs changing, but because it's
based on the sold version, and/or because (registration helps this) one then
has ready solicitation access to potential purchasers.
Perhaps I have more confidence in your logic than you do? :-) OTOH, if you
exhaustively check out every possibility, you may be much less likely to
find your foot in it than I am :-D
"PCR" <pcr...@netzero.net> wrote in message
news:OEc6mNwI...@tk2msftngp13.phx.gbl...
PCR
| whistles to the product to make it both re-sellable and competitive
I think, yea, ease of use & other bells/whistles legitimately could be reserved for paid versions. I do wonder whether paid versions of even Kerio allow import/export of individual rules. My free one only will allow the full set. Also, it could be nice to have the capability of multiple Custom Address Lists, instead of just one. Finally, I'm not sure in my free one whether it's log will ever stop growing, if I don't occasionally delete it myself. It won't exist or begin to grow, however, until one starts it with a rule. That's good! Also, judicious rule writing will prevent a ton of stuff going to it. That log is... filter.log (I delete filter.log.idx each time too), located in Kerio's folder. Ah! it's only 4 KB now! Ah, ha, ha!
Really, I should pay for the thing, since I do like having it. That's what I did with both WinZip & BootIt NG. I DO believe everything important about protection IS included in Kerio, & I've never had a crash from it.
But I know nothing of Zone Alarm free or paid. There have been pesky threads here about it, is all, worst being the free one may not get along with KB891711. Colorado doesn't care about MS criticals, though. Also, it may not be easy to uninstall. But I have no personal experience with it. Therefore, soon I must keep my mouth shut!
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"jt3" <j...@cranky.computer> wrote in message news:%23WN4AB5...@TK2MSFTNGP15.phx.gbl...
Bill in Co.
with ZA 2.6. So far, nobody has *specifically* countered that - I mean
with THAT particular version (the 2.x series of Zone Alarm), as far as I
know.
But at this point I'm not using any firewalls, since I'm on dial up, and
haven't really had any issues related to that (over all this time - YEARS).
I do realize, though, that if and when I go to broadband, I'll have to bite
the bullet, though.
Franc Zabkar
put finger to keyboard and composed:
>"Franc Zabkar" <fza...@iinternode.on.net> wrote in message
>news:1hoft1tsu146b6brt...@4ax.com...
>> On Tue, 24 Jan 2006 06:41:32 -0500, "glee" <gle...@spamindspring.com>
>> put finger to keyboard and composed:
>>
>> >"Franc Zabkar" <fza...@iinternode.on.net> wrote in message
>> >news:uc2ct1564udti7uoe...@4ax.com...
>>
>> >> BTW, I notice that if I enable a bootlog there is an entry for
>> >> vsdata95.vxd. This is ZA's True Vector driver. Perhaps I could try
>> >> renaming this file, rebooting, and then launching Kerio ...
>> >>
>> >> OK, I've done it and everything appears to be working perfectly (apart
>> >> from the expected error regarding the missing .vxd file). I'll let the
>> >> group know if the problem returns.
>>
>> >IMHO, installing two third-party firewalls, even if one is "disabled", is going
>to
>> >cause problems.
>>
>> KPF causes no problems for ZA, at least not that I can see. <shrug>
>>
>> >I'll look for your next report in the continuing story.... <g>
>>
>> OK, KPF is still working flawlessly, so it appears that ZA's
>> vsdata95.vxd was definitely the offender.
>
>Thanks for the update. It's not the first time that file has gotten into trouble.
><g>
FYI, here is a comparison between two bootlogs. Bootlog.z represents a
normal ZA setup. Bootlog.k is the result of renaming ZA's vsdata95.vxd
file. I did not touch logger.vxd in either case.
Comparing files BOOTLOG.Z and bootlog.k
****** BOOTLOG.Z
LoadSuccess = WPCRSET.VxD
Loading Vxd = vsdata95.vxd
LoadSuccess = vsdata95.vxd
Loading Vxd = fwdrv.vxd
****** bootlog.k
LoadSuccess = WPCRSET.VxD
Loading Vxd = fwdrv.vxd
******
****** BOOTLOG.Z
SYSCRITINITSUCCESS = WPCRSET
SYSCRITINIT = VSDATA95
SYSCRITINITSUCCESS = VSDATA95
SYSCRITINIT = VFLATD
****** bootlog.k
SYSCRITINITSUCCESS = WPCRSET
SYSCRITINIT = VFLATD
******
****** BOOTLOG.Z
DEVICEINITSUCCESS = WPCRSET
DEVICEINIT = VSDATA95
DEVICEINITSUCCESS = VSDATA95
DEVICEINIT = VFLATD
****** bootlog.k
DEVICEINITSUCCESS = WPCRSET
DEVICEINIT = VFLATD
******
****** BOOTLOG.Z
INITCOMPLETESUCCESS = WPCRSET
INITCOMPLETE = VSDATA95
Dynamic load device LOGGER.VxD
Dynamic init device LOGGER
Dynamic init success LOGGER
Dynamic load success LOGGER.VxD
INITCOMPLETESUCCESS = VSDATA95
INITCOMPLETE = VFLATD
****** bootlog.k
INITCOMPLETESUCCESS = WPCRSET
INITCOMPLETE = VFLATD
******
****** BOOTLOG.Z
INITCOMPLETESUCCESS = cm8330sb
INITCOMPLETE = LOGGER
INITCOMPLETESUCCESS = LOGGER
INITCOMPLETE = VDMAD
****** bootlog.k
INITCOMPLETESUCCESS = cm8330sb
INITCOMPLETE = VDMAD
******
PCR
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
This document explains what you see in firewall logs, especially what
port numbers means. (by firewall expert Robert Graham)
It is 73 page down's to the bottom!
--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcr...@netzero.net
"Bill in Co." <not_rea...@earthlink.net> wrote in message news:eOOC0eEJ...@TK2MSFTNGP11.phx.gbl...