Farewell Kerio continued
in [Freeware]
|
Prev: Parted Magic 4.9
Next: What I like about Chrome
From: John Corliss on 30 Dec 2009 05:17 David H. Lipman wrote: > Hutton Conyers wrote: > >>>> Bear Bottoms wrote: >> (snip) >>>>> However, I agree >>>>> with David Lipman that the Windows firewall is the very best and if you >>>>> feel the need for more protection, use a hardware firewall. > >> But how does this stop programs calling home? Particularly MS? Does >> Windows firewall prevent outgoing connectons? I think not. But >> correct me if I am wrong. > > A FireWall appliance would have greater control over that. > The MS built-in can limit it as well based upon settings in the OS based FireWall context. From what I understand about the Windows firewall in Vista and Windows 7 though, it only will block outgoing that you specify rather than asking about every outgoing and allowing you to set rules. Please feel free to correct me if I'm wrong since I still use XP. -- John Corliss BS206. Using News Proxy, I block all Google Groups posts due to Googlespam, and as many posts from anonymous remailers (like x-privat.org for eg.) as possible due to forgeries posted through them. No ad, cd, commercial, cripple, demo, nag, share, spy, time-limited, trial or web wares OR warez for me, please.
From: David H. Lipman on 30 Dec 2009 06:28 From: "John Corliss" <q34wsk20(a)yahoo.com> | David H. Lipman wrote: >> Hutton Conyers wrote: >>>>> Bear Bottoms wrote: >>> (snip) >>>>>> However, I agree >>>>>> with David Lipman that the Windows firewall is the very best and if you >>>>>> feel the need for more protection, use a hardware firewall. >>> But how does this stop programs calling home? Particularly MS? Does >>> Windows firewall prevent outgoing connectons? I think not. But >>> correct me if I am wrong. >> A FireWall appliance would have greater control over that. >> The MS built-in can limit it as well based upon settings in the OS based FireWall >> context. | From what I understand about the Windows firewall in Vista and Windows | 7 though, it only will block outgoing that you specify rather than | asking about every outgoing and allowing you to set rules. Please feel | free to correct me if I'm wrong since I still use XP. | -- | John Corliss BS206. Using News Proxy, I block all Google Groups posts | due to Googlespam, and as many posts from anonymous remailers (like | x-privat.org for eg.) as possible due to forgeries posted through them. | No ad, cd, commercial, cripple, demo, nag, share, spy, time-limited, | trial or web wares OR warez for me, please. The OS will query the user when OBJECT.EXE tries to access the Internet to allow or deny OBJECT.EXE that access. However in XP OBJECT.EXE can write its own FireWall Policy to allow itself access to the Internet and thus not query the user. This was fixed in Vista and strengthened in Win7. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: N4469P on 30 Dec 2009 09:03 On Wed, 30 Dec 2009 12:25:36 GMT, hummingbird wrote: > 'David H. Lipman' wrote thus: >>The OS will query the user when OBJECT.EXE tries to access the >>Internet to allow or deny OBJECT.EXE that access. >> >>However in XP OBJECT.EXE can write its own FireWall Policy to >>allow itself access to the Internet and thus not query the user. > > Do you mean that it can effectively by-pass the user's PFW? > or just the Windows firewall? ...or both? > >> >>This was fixed in Vista and strengthened in Win7. Cite?
From: John Corliss on 30 Dec 2009 09:37 David H. Lipman wrote: > John Corliss wrote: >> David H. Lipman wrote: >>> Hutton Conyers wrote: >>>>>> Bear Bottoms wrote: >>>> (snip) >>>>>>> However, I agree >>>>>>> with David Lipman that the Windows firewall is the very best and if you >>>>>>> feel the need for more protection, use a hardware firewall. >>>> But how does this stop programs calling home? Particularly MS? Does >>>> Windows firewall prevent outgoing connectons? I think not. But >>>> correct me if I am wrong. >>> A FireWall appliance would have greater control over that. >>> The MS built-in can limit it as well based upon settings in the OS based FireWall >>> context. >> From what I understand about the Windows firewall in Vista and Windows >> 7 though, it only will block outgoing that you specify rather than >> asking about every outgoing and allowing you to set rules. Please feel >> free to correct me if I'm wrong since I still use XP. > > The OS will query the user when OBJECT.EXE tries to access the Internet to allow or deny > OBJECT.EXE that access. > > However in XP OBJECT.EXE can write its own FireWall Policy to allow itself access to the > Internet and thus not query the user. David, almost everybody in this group knows that the XP firewall will do nothing to block outgoing connections. What you're talking about is a policy to allow OBJECT.EXE to accept *incoming* connections. If you don't believe me, check out this page: http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx > This was fixed in Vista and strengthened in Win7. You must be referring to incoming policies. Go to this website: http://www.windowsecurity.com/articles/Whats-new-Windows-7-Firewall.html and look at figure 3. I also suggest that you read this article: http://www.pcmag.com/article2/0,2817,2335235,00.asp and notice how carefully the author avoids any use of the term "outgoing connections", just like Microsoft itself does. -- John Corliss BS206. Using News Proxy, I block all Google Groups posts due to Googlespam, and as many posts from anonymous remailers (like x-privat.org for eg.) as possible due to forgeries posted through them. No ad, cd, commercial, cripple, demo, nag, share, spy, time-limited, trial or web wares OR warez for me, please.
From: Les Nagy on 30 Dec 2009 14:24
On 12/30/2009 5:14 AM, John Corliss wrote: >> probably never will. Kerio can crash the system in certain >> circumstances and increasing its buffer almost always fixes this problem. > > Just curious Les, how does one increase the buffer in Kerio 2.1.5? > That it answered in the following link you have already quoted. > >> - Kerio's Buffer size needs to be patched in registry not to >> cause a buffer problem >> http://www.dslreports.com/forum/remark,3060806?hilite=registry+buffer >> >> - It sometimes loses it's rules completely > The link above addresses the problem below >> Some people have noticed a BSOD with fwdrv.sys though: >> >> http://www.dslreports.com/forum/remark,12530877 > > I've never experienced this one. > |