Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Farewell Kerio

6 views
Skip to first unread message

Hutton Conyers

unread,
Dec 25, 2009, 10:05:48 PM12/25/09
to
I have used Kerio 2.1.5 for a l-o-n--g time but have now said goodbye.
Over the past few weeks I have encountered the BSOD pointing the
finger at fwdrv.sys a Kerio file in Win32 which has caused countless
crashes when using T'Bird and Firefox. I tried lots of answers but to
no avail so finally I turned to Comodo. No problems so far though
Comodo is a bit paranoid about exe files. Pity as I liked Kerio.
Deep Joy ............ Hutton Conyers
--
"Genius may have its limitations, but stupidity is not thus handicapped."

David H. Lipman

unread,
Dec 25, 2009, 10:47:17 PM12/25/09
to
From: "Hutton Conyers" <dingdo...@dumas.com>

Better yet, stick with the built-in FireWall of XP, Vista or Win7 and drop the idea of a
3rd party software FireWall and get a FireWall appliance. It won't be free but it won't
consume CPU utilization, won't BSoD on you and you won't get annoying Pop-Ups.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


bay...@gmail.com

unread,
Dec 26, 2009, 7:34:38 AM12/26/09
to
On Dec 25, 10:05 pm, dingdongda...@dumas.com (Hutton Conyers) wrote:

I've been using Comodo FW for quite a while with no problems.

Bear Bottoms

unread,
Dec 26, 2009, 7:54:16 AM12/26/09
to
"bayn...@yahoo.com" <bay...@gmail.com> wrote in news:4a76f273-0093-
4c73-9e4a-7...@m3g2000yqf.googlegroups.com:

> On Dec 25, 10:05 pm, dingdongda...@dumas.com (Hutton Conyers) wrote:
>
> I've been using Comodo FW for quite a while with no problems.
>

Comodo FW is still the best third party software firewall out there, has
been since it came out years ago. However, I agree with David Lipman that
the Windows firewall is best and if you feel the need for more
protection, use a hardware firewall.

I'll also add that I have switched to Microsoft Security Essentials (I
still use XP) as my antivirus of choice for various reasons that suit my
own purposes better. It is simple, fast, low on resources and gives
enough protection for my needs. The only other pure freeware antivirus
that I used with excellent results and no hassels was RISING (FreeRav).
RISING has stronger non-signature related defenses than any of the other
free anti-virus programs, but I'm giving MSE a chance. I'm sure MSE will
continue to improve over then next few months which will exceed RISINGS
capability. If not, I will move back to RISING.

I prefer less noise is better from my security tools...I want to install
and forget them without the hassels of continuous false alerts and
tweaking or the hassels of setups. Install and forget them!

--
Bear Bottoms-Freeware Researcher Extraordinaire
Freeware website: http://bearware.info

Bear Bottoms

unread,
Dec 26, 2009, 7:58:24 AM12/26/09
to

> On Dec 25, 10:05 pm, dingdongda...@dumas.com (Hutton Conyers) wrote:


>
> I've been using Comodo FW for quite a while with no problems.
>

Comodo FW is still the best third party software firewall I have seen
this year and has been since it came out years ago. However, I agree
with David Lipman that the Windows firewall is the very best and if you

feel the need for more protection, use a hardware firewall.

I have switched to Microsoft Security Essentials (I still use XP) as my
antivirus of choice for various reasons. It is simple, fast, low on
resources and gives as much protection as anyone needs. The only other
pure freeware antivirus that gives excellent results and no hassels is


RISING (FreeRav). RISING has stronger non-signature related defenses

than any other free anti-virus program, but I'm giving MSE a chance. I'm


sure MSE will continue to improve over then next few months which will

exceed RISINGS capability. If not, I will move back to RISING and
reinstall XP.

I prefer less noise from my security tools...I want to install and
forget them without the hassels of false alerts and tweaking or the

badgolferman

unread,
Dec 26, 2009, 8:04:44 AM12/26/09
to
Bear Bottoms, 12/26/2009,7:54:16 AM, wrote:

Hello Bear -- it that's really you.

Merry Christmas.

Bear Bottoms

unread,
Dec 26, 2009, 8:18:58 AM12/26/09
to
"badgolferman" <REMOVETHISb...@gmail.com> wrote in
news:xn0gjcpsm...@news.albasani.net:

> Bear Bottoms, 12/26/2009,7:54:16 AM, wrote:
>
> Hello Bear -- it that's really you.
>
> Merry Christmas.
>

Yup, it's really me...ck my website to see that I've updated it.

OK, here is the explanation for my absense. I became obsessed with Evony
in October and relentlessly pursued my developement of the game. Good
grief it is an intense game and takes unreal amounts of time to level up
and get competetive. On the 24th, the alliance I was in overtook the
number one position (server 79).

I was so obsessed and the game required so much time to develop and
maintain (feed) troops, that I neglected virtually everything else I had
been doing...including even reading my emails.

