The magazine of the Melbourne PC User Group
Kerio Personal Firewall 2.1.4
Ash Nallawalla
ash@melbpc.org.au


Ash Nallawalla uses this product every day, and he explains in simple terms why it's so effective

It is difficult to write a lot about a very simple, free and effective product; Kerio Personal Firewall 2 is one of them http://www.kerio.com. It is a software program that keeps Internet-based intruders out and alerts you if something on your computer is trying to access the Internet. I had previously used ZoneAlarm and still use it on one of my PCs but I would not use it on my main PC simply because Kerio Personal Firewall 2 (KPW) is so much easier to manage and access in a network sharing situation. It is free for home use and I use it every day.

System Requirements

  • CPU - Intel Pentium or higher
  • OS - Windows 9x/NT4/ME/2000/XP
  • RAM - 32 MB minimum
  • Available disk space - 10 MB
Operation

Like other "Internet Security" programs, KPW acts as a gatekeeper in both directions, so you always have to grant permission on a case by case basis or grant permanent permission to trusted programs such as your Web browser or e-mail program. You should only grant permanent permission if you are sure, not simply because you want to get rid of the alerts. By the same token, people who use such programs should not panic if they see alerts - if they did not use such a program, they would not see any alerts or know if their computers have been compromised. Therefore, the "no news is good news" principle does not apply here. KPW uses "stateful inspection" to do its job, which involves checking every packet of information to determine its intention, like a postal security expert.

Analogy

When you send some text, for example, the text is broken into packets of fixed size, somewhat like a tour group that needs several mini buses to carry them all. Just as the buses have some overhead, such as a driver, a tour guide and a destination label on the front, so do computer packets. The computer analogy goes a little further, so that the packets can only enter through doors (ports) that have been left open for them. If a packet arrives for a port that is closed, an alarm (alert) is sounded.
 


Figure 1. This example shows how a filter rule can be set
to deny access to a block of IP addresses in both directions.


Figure 2. Alerts such as this one help you to see where
your browser fetches its content. Place a permanent block
 if it sounds suspicious or a temporary one to see
what happens.

Since there are many nasty people out there looking for open servers, they are constantly probing the whole Internet street by street (IP address), pushing on doors and windows to see if one is open. If you choose to see every alert, you could get the wrong impression. If it helps, the average home computer is not useful to the people who are looking for, say, open mail servers for sending spam, because you don't have such software. They come by and probe just that single port where a mail server lives, find none, and move on. Others take their time and go through the tens of thousands of port numbers in sequence hoping to find an interesting one. This is why KPW and similar products only open ports that you agree to.

KPW has not been updated for year, which shows that it is a stable product. It takes a software "fingerprint" of your programs and gives an alert if you update them, or worse - if a malicious person tries to replace them with a Trojan horse bearing the same name. It operates in stealth mode, so that incoming probes are quietly dropped, offering no clue to the remote end.

Its short and easy-to-understand Help file contains clear explanations of all terminology you need to know to protect your computer. If you have advanced networking knowledge, you can set up complex filtering rules. For example, certain software that uses a web camera needs certain ports to be opened before audio and video will pass through. In my case, I also have a hardware firewall in front of KPW, so I have to open the same ports on both.

It has detailed administrative features tucked away that a novice user need not worry about. They are there if needed and KPW is a good tool to slowly grow your networking skills. As long as you don't grant permanent permission to an unknown program hastily, you will be safe. If a cryptic file name asks for permission, grant temporary access to understand what it does and next time make it permanent. You will find that some "well known" programs have a habit of going out to the Internet when they start and denying access permanently does not stop them from working. If you read somewhere that this behaviour has some value to you, say, if it looks for an update, you can always use the administrative interface to change the setting for that program.

KPW is definitely worth a try out. I'm happy to continue using it.

 Reprinted from the April 2003 issue of PC Update, the magazine of Melbourne PC User Group, Australia

[ About Melbourne PC User Group ]