世界著名防火墙最新测评报告的详细解读Kerio篇(原版翻译)
来自:MACD论坛(bbs.macd.cn)
作者:govyvy
浏览:1956
回复:1
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
感谢大家有兴趣浏览这篇翻译的文字,我想先说明一下:该篇文章取自www.matousec.com,由于该公司是专业的安全性产品评估测试公司,因此其发表的结论性报告有一定的参考价值,同时该公司还是一家测试并出售Bug产品的商业公司,其对送测安全类产品的标准相当的严格,评论近乎严苛,所以不管您是哪款防火墙产品的拥护者,阅读本文请以平和的心态面对,说到底,防火墙的实际应用和实验室测试还是有比较大的区别,一款产品是否好用,只有使用者心里最清楚,世界上没有完美的防火墙,只有最适合自己的防火请,发表这些文字只是希望对大家在选择该类产品时提供必要的参考资料。原文地址http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php,感兴趣的朋友可以浏览。
该测评项目的所有防火墙测试报告译文已经汇总发布,请到http://bbs.hypost.cn/read.php?tid=116235查阅
Kerio Personal Firewall 4.3.246 - Review
Kerio Personal Firewall is favourite personal firewall for many users. The graphical interface and user features are simply perfect. The sad fact is that from the view of its security desing Kerio is just a cute packet filter and not a personal firewall as its vendor (and its name) claims. It is more like 'A Hacker's Best Friend'. We can hardly imagine a personal firewall with worse level of security.
Kerio个人防火墙4.3.246-概览
Kerio个人防火墙是一款深受很多用户喜爱的个人防火墙产品。它的图形界面以及用户功能简单而完善。然而令人沮丧的是以设计的安全性观点来看,Kerio并非如其开发者(以及产品名称)宣称的那样是一款防火墙产品,而仅仅是个虚有其表的数据包过滤产品。在我们看来反而更象是“黑客的最佳排挡”。这样一款所谓的防火墙却具有如此低劣的安全防护水准,实在令人难以置信。
Tested version
We were given a licence for Kerio Personal Firewall for one year for the purpose of our analysis from its vendor. We were testing version 4.2.3.912 but then Sunbelt Software released a new version 4.3.246 so we revisited our results and continued the analysis with the new one. Sunbelt also offers free version of Kerio Personal Firewall which misses some features of paid version. Sunbelt acquired Kerio Personal Firewall from Kerio Technologies Inc. in December 2005. More information is available on the website of the former vendor. Since then, only minor changes were made in the Kerio Personal Firewall.
测试版本
我们从Kerio官方获得了使用该防火墙一年的授权许可,以配合我们的研究分析。在我们正在对版本号为4.2.3.912的Kerio防火墙进行测试后不久,Sunbelt软件(Kerio防火墙为该公司收购,下同)释放出了最新的版本号为4.3.246的产品,因此我们在该版本上重复进行了我们业已完成的测试并继续进行新项目的分析。Sunbelt也同时释放了去除了部分付费版功能的免费版Kerio防火墙。Sunbelt公司于2005年12月将Kerio防火墙从Kerio技术有限公司划归自己旗下,您可以从其前开发公司的网站上获得关于此事件的详细信息。与收购前相比,Kerio个人防火墙基本没有什么改动。
Installation and initialization
The first impression of Kerio was very good. The very easy installation process finished very quickly. The user is asked only one important question during the installation - whether to choose a simple or advance mode. If advanced mode is selected the firewall is installed to the learning mode. Otherwise it said to be installed into 'no popup mode'. The installation wizard is well-developed but we missed a chance to set a password to protect Kerio settings. However, the user is able to set the password in the configuration panel after the installation. When the installation is complete Kerio initializes its database. The whole installation process was pleasant, quick, easy and trouble-free and that is why Kerio Personal Firewall received no penalty for the installation process. After the installation process the system must be restarted as it is common with the most of security software. Immediately after the reboot Kerio recognizes network interfaces and asks user whether they are trusted or not. As we installed Kerio into learning mode, we had to allow some basic actions of common system programs too. We were pleased that default settings of Kerio are defined well for common use.