OK, so I finally got competitive, leveled up everything, had maximum
sustainable troops and learned virutally every trick in the book. Where
to go from there...continue the thrice daily time intensive struggle to
feed troops to maintain a competitive army and strut my stuff as one of
the baddest...naugh, I had conquered the game and was neglecting things I
missed greatly...so I stopped playing on the 24th and returned to sanity
somewhat.

Milk and Cookies in the game was an evil plot anyway...didn't want to be
there for it's end...sheesh what a melee it's going to be after the 27th.

Message has been deleted

Bear Bottoms

unread,
Dec 26, 2009, 8:33:30 AM12/26/09
to

> Bear Bottoms, 12/26/2009,7:54:16 AM, wrote:


>
> Hello Bear -- it that's really you.
>
> Merry Christmas.
>

Yup, it's me...ck my website to see that I've updated it.

OK, here is the explanation for my absense. I became obsessed with Ebony


in October and relentlessly pursued my developement of the game. Good
grief it is an intense game and takes unreal amounts of time to level up
and get competetive. On the 24th, the alliance I was in overtook the
number one position (server 79).

I was so obsessed and the game required so much time to develop and
maintain (feed) troops, that I neglected virtually everything else I had

been doing...including even reading my emails, posting a single message,
speaking to my wife, eating food, reading a newspaper, using the
Internet, going out the house, brushing my teeth, or watching TV.

OK, I finally got so competitive, leveled up everything, had maximum

sustainable troops and learned virutally every trick in the book. Where
to go from there...continue the thrice daily time intensive struggle to
feed troops to maintain a competitive army and strut my stuff as one of

the greatest players ever...naugh, I had conquered the game and all its
minions. I was neglecting freeware greatly...so I stopped playing on the


24th and returned to sanity somewhat.

Milk and Cookies in the game were an evil plot anyway...didn't want to


be there for it's end...sheesh what a melee it's going to be after the

27th. Never again. I'm back in real life.

Bear Bottoms

unread,
Dec 26, 2009, 8:52:52 AM12/26/09
to
Bear Bottoms <bearbo...@gmai.com> wrote in
news:Xns9CED4A9A75346be...@85.214.113.135:

I've also just made a couple of changes to my signature and email
address. I'll update my website from the 24th to the 25th right now :)

--
Bear Bottoms
Freeware website: http://bearware.info

Bear Bottoms

unread,
Dec 26, 2009, 8:55:51 AM12/26/09
to
Bear Bottoms <REMOVEbea...@gmail.com> wrote in
news:Xns9CED505A33C34be...@188.40.43.245:

> I've also just made a couple of changes to my signature and email
> address. I'll update my website from the 24th to the 25th right now :)

uggh, make that the 26th.

Bear Bottoms

unread,
Dec 26, 2009, 12:26:04 PM12/26/09
to
Bear Bottoms <REMOVEbea...@gmail.com> wrote in
news:Xns9CED50DB3DF90be...@85.214.113.135:

> Bear Bottoms <REMOVEbea...@gmail.com> wrote in
> news:Xns9CED505A33C34be...@188.40.43.245:
>
>> I've also just made a couple of changes to my signature and email
>> address. I'll update my website from the 24th to the 25th right now :)
>
> uggh, make that the 26th.

ughh, I mean make that the 27th. LOL

Samuel Luter

unread,
Dec 26, 2009, 12:59:40 PM12/26/09
to

heed the talkin bear.

Don Kirkman

unread,
Dec 26, 2009, 2:20:40 PM12/26/09
to
It seems to me I heard somewhere that Hutton Conyers wrote in article
<4b357cb...@us.Usenet-News.net>:

>I have used Kerio 2.1.5 for a l-o-n--g time but have now said goodbye.
>Over the past few weeks I have encountered the BSOD pointing the
>finger at fwdrv.sys a Kerio file in Win32 which has caused countless
>crashes when using T'Bird and Firefox. I tried lots of answers but to
>no avail so finally I turned to Comodo. No problems so far though
>Comodo is a bit paranoid about exe files. Pity as I liked Kerio.
>Deep Joy ............ Hutton Conyers

Have you perhaps upgraded (?) to Windows 7? Kerio won't work there
(yet?); I switched to Comodo.
--
Don Kirkman
don...@charter.net

Message has been deleted
Message has been deleted

Man-wai Chang to The Door (24000bps)

unread,
Dec 26, 2009, 11:15:19 PM12/26/09
to
> Better yet, stick with the built-in FireWall of XP, Vista or Win7 and drop the idea of a
> 3rd party software FireWall and get a FireWall appliance. It won't be free but it won't
> consume CPU utilization, won't BSoD on you and you won't get annoying Pop-Ups.

I believe most users don't need a firewall more complicated than that
built-in one.

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.32.2
^ ^ 12:14:01 up 5 days 19:28 0 users load average: 1.03 1.02 1.00
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Hutton Conyers

unread,
Dec 27, 2009, 4:33:08 AM12/27/09
to
On Sat, 26 Dec 2009 23:15:34 +0100, Yrrah <Yrra...@acf.invalid>
wrote:

>Don Kirkman <don...@charter.net>:


>
>> Have you perhaps upgraded (?) to Windows 7? Kerio won't work there
>

>Kerio 2.1.5 will not work under Vista either afaik.
>
>Yrrah

I started this thread and my setup is XP Pro with SP3. Kerio worked
fine until a month ago. Maybe the T'bird update was too much for it.

On the subject of hardware firewalls/modems/routers....how do these
stop outgoing traffic without rules? Programs calling home? As
software firewalls do.

Just asking.


Deep Joy ............ Hutton Conyers

John Corliss

unread,
Dec 27, 2009, 4:57:06 AM12/27/09
to
Man-wai Chang to The Door (24000bps) wrote:
>> Better yet, stick with the built-in FireWall of XP, Vista or Win7 and
>> drop the idea of a
>> 3rd party software FireWall and get a FireWall appliance. It won't be
>> free but it won't
>> consume CPU utilization, won't BSoD on you and you won't get annoying
>> Pop-Ups.
>
> I believe most users don't need a firewall more complicated than that
> built-in one.

Yes, if you don't mind your computer reporting back tons of stuff that
you do to Microsoft.

--
John Corliss BS206. Using News Proxy, I block all Google Groups posts
due to Googlespam, and as many posts from anonymous remailers (like
x-privat.org for eg.) as possible due to forgeries posted through them.

No ad, cd, commercial, cripple, demo, nag, share, spy, time-limited,
trial or web wares OR warez for me, please.

Message has been deleted

Anonymous

unread,
Dec 27, 2009, 9:14:08 AM12/27/09
to
> 'but I'm giving MSE a chance'

If it works, don't (try) to fix it.


REM

unread,
Dec 27, 2009, 10:48:57 AM12/27/09
to

> dingdo...@dumas.com (Hutton Conyers) wrote:

>I started this thread and my setup is XP Pro with SP3. Kerio worked
>fine until a month ago. Maybe the T'bird update was too much for it.

Hmmm. I've used Kerio 2.1.5 since 98SE, iirc. I have uninstalled it
and reinstalled it, not because of errors, but to rebuild my rules. I
run a fully patched XP Pro machine and it's never acted up. I run
Firefox and Thunderbird grabbing new versions as they come out. I use
the XP firewall, too.

Good luck with Commodo, but I don't think that Kerio was the problem.

An uninstall and reinstall would prolly fix whatever happened to it.
Or, maybe it is time for a clean XP install?

Don Kirkman

unread,
Dec 27, 2009, 1:26:50 PM12/27/09
to
It seems to me I heard somewhere that REM wrote in article
<i50fj5p31dp4nlkc7...@4ax.com>:

>> dingdo...@dumas.com (Hutton Conyers) wrote:

>>I started this thread and my setup is XP Pro with SP3. Kerio worked
>>fine until a month ago. Maybe the T'bird update was too much for it.

Kerio worked fine for me all the years under XP Pro. I skipped Vista,
and AFAIK there's no updated Kerio for Win 7.

>Hmmm. I've used Kerio 2.1.5 since 98SE, iirc. I have uninstalled it
>and reinstalled it, not because of errors, but to rebuild my rules. I
>run a fully patched XP Pro machine and it's never acted up. I run
>Firefox and Thunderbird grabbing new versions as they come out. I use
>the XP firewall, too.

>Good luck with Commodo, but I don't think that Kerio was the problem.

Comodo has been a winner for me so far--about a month now.

>An uninstall and reinstall would prolly fix whatever happened to it.
>Or, maybe it is time for a clean XP install?

--
Don Kirkman
don...@charter.net

Bobby

unread,
Dec 28, 2009, 6:31:47 PM12/28/09
to

Set and forget. Right. Don't take a proactive role in the defence of
your system. Just pretend there are no nasties out there and if there
were your Microsoft firewall will deal with it.
=======================================
26 December 2009

https://www.fbo.gov/index?s=opportunity&mode=form&id=
b28e0197daff017a667e1b9018f8cc8d&tab=core&_cview=0

U--training support regarding CALEA-compliant internet-related
investigations
Solicitation Number:
Agency: Department of Justice
Office: Drug Enforcement Administration
Location: Office of Acquisition Management

Original Synopsis
Apr 29, 2009
4:14 pm

Notice Type:
Special Notice

Synopsis:
Added: Apr 29, 2009 4:14 pm

The Drug Enforcement Administration intends to award a sole source
purchase order to Microsoft Corporation for the acquisition of
training support regarding CALEA-compliant internet-related
investigations.

The training courses will he held throughout a base year plus four
options at various locations throughout the country and abroad. All
communication regarding this posting shall be in writing and be
received by the due date of May 5, 2009. Point of contact is Rebecca
Stegall,
email Rebecca....@usdoj.gov.

The proposed purchase order is for supplies/services for which the
Government intends to solicit and negotiate only with Microsoft
Corporation under the test program described in the Federal
Acquisition Regulation (FAR), Subpart 13.5. The following FAR Part
12.3 provisions and clauses are applicable to this acquisition.
52.212-1 (Apr 2008) Instruction to Offerors-Commercial Item, 52.212-3
(Nov 2007) Offeror Representations and Certifications Commercial Item,
52.212-4 (Feb 2007) Contract Terms and Conditions-Commercial Items.
52.212-5 (Apr 2008) Contract Terms and Conditions Required to
Implement Statues or Executive Orders-Commercial Items. The full text
of provisions and clauses may be accessed electronically at this/these
address(es) - http://www.access.gpo.gov, and
http://www.arnet.gov/far/. The North American Industry Classification
System (NAICS) is 611420.

