Re: Release of Kerio Personal Firewall 4.0.6

Author	All Replies
gwion wild colonial boy Premium,ExMod 2001-08 join:2000-12-28 Pittsburgh, PA	reply to Kerio Re: Release of Kerio Personal Firewall 4.0.6 Well... passwording a firewall GUI is not trivial, and it's not a luxury. It's a solid line of defense against scripted tampering, and in an environment where, for example, the kids use your computer as users, they still have complete access to the firewall from the tray. Without a password, any user can circumvent any rule, no problem. Of course, in that scenario, you probably want the paid version, frankly, even if you don't use the webfilters... remote logging and admin, alone, are worth having in that sort of environment. As for those start controls, well, there's one way to eliminate bugs... just burn out half the kitchen... No more bugs... no more cabinets, no more stove... but no more bugs... I still think there's an audience who'll find this a nice firewall, but I doubt many of the existing users will. My own feeling's always been that Kerio users have represented a more articulate user class... people who may not be true "power users," but who are at least willing to spend some extra time learning, in return for added granularity and control. These people aren't going to be pleased. I predict Tiny might be getting a few orders, when this goes pure gold, frankly. And I predict we'll be supporting 2.x, here, for a while to come. We may do an "official" poll, somewhere down the road. I would prefer to wait for a final, stable release, but I'm really curious, overall, among existing Kerio users, how many will upgrade, how many will sit tight with 2.x, and how many might be climbing down the ratlines for the longboat, as we speak... ? Personally, I liked the direction 3.x was going, but I'm less inclined to like what I've seen since 4.x came out... To be a little brutal, I don't buy hardware to support basic firewalling. That was part of the glory of 2.x, to me, it was light, dependable and straightforward. Heavy GUI's and "generic security, suitable for everyday use, some settling and discoloration may occur in shipping" just doesn't do much for me... it was how I found this firewall, in the first place. I was looking for a -simple-, light, configurable firewall, in the model of IPfilter or such, and that wasn't OS-centric, so I could run it under NT, 2k, or whatever OS I might upgrade to, later on. Yes, Tiny dropped their old metaphor, too, but Tiny also added "industrial strength features" that account for the added resource profile, and the departure from the simple packet filter... seems to me that 85% of what Kerio 4.x adds is GUI and cuteness. And GUI and cuteness are two features I'm relatively unwilling to sacrifice my system resources to support, unless they add a LOT to the functionality and usability of my system. To tell the truth, a pretty firewall isn't what I want, as I'm fond of saying in help threads, what most of us want is to "just make it work." -- Y Ddraig Goch Ddyry Cychwyn
	to forum · permalink · 2003-10-27 19:27:46 · (locked)
Lex Luthor Premium,Mod join:2000-09-17 Hicksville, NY Host: OptimumOnline Users Find Hot Deals Users find Hot Dea.. Requests for Hot D..	gwion, what exactly do you not like about kerio 4? I was a 2.1.x user and now use 4. I'm very happy with it. I've seen no major bugs, had no problems, don't find that it uses up much CPU or an excess of RAM. It's easy to configure and powerful. I really don't see an excess of "bloat". I'm surprised that more of the 2.1.x users aren't happy with 4.