安装和初始化
对Kerio的第一印象非常好,简捷的安装过程完成得非常迅速,整个过程中用户只被询问了一个重要问题-------是否启动简单模式或者高级模式。如果选择高级模式,那程序将安装成学习模式;而选择简单模式,程序将按照“无弹出提示模式“进行安装。安装程序高度完善但是我们却无法通过设置密码来保存对Kerio进行的设置,但是用户可以在安装后的设置面板中设定密码。安装完成后,Kerio将进行数据库的初始化。由于安装全过程的简单快捷,Kerio在该环节上表现完美。和大多数的防火墙产品一样,计算机需要重新启动。重启后,Kerio界面提示侦测到网络并向用户发出”是否信任“的询问。由于我们先前选择将Kerio安装成学习模式,所以不得不对一些系统的常规程序活动设置“允许”命令。令我们惊喜的是Kerio针对一般运用的的默认设置非常完善.
Hardware requirements
Kerio Personal Firewall is too heavy for a personal firewall software because it reduces the computer performance for about 27% and uses over 17 MB RAM. On the other side, its 13 MB on the hard disk is not so much and we had no problems with the performance during common work. We were not testing web filtering feature at all and thus we can not comment its performance which was discussed frequently by users of Kerio in the past. However, the changelog of the latest version mentions performance improvements when web filtering is enabled.
硬件要求
作为防火墙产品来说,Kerio堪称“重量级”,因为运作Kerio将降低27%的降低计算机运作效能,同时占据超过17M的内存空间。此外,软件需要13M的硬盘空间,不算大,一般应用没有任何问题。我们最终没有对网页过滤功能进行测试,所以对这一在过去经常被Kerio用户争论的问题不予置评。但是在最新版本的更新日志说明中提到了对该功能的改进。
Common behaviour and control
Kerio offers a quick tray icon with an access to configuration panel and two basic features - disabling the firewall protection and stopping all network traffic. The configuration panel is well aranged and good-looking. It is easy to change settings, configure the rules and view logs in it and it is possible to block all the network activity with one click from this panel too. The user is also given a chance to save settings and load them later or to use settings from older versions. Nevertheless, we were not able to clearly identify the switch to so called 'no popup mode' which was offered during the installation. We have tried to install Kerio once again to see the differences between 'no popup mode' and 'advanced mode' and we found that the only difference there was disabled Application Behaviour Blocking which we consider as a must for all users. Another problem was with the localization. We have tried non-English environments too but they are full of English and translations appear rarely on the screen. This is why we give 95% in Easy of use classification to Kerio Personal Firewall.
习惯性应用和操作
Kerio提供了系统托盘图标,除了便于使用者切入设置界面外,还提供了两个基本功能---禁用防火墙保护,阻止所有网络活动。设置面板键位合理,界面美观,用户能很方便的改变设置,定义规则或调阅日志,同时界面提供了一键阻止所有网络活动的功能键。用户可以对防火墙的设置进行保存以便于在稍候装载或在新版本中使用上一个版本的相关设定。
然而,我们无法对安装提示的另一个选项,即所谓的“无弹出提示模式”给出明确的结论,我们曾经试图重新安装一次Kerio以便于对该模式与“高级模式“之间的差异进行观察,得到的唯一差别就是“无弹出提示模式”禁用了“阻止用户习惯性程序应用”的功能,而这个设置我们认为对所有用户来说却是理所应当的。另一个问题关于地域选择的局限性。我们也试着在非英语环境中使用Kerio,然而满屏充斥着的英文中鲜有相应的翻译,所以我们给予Kerio防火墙在易用性环节的表现95%的评分。
Security
All the hopes died when it came to the analysis of the security and security design of Kerio. If we say that Kerio Personal Firewall implements no security at all we would not be far from the truth. The security design of Kerio is useless. The functionality of Kerio is not much better than the functionality of common packet filter. Except the packet filter none of its security components works as it should. Malware can bypass all the protection of Kerio easily. As you can see in the bug list below the number of bugs we found during our first phase analysis is not that big. It is not because there are missing many important features in the security design of Kerio and thus they can not be buggy. We have solved this unexpected situation by setting the unique penalty of these design bugs to very high values such that they are greater than possible sums of penalties of bugs in these features if they were implemented. The majority of bugs we found are critical bugs. The security of Kerio Personal Firewall was not tested against modern malware techniques if tested at all. We do not think there might be a worse personal firewall from the security point of view than Kerio Personal Firewall 4.3.246. We strongly recommend all its users to change the personal firewall. You can see public information about Kerio's bugs in the following sections below.