The Government anticipates the award on a firm-fixed price purchase
order. A determination by the Government not to open the requirement
to competition based on the responses to this notice is solely within
the discretion of the Government. This notice of intent is not a
request for competitive quotation. A Request of Quotation (RFQ) is not
available.
Closing date is May 5, 2009, @ 12:00 PM Eastern Standard Time.

Contracting Office Address:
DEA Headquarters; 600 Army-Navy Drive Lincoln Place, Arlington, VA
22202

Point of Contact(s):
FACN/Rebecca Stegall 202-307-1323

Hutton Conyers

unread,
Dec 29, 2009, 2:58:15 PM12/29/09
to
>>On Sat, 26 Dec 2009 12:58:24 +0000 (UTC), Bear Bottoms wrote:
(snip)

>>> However, I agree
>>> with David Lipman that the Windows firewall is the very best and if you
>>> feel the need for more protection, use a hardware firewall.

But how does this stop programs calling home? Particularly MS? Does
Windows firewall prevent outgoing connectons? I think not. But
correct me if I am wrong.

Hutton Conyers

Les Nagy

unread,
Dec 29, 2009, 4:09:15 PM12/29/09
to
http://sphinx-soft.com/Vista/order.html

The free version gives you outbound control.


Les Nagy

unread,
Dec 29, 2009, 4:16:46 PM12/29/09
to
On 12/29/2009 4:09 PM, Les Nagy wrote:

>> Hutton Conyers
> http://sphinx-soft.com/Vista/order.html
>
> The free version gives you outbound control.
>
>

I guess I really should expand on this cryptic message:

I have been using Kerio 2.1.5 in XP until October when I finally decided
that Windows 7 was worth the switch. Kerio 2.1.5 has a few bugs in XP
but is still the best firewall for anything before Vista IMHO. It is
light weight, and is very straightforward in functionality. The one big
bug it has is that it will pass fragmented packets of a certain type but
there has been no exploit for this and probably never will. Kerio can
crash the system in certain circumstances and increasing its buffer
almost always fixes this problem.

When moving to W7, I decided to stick with the built in firewall and use
the utility I have linked to to gain back more control rather than
blindly letting the built in firewall do what it wants. So far I have
seen no issues with this arrangement and I have full inbound and
outbound veto as I would have in Kerio. I would recommend it as the
cleanest and easiest solution to firewall concerns.

Message has been deleted

David H. Lipman

unread,
Dec 29, 2009, 4:45:44 PM12/29/09
to
From: "Hutton Conyers" <dingdo...@dumas.com>

| Hutton Conyers

A FireWall appliance would have greater control over that.
The MS built-in can limit it as well based upon settings in the OS based FireWall context.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


John Corliss

unread,
Dec 30, 2009, 5:14:42 AM12/30/09
to
Les Nagy wrote:
> Les Nagy wrote:
>
>>> Hutton Conyers
>> http://sphinx-soft.com/Vista/order.html
>>
>> The free version gives you outbound control.
>
> I guess I really should expand on this cryptic message:
>
> I have been using Kerio 2.1.5 in XP until October when I finally decided
> that Windows 7 was worth the switch. Kerio 2.1.5 has a few bugs in XP
> but is still the best firewall for anything before Vista IMHO. It is
> light weight, and is very straightforward in functionality. The one big
> bug it has is that it will pass fragmented packets of a certain type but
> there has been no exploit for this and probably never will. Kerio can
> crash the system in certain circumstances and increasing its buffer
> almost always fixes this problem.

Just curious Les, how does one increase the buffer in Kerio 2.1.5?

> When moving to W7, I decided to stick with the built in firewall and use
> the utility I have linked to to gain back more control rather than
> blindly letting the built in firewall do what it wants. So far I have
> seen no issues with this arrangement and I have full inbound and
> outbound veto as I would have in Kerio. I would recommend it as the
> cleanest and easiest solution to firewall concerns.

I'm still using Kerio 2.1.5 with XP Home SP3 and found this page:

http://www.wilderssecurity.com/archive/index.php/t-85274.html

From halcyon's post:

> - Kerio's Buffer size needs to be patched in registry not to
> cause a buffer problem
> http://www.dslreports.com/forum/remark,3060806?hilite=registry+buffer
>
> - It sometimes loses it's rules completely

This has happened to me several times, but I have a backup of the
ruleset that I use to restore them. I have no idea why this happens.
Hasn't done it in a long time though.

> - It has unpatched vulnerabilities (as reported by Secunia):
> http://secunia.com/product/1493/

I'm aware of this one also.

> - sometimes limits ethernet network bandwidth down to 1/3 - 1/2
> of it's maximum bandwidth

This is news to me, but worth looking into.

