Sunbelt Kerio Firewall
 |
Author: Sunbelt Software
Platform: Windows XP and 2000 (not available for Win 98, NT or ME)
License:
Purchase: http://www.sunbelt-software.com/rd/rd.cfm?id=060124EB-SpywareInfo
Kerio Technologies decided last year to discontinue the Kerio firewall. The announcement came as an unpleasant shock to users of the firewall. Most people who try the Kerio firewall never go back to using another one.
The people at Sunbelt Software were Kerio users. They liked it so much, they bought it from Kerio. The newly rebranded Sunbelt Kerio Personal Firewall will continue to be developed, to the relief of some 400,000 users (myself included). Sunbelt also bumped $25.00 off the price of the full version, so this turned out well, any way you look at it.
If I were grading firewalls like a teacher, Kerio would blow the bell curve. It has been my favorite firewall for years. No other firewall comes close, in my opinion.
Kerio has several features which make it stand apart from other software firewalls. During installation, you have a choice of "Simple" and "Advanced" mode. Be sure to install it in advanced mode, otherwise it will not default to blocking programs from connecting out to the internet. If you are using a previous trial version of Kerio, it is suggested that you uninstall that and download a fresh version when you purchase this program and registration key.
The Firewall
Kerio divides everything into two zones, "trusted" and "internet". The "trusted" zone is your own computer, plus anything connected to it on a local network. The "internet" zone should be self-explanatory.
Let's say your kids (or you) play games against each other over your local network, on separate computers. That means that one of the computers has to act as a server, to let the other one connect to it. You don't mind the kids playing each other, but you don't want them hosting a game for twenty other people and clogging your internet connection.
Most firewalls can make it a pain to set this up correctly. Either they allow a connection or they don't. Or you have to mess around with defining which IP addresses and port numbers are allowed and disallowed. With Kerio, you can allow connections to and from the video game from the local "trusted" network, while denying any connections to the internet.
On the other hand, if you want to control the ports or IP addresses that programs are allowed to use, you can do that too. The "Packet filter" options let you pick an application, define which addresses and ports it can or can't use, lets you log every incident where your rule comes into effect and lets you decide whether or not you want it to pop up an alert. It is basically the same interface that was used for editing application rules in the older Kerio version 2.15.
A few years ago, I used this feature to allow Outlook Express to download and send email, while blocking the port used to download images. Outlook Express can do that on its own now, but this shows you how useful it can be to have that kind of control over the firewall.
Kerio has a "gateway" mode, which lets you firewall a computer being used to share its internet connection to other computers on your local network. The computer that is connected directly to the internet is protected, without interfering with the internet activities of the other computers. I used this feature myself for about a year, in the older version of Kerio, and it worked perfectly.
Intrusion Detection
Kerio features three different intrusion detection systems.
* Network intrusion prevention system (NIPS) - this system recognizes and blocks various types of network intrusions by blocking network connections that might be used for transfer of dangerous data.
Basically, that will block internet worms sniffing around for unsecured Windows Administrator accounts, web servers or SQL servers to infect. It also blocks port scanners. Sunbelt warns that this may cause the occasional false positive.
* Host intrusion detection and prevention system (HIPS) - this system recognizes and blocks technologies used by intruders or viruses to run malicious codes. HIPS is helpful especially for recognition of new or modified viruses.
This one will block common methods used by malware to take over or infect a computer. That includes buffer overflows and code injections.
* Behavior blocking - this system enables monitoring of the behavior of applications, such as starting of an application by another process or application modification. This method is extremely helpful especially for recognition of new viruses.
This will alert you to software on your computer behaving strangely and lets you block it from running. It will alert you if a file has been modified or replaced with another file.
It also will alert you if one program tries to launch another program. This is both good and bad.
It will pop up alerts for perfectly normal behavior, such as Windows Media Player opening a browser, when you click on a link in the Media Guide. It has the option of remembering the choices you make each time it opens an alert, so eventually this will happen less often.
If your computer were to be infected with spyware, Kerio should be able to prevent one spyware file from launching another, making it easier to remove the whole thing (I haven't tested this).
The Behavior Blocker has another very useful feature. You can forbid specific applications from loading.
I'm sure there are programs on your computer that launch on their own that you would like to block. When I still used Apple's QuickTime to watch QuickTime movies, it always loaded an updater program, which then set itself to load whenever the computer was restarted. That annoyed the pure hell out of me. Kerio would have prevented that, if I had known about the feature then.
Web and Privacy Filtering
Kerio can behave as a proxy filter and block undesirable things from happening, while you surf the web. Kerio rewrites web pages on the fly, before they arrive in your browser, so this filtering should work in any web browser. This doesn't seem to work if you already are using a local proxy server, such as Proxomitron or Privoxy.
* Advertisements are filtered out of web pages, if they match a set of rules that you can edit.
* It has a pop-up blocker, which frankly did not work very well, when I tested it.
* It can filter out javascripts, VBscripts and ActiveX. These filters are turned off by default.
* Cookies can be blocked. There are separate options for each type of cookie: session, persistent and foreign (meaning third-party tracking cookies).
* Kerio will remove the "referer" string that all browsers pass along to web sites. This will keep web sites from recording the address of the web page you just left.
Certain other firewalls will take this opportunity to spam web site logs, by replacing the referer with a link back to the firewall's web site. This is just pure spamming, which security software should not do. Other firewalls replace the referer with some sort of message that doesn't belong there, such as "Referer Blocked" or similar. Either of these will cause trouble on web sites that block image hot linking.
Kerio simply removes the referer, leaving it blank. I didn't tell Sunbelt when we were discussing this review, but I would have failed it on this one point alone, if it had done otherwise.
* Block Private Information - The parents out there will like this feature. You would be amazed at the information younger kids will give out, either on the web or in the real world. The information blocker lets you fill in certain information and then prevents that information from being sent over the internet.
If you live at 123 Main St,, you would add a rule for "123 main". If someone tries to post that address to a web site, Kerio blocks it. The same goes for credit card numbers, phone numbers or anything you want. If you enable password protection within Kerio, no one else will be able to disable this setting.
I believe that covers most of the features. If you want even more details, the help manual for Kerio is available online (in PDF format).
In addition to reducing the regular price by $25.00, Sunbelt also is providing an additional $5.00 discount, until March 31, 2006. That brings the final price down to $14.95. Click here to purchase Sunbelt Kerio Firewall.