安全性
随着对Kerio防火墙应用安全性以及设计安全性的分析不断深入,我们对它的表现由期待变成失望。说Kerio个人防火墙的安全表现一无是处其实是一点也不过分的。Kerio的安全设置只是虚有其表,作为防火墙来说,Kerio的功能表现并不比一般的数据包过滤程序强多少,除了它的数据包过滤功能外,Kerio的其他安全组件并没有象我们想像的那样运作,恶意软件轻而易举的就可以突破Kerio的所有防护,一如您在下面的Bug清单看到的那样,已经比我们第一轮测试所显示的数量多得多。并不是因为在Kerio的安全设计时遗漏了很多重要的安全性指标影响了这些组件的正常运作,为了验证这个比较意外的情况,我们调高了由于设计Bug造成的特殊性后果的参数,然而其数量还是远大于(即便在安全设计中缺失的指标得以修复并正常运作的条件下产生的)可能的不良后果的总和。我们发现的都是关键性的Bug。如果真的进行考验,Kerio的安全性不足以应付采用如今的恶意软件技术。从安全的角度看,我们认为Kerio个人防火墙(V4.3.246)的防护性是最糟糕的,所以强烈建议使用者进行更换。在下面的部分你将可以浏览到关于Kerio Bug的公开信息。
Open public bugs
The following list contains open bugs that are public. This means that a full name, description, testing method and testing program is available for every bug in the list. The list is sorted by the bug penalty, the higher penalty means the more dangerous the bug is.
公布的公共信息Bug
下面的列表列出的是具有公共信息的Bug,也就是说全名、描述、测试方式以及测试项目通用于表上的每一个Bug,列表按照Bug的危害性进行了归类分级,级别越高意味着这个Bug的危害性越高。(略掉细节,仅仅罗列Bug名称和危害等级,下同)
Fake 'iphlpapi' DLL injection 伪装成'iphlpapi'的Dll导入
Risk:Critical bugs (关键性Bug)
Multiple insufficient argument validation of hooked SSDT function Vulnerability(钓鱼漏洞)
Risk: Serious bugs (严重性Bug)
Open private bugs
The following list contains open bugs that are private. This means that their names, descriptions, testing methods and testing programs are not available for free. The following list is sorted by the bug penalty, the higher penalty means the more dangerous bug.
公布的隐私信息Bug
下面的列表列出的是具有隐私性质的Bug,也就是说表上的每一个Bug的名称、描述、测试方式、测试项目不是免费使用的,列表按照Bug的危害性进行了归类分级,级别越高意味着这个Bug的危害性越高。(略掉细节,仅仅罗列Bug名称和危害等级)
BUG00009P001SK BUG00011P001SK
Risk:Critical bugs 关键性Bug Risk:Critical bugs关键性Bug
BUG00013P001SK BUG00014P001SK
Risk:Critical bugs 关键性Bug Risk:Minor bugs小Bug
BUG00005P001SK BUG00004P001SK
Risk:Critical bugs关键性Bug Risk:Critical bugs关键性Bug
BUG00006P001SK BUG00007P001SK
Risk:Critical bugs关键性Bug Risk:Critical bugs关键性Bug
BUG00008P001SK BUG00001P001SK
Risk:Critical bugs关键性Bug Risk:Serious bugs关键性Bug
Fixed bugs
The following list contains fixed bugs. This means that these bugs were fixed by the vendor and that there exists a new version of the reviewed product where these bugs do not appear or there exists a patch for the bug for the reviewed version of the product.
已确认Bug
下面罗列的都是已经被Kerio官方承认的Bug。目前已经释放了修正了这些Bug的新版本Kerio与预览版或相关补丁包。
Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability(程序调用中止错误漏洞)
Risk:Critical bug关键性Bugs
原帖转自绅博论坛
[ 本帖最后由 govyvy 于 2007-10-21 16:16 编辑 ] | 
发表于 2007-10-21 16:06
|
楼主|
发表于 2007-10-21 16:11
|
陕ICP19026207号—2 陕ICP备20004035号