> Some people have noticed a BSOD with fwdrv.sys though:
>
> http://www.dslreports.com/forum/remark,12530877

I've never experienced this one.

I'm giving serious consideration to switching over to PC Tools Firewall
Plus:

http://www.pctools.com/firewall

I already have it installed on my other computer. The only thing I don't
like about it is that unlike Kerio 2.1.5, it starts up only after the
computer is almost fully booted FWICT.

John Corliss

unread,
Dec 30, 2009, 5:17:43 AM12/30/09
to
David H. Lipman wrote:

> Hutton Conyers wrote:
>
>>>> Bear Bottoms wrote:
>> (snip)
>>>>> However, I agree
>>>>> with David Lipman that the Windows firewall is the very best and if you
>>>>> feel the need for more protection, use a hardware firewall.
>
>> But how does this stop programs calling home? Particularly MS? Does
>> Windows firewall prevent outgoing connectons? I think not. But
>> correct me if I am wrong.
>
> A FireWall appliance would have greater control over that.
> The MS built-in can limit it as well based upon settings in the OS based FireWall context.

From what I understand about the Windows firewall in Vista and Windows
7 though, it only will block outgoing that you specify rather than
asking about every outgoing and allowing you to set rules. Please feel
free to correct me if I'm wrong since I still use XP.

David H. Lipman

unread,
Dec 30, 2009, 6:28:38 AM12/30/09
to
From: "John Corliss" <q34w...@yahoo.com>

The OS will query the user when OBJECT.EXE tries to access the Internet to allow or deny
OBJECT.EXE that access.

However in XP OBJECT.EXE can write its own FireWall Policy to allow itself access to the
Internet and thus not query the user.

This was fixed in Vista and strengthened in Win7.

Message has been deleted

N4469P

unread,
Dec 30, 2009, 9:03:26 AM12/30/09
to
On Wed, 30 Dec 2009 12:25:36 GMT, hummingbird wrote:

> 'David H. Lipman' wrote thus:


>>The OS will query the user when OBJECT.EXE tries to access the
>>Internet to allow or deny OBJECT.EXE that access.
>>
>>However in XP OBJECT.EXE can write its own FireWall Policy to
>>allow itself access to the Internet and thus not query the user.
>

> Do you mean that it can effectively by-pass the user's PFW?
> or just the Windows firewall? ...or both?


>
>>
>>This was fixed in Vista and strengthened in Win7.

Cite?

John Corliss

unread,
Dec 30, 2009, 9:37:37 AM12/30/09
to
David H. Lipman wrote:

> John Corliss wrote:
>> David H. Lipman wrote:
>>> Hutton Conyers wrote:
>>>>>> Bear Bottoms wrote:
>>>> (snip)
>>>>>>> However, I agree
>>>>>>> with David Lipman that the Windows firewall is the very best and if you
>>>>>>> feel the need for more protection, use a hardware firewall.
>>>> But how does this stop programs calling home? Particularly MS? Does
>>>> Windows firewall prevent outgoing connectons? I think not. But
>>>> correct me if I am wrong.
>>> A FireWall appliance would have greater control over that.
>>> The MS built-in can limit it as well based upon settings in the OS based FireWall
>>> context.
>> From what I understand about the Windows firewall in Vista and Windows
>> 7 though, it only will block outgoing that you specify rather than
>> asking about every outgoing and allowing you to set rules. Please feel
>> free to correct me if I'm wrong since I still use XP.
>
> The OS will query the user when OBJECT.EXE tries to access the Internet to allow or deny
> OBJECT.EXE that access.
>
> However in XP OBJECT.EXE can write its own FireWall Policy to allow itself access to the
> Internet and thus not query the user.

David, almost everybody in this group knows that the XP firewall will do
nothing to block outgoing connections. What you're talking about is a
policy to allow OBJECT.EXE to accept *incoming* connections. If you
don't believe me, check out this page:

http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx

> This was fixed in Vista and strengthened in Win7.

You must be referring to incoming policies. Go to this website:

http://www.windowsecurity.com/articles/Whats-new-Windows-7-Firewall.html

and look at figure 3.

I also suggest that you read this article:

http://www.pcmag.com/article2/0,2817,2335235,00.asp

and notice how carefully the author avoids any use of the term "outgoing
connections", just like Microsoft itself does.

Message has been deleted

Les Nagy

unread,
Dec 30, 2009, 2:24:10 PM12/30/09
to
On 12/30/2009 5:14 AM, John Corliss wrote:

>> probably never will. Kerio can crash the system in certain
>> circumstances and increasing its buffer almost always fixes this problem.
>
> Just curious Les, how does one increase the buffer in Kerio 2.1.5?
>

That it answered in the following link you have already quoted.