	to forum · permalink · 2003-10-27 20:27:07 · (locked)
gwion wild colonial boy Premium,ExMod 2001-08 join:2000-12-28 Pittsburgh, PA	Nothing, really. It's just a stark departure from the old metaphor. The packet filters are actually a bit better. But I liked the extreme light weight of the old versions, and the minimal GUI. And I like the idea of system security, as they refer to the start controls. In theory, I think it's a far more comprehensive suite. Problem is, as I've confided to some others, NOBODY, and I do mean NOBODY wants us to have anything as granular and simple and just plain user configurable as the Unix packet filters that literally abound... for BSD and Linux, and so forth. Windows firewalling is literally in bondage to the MS metaphor of oversimplification, massive GUI, massive resource waste... making the simple complex, to make the complex simple, if that makes sense... No... I don't entirely dislike it, at all. But I do dislike the resource profile. I fully understand their need to make a living, too, so the pay to play features are fine, with me, and the free version's perfectly servicible, for a free version. And I dislike this seeming willy-nilly, year long betaing process. And the seeming lack of a coherent plan, from the outset. I like making firewalling more accessible for avverage users, too. But I'm adament that power users should never have to compromise their demands, for ease of use. In fact, one nice thing, here, is the way they do allow you to use a preroll, or select a user config, on the filters... But if I want to shut down localhost:1080, for example, I think I have a right to expect a reputable firewall to allow that... compromising, like that, for the sake of idiot-proofing, is one of the things a lot of us trash MS for. But it's not really just MS, it's the whole community writing to MS platforms. I'm really glad you asked, because I don't really want to "thrash 'em," I don't thrash ZAP or other products, but those products have always had that metaphor, too, in fairness... I respect their hard work, and I certainly LIKE the idea that they're sort of the "little guys" in this business (so is Tiny, really)... a lot of the problems in communication are, after all, issues of scale. They have to develop a firewall, and they aren't Symantec... sometimes, I do wish they would "brag" that, rather than seeming a little self-conscious about it ... hell. I LIKE dealing with a small business. That's the American spirit, and the Czech spirit, too ... you have a great idea, you market it, all that. Sometimes, I think they think we'll mistrust a small group, when reality is that it's usually the other way around... but I digress... OK, Gwion... say a few good things... here we go... - much more configurable custom packet filter IF... - System security's a great feature... so long as it's solid. False security's obviously a terrible risk... - Web filters are, too. How many people have a real problem securing a Proxo-type filter? Here's an alternative for them... and it seems to do what it should. A few bad thins I already mentioned... but the reason's not dislike, it's a sincere desire to see a product get better. Sometimes, the biggest favor you can do the Emperor is telling him where and when he's naked.. A few wishes? - A simpler, lighter GUI. - More concern for the working features, less for the glitz. - NO built-in limitations, whatsoever, of any kind, on the packet filtering component. That's the core of a "conventional" firewall. There should be not ONE thing I can do with IPchains or IPF I can't do with my win32 firewall... NOT ONE. It's doable. And it's good design to do. - if something's known buggy, don't even PUT it in a release version... better - use plugins for the value added features. That way, I don't have useless code on the system, if I choose to disable something. Now, just briefly, let me refer to that localhost thing. In a sandbox-centric firewall like Tiny, it's less burdensome, but in a pcaket-filter-centric one, like Kerio, it's entirely inexcusible. I haven't done any testing on that, but if it's in fact true, you can't make absolute rules for loopback, then it's a "bug," not a feature (unless your name's Gates)... fine to implicit rule the firewall's own communications, but anything a millimeter beyond that isn't fine. It's a limitation on what you can do with the core component of the wall. And best form, Tiny, would be to include a full featured packet filter, even if the sandboxing makes it less critical. One shouldn't have to compromise, on very trivially implementable features, just because they aren't "critical" -- redundency, especially when you're learning and just getting started, is a great thing. Well, I better turn this over to you folks... but I'm glad you asked that - I didn't mean to sound overly harsh, just trying to be a good beta tester, and share my negative impressions, along with my positive ones, and maybe I got a little too focused on the minuses... I really do want to thank the developers for their continued hard work. Coding's not easy, I have enough trouble writing a quick TCL routine or perl script that doesn't screw up royally in its first ten iterations -- SNAFU's the rule of my own minor coding exploits ... and I fully appreciate that. But this firewall became fairly dear to my heart, in its "old" incarnation... closest thing I ever found to a solid, dependable minimalist packet filter I could run on NT, 2k, even 9x, and any upgrade I decided to adopt down the road. It's hard to let go of that... OK, crew, let's hear the comments... here's our chance to help out on the next version, it's your forum... let us know what you think... and thanks, very much, Kerio. That hard work definitely doesn't go unnoticed... we're just doing our job, too, best we can, over here on our side... -- Y Ddraig Goch Ddyry Cychwyn
	to forum · permalink · 2003-10-27 21:35:23 · (locked)


Saturday, 28-Nov 18:28:09	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF