Kerio Personal Firewall: Premium Security That Delivers Strength and Simplicity Application Protection Joseph Moran
Application Protection
In this day and age, guarding against unauthorized network traffic is crucial, but it still may not be enough, as Trojans and other forms of malware can often sneak onto and modify your system before even (or without) sending out a single packet. To help guard against this, KPF4 offers a "system security" feature that monitors the activity of all applications installed on a PC — even if they don't ever access the network.
By default, the user is notified upon any attempt to modify or replace an application's executable file. Finally, an attempt by one application to launch another one can be similarly identified and flagged for confirmation before being allowed to proceed.
In addition to monitoring network and application activity, KPF4 also incorporates an IDS feature (Intruder Detection System) that will scan for port scanning and monitor incoming traffic against a database containing scores of known attack patterns. (KPF4 checks for database and program updates when first launched and then every 24 hours thereafter.) KPF4 also offers Web content filtering, including the ability to block banner ads, cookies, pop-ups, and scripts.
While KPF4's "out of the box" settings (in either simple or advanced mode) will likely work well for most users, you do have the option to create advanced firewall rules for monitoring and flagging specific kinds of traffic or activity by specific applications.
Those users who like to know exactly what's going on with their PC will appreciate the high level of detail KPF4 provides. At any time you can access a comprehensive list of all running applications and their open ports — ports that are actively engaged in communication are highlighted in either red or green, indicating the direction of the traffic flow. (The KPF4's tray icon also displays minute greed or red elements denoting network activity as it occurs.)
For historical data, a statistics screen is available to provide cumulative data on the number of different events (including scripts, ads and popups, cookies, and intrusion attempts) that have occurred over the past hour, day, week, or month. For those who prefer to pore over endless reams of data, KPF4 maintains no fewer than four logs — for network activity, application-related events, intrusion attempts, and browser activity. You can selectively log only the events you're interested in, and the log data can also be routed to a Syslog server.
KPF4 also offers some useful administration capabilities. You can password protect the firewall configuration settings to guard against unauthorized changes, and once you have the firewall set the way you like it, you can back up the configuration to an XML file. You can also remotely access the firewall and perform most configuration tasks from another machine running KPF4.
