Configuring a Software Firewall

Several weeks ago, reader and subscriber Scott Adler wrote to ask about configuring a software firewall program. He asked about a specific firewall program (Sunbelt Kerio Personal Firewall, which I use and recommend).

Even if you use a different firewall program, I urge you to read this article. The details may not be exactly the same as in your firewall program, but the concepts apply to other firewall programs (except the Windows XP firewall, which does not control OUTBOUND connections from your computer).

Scott wrote:

I've taken your advice and uninstalled my Norton programs. I'd previously explained that when I ran the Norton Live update I got an error message saying that Windows explorer had encountered a problem and had to close. Going to the event viewer in Windows I found a statement saying that this problem is associated with spyware and anti virus programs. It did not specifically mention Norton/Symantec.
In any event I installed your list of security programs including the Kerio Personal Firewall. But I have a problem with this program. I cannot find a means to get help in configuring it. For example when I open the program and click on network security I see a list of programs-all of which show "deny". I am not smart enough to know which to allow and which to change in order to get started. Can you help me??
I wrote back to give him some advice -- and the last I heard from him, he was operational and happy.

First, I wanted to make sure he was using the current "Kerio" and not an older and obsolete version. Sunbelt bought it in December 2005 and SKPF is the current version.

Sunbelt Kerio Personal Firewall (SKPF) has four columns of options in the Network Security / Applications screen. These columns are Trusted/In, Trusted/Out, Internet/In and Internet/Out.

We have the options OK, Deny, and Ask for each program that attempts to initiate an outbound connection (a contact to another computer on our network or on the Internet) or that attempts to receive an inbound connection from another computer.

In the Trusted/In column, almost everything except Microsoft File and Printer sharing should be "deny".

In the Internet/In column, everything, unless you specifically have something that you want to act as a server (P2P etc) should be "deny."

In other words, you should understand and agree to any program that will accept inbound connections from any other computers on your network or on the Internet.

The Trusted/Out and the Internet/Out will probably have a lot of programs set to OK.

The very last line of Internet/Out, if you used the simple install, is set to OK. You should change this to Ask.

The best thing to do, if you don't know, is set an item to "Ask". Then, when SKPF asks, if you don't know why the computer is trying to talk to the Internet then, select Deny BUT DO NOT TELL IT TO REMEMBER THE ANSWER.

That way, if your program doesn't work, you know you needed Allow. By the way, you'll probably have to reboot and try again in order to Allow the communication.

Does this seem painful? Yes, it is. But, this is the same process that you can use on any firewall program to figure out whether you should allow a program to communicate.

You can also do some research via the Internet to figure out the "right answer," if you'd prefer to do that.

TIP: I recommend that you DO NOT click on the "Don't ask me again" box from your firewall, if you're going to click the "Do not allow" button. Many firewalls use this as a "don't bother me with this question again" -- instead of "don't ask me about this program." That's a great way to have mysterious problems with your web browsers and other programs that connect to the Internet.
Of course, SKPF knows the program's name, the program's file name and the path to the program on your computer. Fortunately, we can choose which to display in the Network Security section Applications tab.

Right-click on the displayed name. You'll get options Edit, Remove, and Displayed Application Name. The last will let you show the filename, the program name, the program's filename or the path to the program on your computer.

With this information, you can Google for an answer about individual program. Or, you can use WinPatrol Plus as I do. The WinPatrol program is free and gives you a lot of control and protection for your computers' auto-running programs. WinPatrol Plus is the registered version of the free program. It adds a couple more features, but more importantly, gives access to their online database of program information.
( www.winpatrol.com )