Results 1 to 4 of 4

Thread: Kerio Personal Firewall traffic chart

  1. #1
    AndyMHancock@gmail.com
    Guest

    Kerio Personal Firewall traffic chart

    I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    under NetworkSecurity->Applications tab, is a chart of "traffic
    load" (in the words of the online help). It is green, the same color
    as outgoing traffic. Is this the total load, input and output, or
    simply the output load?

  2. #2
    AndyMHancock@gmail.com
    Guest

    Re: Kerio Personal Firewall traffic chart

    On Mar 25, 11:07 pm, AndyMHanc...@gmail.com wrote:
    > I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    > under NetworkSecurity->Applications tab, is a chart of "traffic
    > load" (in the words of the online help). It is green, the same color
    > as outgoing traffic. Is this the total load, input and output, or
    > simply the output load?


    Hmm, something about the behaviour of the traffic chart which I find
    confusing. It takes the form of a ticker-tape plot i.e. it shows the
    plot for the last 60 seconds or so. The strange behaviour is that
    when the machine is brought out of screen saver mode e.g. by touching
    the touch pad, the ticker tape shows nearly no traffic, though there
    is a bit of trace activity. Thereafter, any new segments of the plot
    shows highly active throughput. Hopefully, this does not mean that a
    long data transfer is throttled to nearly nothing when screen saver
    kicks in. Has anyone observed this in their own KPF?

  3. #3
    Kayman
    Guest

    Re: Kerio Personal Firewall traffic chart

    On Tue, 25 Mar 2008 20:07:19 -0700 (PDT), AndyMHancock@gmail.com wrote:

    > I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    > under NetworkSecurity->Applications tab, is a chart of "traffic
    > load" (in the words of the online help). It is green, the same color
    > as outgoing traffic. Is this the total load, input and output, or
    > simply the output load?


    Here is some interisting reading:
    http://www.matousec.com/projects/win...ewalls-ratings

    Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall

    2007-08-07: Here is the response we have received from this vendor:
    Sunbelt Software is committed to providing the strongest possible security
    products to its customers, and we will be working to correct demonstrable
    issues in the Sunbelt Personal Firewall. Users can expect these and other
    continuing enhancements for the Sunbelt Personal Firewall in the near
    future.

    However, we have some reservations about personal firewall "leak testing"
    in general. While we appreciate and support the unique value of independent
    security testing, we are admittedly skeptical as to just how meaningful
    these leak tests really are, especially as they reflect real-world
    environments.

    The key assumption of "leak testing" -- namely, that it is somehow useful
    to measure the outbound protection provided by personal firewalls in cases
    where malware has already executed on the test box -- strikes us as a
    questionable basis on which to build a security assessment. Today's malware
    is so malicious and cleverly designed that it is often safest to regard PCs
    as so thoroughly compromised that nothing on the box can be trusted once
    the malware executes. In short, "leak testing" starts after the game is
    already lost, as the malware has already gotten past the inbound firewall
    protection.

    Moreover, "leak testing" is predicated on the further assumption that
    personal firewalls should warn users about outbound connections even when
    the involved code components are not demonstrably malicious or suspicious
    (as is the case with the simulator programs used for "leak testing"). In
    fact, this kind of program design risks pop-up fatigue in users,
    effectively lowering the overall security of the system -- the reason
    developers are increasingly shunning this design for security applications.

    Finally, leak testing typically relies on simulator programs, the use of
    which is widely discredited among respected anti-malware researchers -- and
    for good reason. Simulators simply cannot approximate the actual behavior
    of real malware in real world conditions. Furthermore, when simulators are
    used for anti-malware testing, the testing process is almost unavoidably
    tailored to fit the limitations of simulator instead of the complexity of
    real world conditions. What gets lost is a sense for how the tested
    products actually perform against live, kicking malware that exhibits
    behavior too complex to be captured in narrowly designed simulators.
    If you are on WinXP activate the in-build version.

  4. #4
    AndyMHancock@gmail.com
    Guest

    Re: Kerio Personal Firewall traffic chart

    On Mar 26, 5:34 am, Kayman <kaymanDeleteT...@operamail.com> wrote:
    > On Tue, 25 Mar 2008 20:07:19 -0700 (PDT), AndyMHanc...@gmail.com wrote:
    > > I'm using Kerio Personal Firewall 4.1. In the Configuration window,
    > > under NetworkSecurity->Applications tab, is a chart of "traffic
    > > load" (in the words of the online help). It is green, the same color
    > > as outgoing traffic. Is this the total load, input and output, or
    > > simply the output load?


    Thanks for the heads up, Kayman. I was really just relying on the
    traffic volume indicators in this situation, and wondering how to
    interpret them.

    > Here is some interisting reading:http://www.matousec.com/projects/win...all-analysis/l...
    >
    > Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
    >
    > 2007-08-07: Here is the response we have received from this vendor:
    >
    > Sunbelt Software is committed to providing the strongest possible security
    > products to its customers, and we will be working to correct demonstrable
    > issues in the Sunbelt Personal Firewall. Users can expect these and other
    > continuing enhancements for the Sunbelt Personal Firewall in the near
    > future.
    >
    > However, we have some reservations about personal firewall "leak testing"
    > in general. While we appreciate and support the unique value of independent
    > security testing, we are admittedly skeptical as to just how meaningful
    > these leak tests really are, especially as they reflect real-world
    > environments.
    >
    > The key assumption of "leak testing" -- namely, that it is somehow useful
    > to measure the outbound protection provided by personal firewalls in cases
    > where malware has already executed on the test box -- strikes us as a
    > questionable basis on which to build a security assessment. Today's malware
    > is so malicious and cleverly designed that it is often safest to regard PCs
    > as so thoroughly compromised that nothing on the box can be trusted once
    > the malware executes. In short, "leak testing" starts after the game is
    > already lost, as the malware has already gotten past the inbound firewall
    > protection.
    >
    > Moreover, "leak testing" is predicated on the further assumption that
    > personal firewalls should warn users about outbound connections even when
    > the involved code components are not demonstrably malicious or suspicious
    > (as is the case with the simulator programs used for "leak testing"). In
    > fact, this kind of program design risks pop-up fatigue in users,
    > effectively lowering the overall security of the system -- the reason
    > developers are increasingly shunning this design for security applications.
    >
    > Finally, leak testing typically relies on simulator programs, the use of
    > which is widely discredited among respected anti-malware researchers -- and
    > for good reason. Simulators simply cannot approximate the actual behavior
    > of real malware in real world conditions. Furthermore, when simulators are
    > used for anti-malware testing, the testing process is almost unavoidably
    > tailored to fit the limitations of simulator instead of the complexity of
    > real world conditions. What gets lost is a sense for how the tested
    > products actually perform against live, kicking malware that exhibits
    > behavior too complex to be captured in narrowly designed simulators.
    >
    >
    > If you are on WinXP activate the in-build version.



Similar Threads

  1. kerio firewall and firefox
    By Joe1143 in forum General Discussion Board
    Replies: 0
    Last Post: 08-07-06, 11:05 AM
  2. Help w/Kerio Personal Firewall
    By Qui-Gon John in forum Network Security
    Replies: 17
    Last Post: 08-03-06, 11:46 AM
  3. Replies: 3
    Last Post: 01-06-06, 06:06 PM
  4. Lavasoft Personal Firewall 1.0 Released
    By hayc59 in forum Software Forum
    Replies: 5
    Last Post: 11-17-05, 06:21 AM
  5. Sygate Personal Firewall 5.6 Freebie Update
    By minir in forum General Discussion Board
    Replies: 7
    Last Post: 04-13-05, 01:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •