Security Made Simple … or Advanced

If your PC spends a lot of time connected to the Internet — and let’s face it, if it doesn’t, it’s likely gathering dust in a closet — you need to be running some kind of firewall. And while the hardware firewalls found in most broadband routers are a good start and should be considered de rigueur for any small network, they generally deal with traffic only on the level of TCP/IP addresses and ports, and thus offer protection that’s incomplete at best.

To better protect yourself against threats like rogue applications downloading and running on your PC, you need to be running a software firewall. Though such products from companies like Symantec, McAfee, and Zone Labs are certainly better known, Kerio Personal Firewall 4 (KPF4) distinguishes itself in the category by managing to be easy enough for a novice to operate while still providing many of the advanced features that typically appeal to more tech-savvy users.

Security Made Simple … or Advanced

Kerio Personal Firewall 4 will run on any client version of Windows from 98 up through XP (it won’t, however, run on any server version of Windows). When first installing KPF4, you can select from one of two modes — either simple or advanced.

The simple mode is intended for less technical users who are willing to give up some security in exchange for not having to deal with the inevitable and seemingly interminable prompts notifying the user and requesting confirmation on all attempted network activity. As a result, in simple mode the firewall rules are, well, simple — all outbound traffic is allowed, while all inbound traffic is blocked (except, of course, when in response to an established outbound request).

In contrast, configuring KPF4 in advanced (a.k.a. learning) mode gives it a more typical (and more secure) firewall posture. In advanced mode, KPF4 can alert the user whenever an application attempts to generate outbound traffic. The user then has the option to permit the traffic on a one-time or ongoing basis.

The ability to do this, of course, is precisely the purpose of a firewall, and it certainly isn’t unique to KPF4. What does set KPF4 apart from some of its competitors is the detailed information the alerts provide and how it is presented. In fact, novices and techies alike will likely find the clarity of information in KPF4’s alert dialogs to be one of the program’s greatest strengths.

For starters, each alert clearly denotes whether the traffic in question is either inbound or outbound by a prominent green or red bar, and offers large ‘permit’ and ‘deny’ buttons along with a simple checkbox to create a rule for future traffic of that type (rather than requiring you to select from a number of options on a selection list, as some products do).

Furthermore, KPF4 provides as much information as it can to help you make an informed decision about an alert. In most cases this includes the full and actual program name rather than simply the name of the .exe file, which can often be cryptic. The alert dialog also presents the IP address (and the FQDN (define, if a DNS resolution is possible), protocol, and port number representing the origin or destination of the traffic. When you consider that many firewalls typically provide you with little information beyond „app.exe is attempting to access the Internet,” the benefit of Kerio’s approach is clear.

Application Protection

In this day and age, guarding against unauthorized network traffic is crucial, but it still may not be enough, as Trojans and other forms of malware can often sneak onto and modify your system before even (or without) sending out a single packet. To help guard against this, KPF4 offers a „system security” feature that monitors the activity of all applications installed on a PC — even if they don’t ever access the network.

By default, the user is notified upon any attempt to modify or replace an application’s executable file. Finally, an attempt by one application to launch another one can be similarly identified and flagged for confirmation before being allowed to proceed.

In addition to monitoring network and application activity, KPF4 also incorporates an IDS feature (Intruder Detection System) that will scan for port scanning and monitor incoming traffic against a database containing scores of known attack patterns. (KPF4 checks for database and program updates when first launched and then every 24 hours thereafter.) KPF4 also offers Web content filtering, including the ability to block banner ads, cookies, pop-ups, and scripts.

While KPF4’s „out of the box” settings (in either simple or advanced mode) will likely work well for most users, you do have the option to create advanced firewall rules for monitoring and flagging specific kinds of traffic or activity by specific applications.

Activity Information, Logging, and Alerts

Those users who like to know exactly what’s going on with their PC will appreciate the high level of detail KPF4 provides. At any time you can access a comprehensive list of all running applications and their open ports — ports that are actively engaged in communication are highlighted in either red or green, indicating the direction of the traffic flow. (The KPF4’s tray icon also displays minute greed or red elements denoting network activity as it occurs.)

For historical data, a statistics screen is available to provide cumulative data on the number of different events (including scripts, ads and popups, cookies, and intrusion attempts) that have occurred over the past hour, day, week, or month. For those who prefer to pore over endless reams of data, KPF4 maintains no fewer than four logs — for network activity, application-related events, intrusion attempts, and browser activity. You can selectively log only the events you’re interested in, and the log data can also be routed to a Syslog server.

KPF4 also offers some useful administration capabilities. You can password protect the firewall configuration settings to guard against unauthorized changes, and once you have the firewall set the way you like it, you can back up the configuration to an XML file. You can also remotely access the firewall and perform most configuration tasks from another machine running KPF4.

The Panic Button

One of the options offered by the KPF4 tray icon’s context menu is ‘STOP ALL TRAFFIC,’ and, as its name suggests, it immediately puts the brakes on all network traffic to and from the PC. This can be a very useful feature in the event you inadvertently allow an application network access and then immediately think better of it, or if you ever discover anything potentially untoward taking place that you want to quickly nip in the bud. Halting traffic in this way is certainly a lot easier and less strenuous than frantically grabbing for the network cable.

Overall

A fully functional version of Kerio Personal Firewall 4 can be downloaded on a 30-day trial basis. After the trial period the software will continue to operate, but certain features like content filtering and remote logging will be disabled. The registration fee of $45 is competitive with its more established competitors and includes a year of free updates and upgrades. Subsequent yearly subscriptions cost $22. Volume licensing for both the initial cost and ongoing subscriptions is also available.

The biggest drawback to KPF4 in our opinion is that Kerio doesn’t make its own anti-virus or anti-malware utilities, and thus you don’t get the interface integration you would with a Symantec (Norton Internet Security) or McAfee product. The company does, however, provide a bundle with an anti-virus utility from AVG.

Suffice it to say that if you are considering one of the „big three” software firewalls, or your subscription to one of them is coming due, you’ll likely want to give Kerio Personal Firewall 4 a serious look.

Pros: Provides protection against modification of applications; intuitive and easy to use, with clear and helpful alert information; simple and advanced modes of operation

Cons: Lacks Norton and McAfee’s integrated anti-virus/anti-spyware software components, cost vs. ZoneAlarm Free