>
>> - Kerio's Buffer size needs to be patched in registry not to
>> cause a buffer problem
>> http://www.dslreports.com/forum/remark,3060806?hilite=registry+buffer
>>
>> - It sometimes loses it's rules completely
>

The link above addresses the problem below

John Corliss

unread,
Dec 30, 2009, 3:29:28 PM12/30/09
to
Les Nagy wrote:
> John Corliss wrote:
>
>>> probably never will. Kerio can crash the system in certain
>>> circumstances and increasing its buffer almost always fixes this
>>> problem.
>>
>> Just curious Les, how does one increase the buffer in Kerio 2.1.5?
>
> That it answered in the following link you have already quoted.
>>
>>> - Kerio's Buffer size needs to be patched in registry not to
>>> cause a buffer problem
>>> http://www.dslreports.com/forum/remark,3060806?hilite=registry+buffer

Sorry, I meant to remove my question after I found that link and
obviously forgot to do so.

>>> - It sometimes loses it's rules completely
>>
>
> The link above addresses the problem below
>>> Some people have noticed a BSOD with fwdrv.sys though:
>>>
>>> http://www.dslreports.com/forum/remark,12530877
>>
>> I've never experienced this one.

I looked in the registry and the value that showed was over 16000.
However, the binary code for that value was "4000". It wasn't clear if I
was supposed to put 16000 in as a binary code and since I haven't been
having the problem the tweak corrects, I didn't do the tweak.

David H. Lipman

unread,
Dec 30, 2009, 4:01:53 PM12/30/09
to
From: "hummingbird" <hummingb�r...@127.0.0.1>

| 'David H. Lipman' wrote thus:

>>The OS will query the user when OBJECT.EXE tries to access the Internet to allow or
>>deny
>>OBJECT.EXE that access.

>>However in XP OBJECT.EXE can write its own FireWall Policy to allow itself access to
>>the
>>Internet and thus not query the user.

| Do you mean that it can effectively by-pass the user's PFW?


| or just the Windows firewall? ...or both?

Under WinXP - yes. Malware can (and does as I often see this) insert a Policy to allow
the malcious file access to the Internet.

David H. Lipman

unread,
Dec 30, 2009, 4:03:09 PM12/30/09
to
From: "N4469P" <samue...@gmail.com>

| Cite?

Don't need to. I have replicated the ability of malware inserting a FireWall Policy
allowing in WinXP and it fails under Vista.

David H. Lipman

unread,
Dec 30, 2009, 4:04:38 PM12/30/09
to
From: "John Corliss" <q34w...@yahoo.com>

| http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx

| http://www.windowsecurity.com/articles/Whats-new-Windows-7-Firewall.html

| http://www.pcmag.com/article2/0,2817,2335235,00.asp

Nope. The FireWall CAN block outgoing.

If you want to have a full understanding of the FireWall, take it to an appropriate
FireWall News Group.

John Corliss

unread,
Dec 30, 2009, 5:42:16 PM12/30/09
to
David H. Lipman wrote:
> From: "N4469P" <samue...@gmail.com>
>
> | On Wed, 30 Dec 2009 12:25:36 GMT, hummingbird wrote:
>
>>> 'David H. Lipman' wrote thus:
>>>> The OS will query the user when OBJECT.EXE tries to access the
>>>> Internet to allow or deny OBJECT.EXE that access.
>
>>>> However in XP OBJECT.EXE can write its own FireWall Policy to
>>>> allow itself access to the Internet and thus not query the user.
>
>>> Do you mean that it can effectively by-pass the user's PFW?
>>> or just the Windows firewall? ...or both?
>
>
>>>> This was fixed in Vista and strengthened in Win7.
>
> | Cite?
>
> Don't need to. I have replicated the ability of malware inserting a FireWall Policy
> allowing in WinXP and it fails under Vista.

Actually, yes, you do need to cite if you're going to make a claim in
this group. Demanding that others take your word without any proof is a
waste of everybody's time.

By the way, your attribution marks are non-standard (see the quoted
material above.)

John Corliss

unread,
Dec 30, 2009, 5:46:44 PM12/30/09
to

That's a cop-out.

Besides, WHICH firewall are you talking about?
XP's?
Vista's?
Windows 7's?

XP's firewall only blocks incoming AFAIK. Please show me a website that
demonstrates otherwise if you insist that it can block outgoing too, or
list some guidelines showing how it can be set up to do so.

As for Vista and Windows 7, they can block outgoing but only if you
specify what to block. That's a far cry from blocking every outgoing
call until you specify otherwise.

And before we go any further, are you yet another sock puppet for
"Global Warming" or "Straight Talk"? If you're not, then I apologize. If
you are, then we have nothing further to discuss.

David H. Lipman

unread,
Dec 30, 2009, 5:49:10 PM12/30/09
to
From: "John Corliss" <q34w...@yahoo.com>

| David H. Lipman wrote:
>> From: "N4469P" <samue...@gmail.com>

>> | On Wed, 30 Dec 2009 12:25:36 GMT, hummingbird wrote:

>>>> 'David H. Lipman' wrote thus:
>>>>> The OS will query the user when OBJECT.EXE tries to access the
>>>>> Internet to allow or deny OBJECT.EXE that access.

>>>>> However in XP OBJECT.EXE can write its own FireWall Policy to
>>>>> allow itself access to the Internet and thus not query the user.

>>>> Do you mean that it can effectively by-pass the user's PFW?
>>>> or just the Windows firewall? ...or both?


>>>>> This was fixed in Vista and strengthened in Win7.

>> | Cite?

>> Don't need to. I have replicated the ability of malware inserting a FireWall Policy
>> allowing in WinXP and it fails under Vista.

| Actually, yes, you do need to cite if you're going to make a claim in
| this group. Demanding that others take your word without any proof is a
| waste of everybody's time.

| By the way, your attribution marks are non-standard (see the quoted
| material above.)

When I do my own tests, there is nothing to cite.

One can easily do their own tests via a REG file or a malware file that inserts its own
FireWall Policy to Allow Internet access.

Hell, I have even incorprated the capability in my Multi-AV Scanning tool.

KiXtart line...

$R=WriteValue("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST","C:\AV-CLS\WGET.EXE","C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE",REG_SZ)

You can NOT do this under Vista and above. It doesn't work. You have to use the OS GUI.

David H. Lipman

unread,
Dec 30, 2009, 5:53:02 PM12/30/09
to
From: "John Corliss" <q34w...@yahoo.com>

>>> http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx

>>> http://www.windowsecurity.com/articles/Whats-new-Windows-7-Firewall.html

>>> http://www.pcmag.com/article2/0,2817,2335235,00.asp

| That's a cop-out.

WinXP SP2 and above.

I have had Windows XP FireWall query me to allow WGET.EXE and FTP.EXE access to the
Internet.

That's going out, not coming in.

Message has been deleted
Message has been deleted
Message has been deleted

David H. Lipman

unread,
Dec 30, 2009, 7:14:31 PM12/30/09
to
From: "hummingbird" <hummingb�r...@127.0.0.1>

| 'David H. Lipman' wrote thus:

>>From: "hummingbird" <hummingb�r...@127.0.0.1>

>>| 'David H. Lipman' wrote thus:
>>>>The OS will query the user when OBJECT.EXE tries to access the Internet to allow or
>>>>deny
>>>>OBJECT.EXE that access.

>>>>However in XP OBJECT.EXE can write its own FireWall Policy to allow itself access to
>>>>the
>>>>Internet and thus not query the user.

>>| Do you mean that it can effectively by-pass the user's PFW?
>>| or just the Windows firewall? ...or both?

>>Under WinXP - yes. Malware can (and does as I often see this) insert a Policy to allow
>>the malcious file access to the Internet.

| Thanks. That confirms what I have believed for some time. Sadly,
| it drains the confidence that many people on ACF place in their
| PFWs. Marketing hype works!!!


Let me clarify -- That the MS WinXP built-in PFW.

N4469P

unread,
Dec 30, 2009, 7:54:51 PM12/30/09
to
On Wed, 30 Dec 2009 17:53:02 -0500, David H. Lipman wrote:

> WinXP SP2 and above.
>
> I have had Windows XP FireWall query me to allow WGET.EXE and FTP.EXE access to the
> Internet.
>
> That's going out, not coming in.

ICMP only. Jesus, LipDick, you should know that.

John Corliss

unread,
Dec 31, 2009, 4:59:23 AM12/31/09
to
David H. Lipman wrote:
> John Corliss wrote:
>> David H. Lipman wrote:
>>> John Corliss wrote:
>>>> David H. Lipman wrote:
>>>> (big snip)

****************************************************************************
____________________________________________________________________________

I repeat: are you yet another sock puppet for "Global Warming" or
"Straight Talk"?
____________________________________________________________________________

****************************************************************************

> WinXP SP2 and above. I have had Windows XP FireWall query me to allow
> WGET.EXE and FTP.EXE access to the Internet. That's going out, not coming
> in.

How do you know that it was in response to an outgoing call? Did the
query actually ask you specifically if you wanted to allow an *outgoing
call* from either of those two commands? I've used XP's firewall before
and I *never* got a query from it about whether or not I wanted to allow
*any* outgoing call.

As for your experiences, I don't know what "WGET.EXE" is other than one
description which says it's a "very simple tool to scrape webpages."
That sounds to me like it would require incoming calls. On the other
hand, "FTP.EXE" is a program that definitely requires incoming calls.

This page by a Microsoft MVP:

http://windowsxp.mvps.org/firewall.htm#xplimitation

clearly states that the XP firewall doesn't block outgoing calls and
that has been my experience too. Not only that but this *Microsoft* website:

http://technet.microsoft.com/en-us/network/bb545423.aspx

says (a direct copy and paste), "Windows Firewall drops incoming traffic
that does not correspond to either traffic sent in response to a request
of the computer (solicited traffic) or unsolicited traffic that has been
specified as allowed (excepted traffic). Windows Firewall helps provide
protection from malicious users and programs that rely on unsolicited
incoming traffic to attack computers. In Windows Vista and Windows
Server 2008, Windows Firewall can also drop outgoing traffic and is
configured using the Windows Firewall with Advanced Security snap-in,
which integrates rules for both firewall behavior and traffic protection
with Internet Protocol security (IPsec)."

Do you see anything in there about XP blocking *outgoing* connections?

This next *Microsoft* web page:

http://technet.microsoft.com/en-us/library/cc781723%28WS.10%29.aspx

says very clearly, "With the exception of some Internet Control Message
Protocol (ICMP) messages, Windows Firewall allows all outgoing traffic."

This next *Microsoft* webpage even goes so far as to *recommend
purchasing a third party firewall* because the Windows Firewall doesn't
block outgoing calls!

http://www.microsoft.com/windowsxp/using/security/learnmore/atkin_firewall.mspx

Do you want more proof? OTOH, can you provide any proof that (despite
there not being ONE website on the internet which states that XP's built
in firewall does so) XP's firewall blocks outgoing connections other
than that ICMP exception?

David H. Lipman

unread,
Dec 31, 2009, 6:25:53 AM12/31/09
to
From: "John Corliss" <q34w...@yahoo.com>

>> WinXP SP2 and above. I have had Windows XP FireWall query me to allow
>> WGET.EXE and FTP.EXE access to the Internet. That's going out, not coming
>> in.

| How do you know that it was in response to an outgoing call? Did the
| query actually ask you specifically if you wanted to allow an *outgoing
| call* from either of those two commands? I've used XP's firewall before
| and I *never* got a query from it about whether or not I wanted to allow
| *any* outgoing call.


I INITIATED both the FTP PUT and WGET GET via KiXtart scripts and the WinXP FireWall came
back a queried me if I should allow the process to access the internet !

They were both outgoing connections.

|
| http://windowsxp.mvps.org/firewall.htm#xplimitation

| http://technet.microsoft.com/en-us/network/bb545423.aspx

|
| http://technet.microsoft.com/en-us/library/cc781723%28WS.10%29.aspx

|
| http://www.microsoft.com/windowsxp/using/security/learnmore/atkin_firewall.mspx


--

Message has been deleted
Message has been deleted

John Corliss

unread,
Dec 31, 2009, 1:52:34 PM12/31/09
to
David H. Lipman wrote:
> From: "John Corliss" <q34w...@yahoo.com>
>
>
>
>>> WinXP SP2 and above. I have had Windows XP FireWall query me to allow
>>> WGET.EXE and FTP.EXE access to the Internet. That's going out, not coming
>>> in.
>
> | How do you know that it was in response to an outgoing call? Did the
> | query actually ask you specifically if you wanted to allow an *outgoing
> | call* from either of those two commands? I've used XP's firewall before
> | and I *never* got a query from it about whether or not I wanted to allow
> | *any* outgoing call.
>
>
> I INITIATED both the FTP PUT and WGET GET via KiXtart scripts and the WinXP FireWall came
> back a queried me if I should allow the process to access the internet !
>
> They were both outgoing connections.

I'm sorry, but I just can't buy that. Both programs call out to
something which in turn reply incoming. "Accessing the internet" can
mean accepting an incoming response.

What was that last? Are you deliberately messing up the quoting? You're
using non-standard quoting delimiters (which shows when I view the
message in text mode) and the word wrap is all screwed up.

I can't continue this discussion any longer. Have it your way, we'll
have to agree to disagree.

I say that XP's Firewall does nothing to block outgoing calls and you
say it does.

I say that Vista and Windows 7 only block specified outgoing calls and I
don't know what you say to that.

Regardless, over and out. This thread is now killed on my reader.

Craig

unread,
Dec 31, 2009, 3:29:41 PM12/31/09
to
On 12/31/2009 10:52 AM, John Corliss wrote:
>
> I say that XP's Firewall does nothing to block outgoing calls...

MS says this too:

> Do I need to change my code to work with Windows XP Service Pack 2?
> Outbound connections
>
> Description
>
> For typical consumer and office computers, the computer is a client
> on the network. Software on the computer connects out to a server (an
> outbound connection) and gets responses back from the server. Windows
> Firewall allows all outbound connections, but applies rules to the
> types of communication that are allowed back into the computer. For
> more information about what network traffic Windows Firewall allows
> as part of Transmission Control Protocol (TCP) and User Data Protocol
> (UDP) outbound connections, see Notes, below.
>
> Action Required
>
> None. Windows Firewall will automatically allow all outbound
> connections, regardless of the program and the user context.

<http://technet.microsoft.com/en-us/library/bb457156.aspx>

If I ever get around to the following, I'll post.

> I say that Vista and Windows 7 only block specified outgoing calls
> and I don't know what you say to that.

thanks. interesting info.
--
-Craig

Franklin

unread,
Jan 1, 2010, 9:25:11 AM1/1/10
to
hummingbird wrote:

> 'John Corliss' wrote thus:
>
> -snip-


>
>>And before we go any further, are you yet another sock puppet for
>>"Global Warming" or "Straight Talk"? If you're not, then I apologize. If
>>you are, then we have nothing further to discuss.
>

> You forgot to mention Root Kit ;-)
>
> OOoooops, that's me according to Franklin.

You flatter yourself too much. What I actually wrote in June is:

"Root Kit may or may not be Hummingbird but his
behavior is highly reminiscent of how Hummingbird
operates in uk.politics.misc."


0 new messages