So, what about Norton `s firewall?

Discussion in 'other firewalls' started by allan, Mar 2, 2003.

Thread Status:
Not open for further replies.
  1. allan

    allan Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    5
    Well, confused of Whitstable here! My last post was asking about a good firewall, the unanimous decision was Outpost, so after a bit of forum surfing, I am back to square one, well square two because I want to know if Nortons personal firewall would fit the bill.

    Outpost? looks good, but many posts saying it is not really happy with Win XP and ICS. I use both of these, so that put me off.

    Is Norton any good? I know opinions will vary here, but I need to know if it will work happily with ICS on my Win XP machine and D Link wireless network.

    I am buying a Linksys Etherfast Cable/DSL Router with 4port 10/100 Switch to fit in my network. Will this alter the equation as it will be the only externally recognised internet device.

    I`m floundering a bit here, any help / lifelines gratefully accepted.

    allan
     
  2. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Well, there's a quandary with the latest release of NIS/NPF (2003). You're going to have to make your own decision, but I'll throw in my two cents worth. First, I've got and have used NIS 1.0, 2.5, 3.0x, and 4.0x. For that matter, I still use NIS 2.5/3.0x/4.0x on different boxes.
    Oh, either version (NIS or NPF) works just fine with ICS and Win XP.

    Unfortunately, that's not the problem. There are admittedly some very nice new functionality that has been incorporated into NIS/NPF 2003 and I'm not going to deny this. It works fine, for the most part -- as long as nothing goes wrong. What could go wrong? Why, nothing could go wrong, of course ... go wrong ... go wrong .... :rolleyes:

    And that's the problem as I see it. If something does go wrong, it's almost impossible to detect or diagnose in NIS/NPF 2003 because Symantec has made it almost impossible to document or trouble-shoot anything. And, yes, things do go wrong from time to time under various circumstances. Do a search on the DSLR Security Forum for some of the problems that have been experienced with NIS/NPF 2003 since its release. Note how few of these problems (beyond simply misunderstandings of the appropriate way to configure the firewall) can now be corrected by the end-users. For the most part, you now have to wait for Symantec to diagnose the problem and issue an update.

    You can't easily document and review your basic configuration settings (some 30 parameters) in NIS/NPF 2003, so that's a primary hurdle to get past when using NIS/NPF 2003. (In NIS/NPF 2002 (4.0) and earlier, you'd simply use Albert Janssen's NIS Settings utility.)
    You can't document and review your firewall ruleset (and notice that this time I didn't even qualify that with easily.) (In NIS/NPF 2002 (4.0) and earlier, you'd simply use Albert Janssen's AtGuard/NIS Rules Viewer utility.)
    Finally, you can't easily document and review your firewall log events for further analysis in the event that you start to suspect that the firewall is either PERMITting or DENYing some communication that it shouldn't. (In NIS/NPF 2002 (4.0x) and earlier, you'd simply use Sven Schaefer's Log Viewer utility to do this kind of analysis.)

    Quite frankly, I personally would recommend that you procure a copy of NIS/NPF 2002, and then add the above mentioned freeware utilities in preference to installing NIS/NPF 2003 -- but that's a purely personal decision that you would have to make for yourself.
     
  3. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    The new version of Outpost is being beta tested now. I would use one of the free firewalls like Kerio or Sygate (I think they still have a free version) until you have a chance to compare Outpost 2 to NPF.
    Norton bought out AtGuard, one of the best firewalls ever. They promptly added six tons of bloat to it and I'm not sure how much of the good firewall remains. AtGuard is 2.73 Megs. Take a look at the size of NPF.
     
  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Oh, come on, root! You can do better than this! :eek:

    There are perfectly legitimate criticisms of the current NIS/NPF implementation that can be raised without going back to this time-worn (and then unexplained and unjustifiable) griping about the size of of NIS/NPF versus AtGuard! This is like comparing grapefruits to grapes on the basis of their weight! (Or, more directly, comparing the size of MicroPro's Wordstar for DOS 6.22 to the size of the current implementation of Microsoft Word!)


    Are you going to tell him the size of the latest versions of Outpost, Kerio, Tiny, or Sygate (versus that of a three-year old implementation of AtGuard)? We went through this over three years ago! I had guys comparing the ZIP file for AG to the UNZIPPED version of NIS 1.0! (Which also included NAV, but somehow the critics never got around to mentioning that.)

    Norton did not "buy" AtGuard; we don't need that myth propagated anymore. They "licensed" the underlying AtGuard firewall engine technology from WRQ and they weren't the only company that did so.. For that matter, by Symantec's own acknowledgement, WRQ is perfectly free at any time to re-introduce AtGuard. So, let's get this bugaboo out of the way also, okay?

    Now, I went through this crap three years ago on the old Unofficial AtGuard Users Forum and detailed every distinction between the 'product size' for NIS 1.0 and the last versions of AG. That stood (without challenge, I might add) for over six months before they relocated the site. I think you (or someone with the same sig) was present on that site at that time. Still, no one bitching about the 'bloat' factor in NIS/NPF felt in anyway constrained -- they just wouldn't confront the rebuttal.

    Are you gonna tell this guy about the PDF version of the User Manual for NIS/NPF that was included (but not present in AG)?

    Are you gonna tell this guy about the Tutorial for NIS/NPF that was included (but not present in AG)?

    Are you gonna tell this guy about the "Rules Templates" for popular applications that was included with NIS/NPF (but not present in AG)?

    Are you gonna tell this guy that the original version of the IAMAPP.* files (the heart of both AG and NIS/NPF) were almost byte for byte identical in size?

    Are you gonna tell him about the code used to invoke Stealth (automatically) in NIS/NPF that wasn't present in AG? (Pity about that, but it does exist.)

    For that matter, are you gonna tell him that NIS/NPF includes customized drivers for various OSs, whereas AG used the same drivers for all of the OSs that it then supported?

    Are you gonna tell him about the list of ad-blocking that NIS included (by default) but which the end-user had to work out for themselves in AG?

    Are you gonna tell him about the Parental Control feature (and 5 MBs of sites) that were initially included in NIS FE (that's now up to about 10 MB at the moment) that are not included in AG?

    Are you gonna tell him about the User Accounts feature that's been availabe in NIS (since version 1.0), but not in AG?

    Are you going to acknowledge that some people were fond of comparing the size of NIS (which included NAV, of all things) with the ZIPPED version of AG?

    Are you going to tell him that NIS/NPF introduced this horrible kludge of a User Interface to replace the extremely clean AG interface and that this chewed up a few megabytes?

    Are you going to tell him about the LiveUpdate facility that comes with every copy of NIS/NPF but has no equivalent in AG?

    For that matter, are you going to tell him about the executables included to integrate NPF with NAV, NU, or Norton System Works, in the event they're already present on the box?

    And, finally, are you going to tell him about the additions made to NIS/NPF since version 1.0 that simply have no analog in AG? (Not terribly well done in my estimation, but that's an entirely different subject.)

    So, how 'bout we just get off this 'bloat' argument and address the substantive questions of features provided, usability, and functionality? That's a much more productive (and valid) basis for criticism.

    Hell, I'm running NIS 3.0x FE on this Win 98 SE box using a PII @ 350 MHz with only 64 MB of RAM and a very small, (and slow) HDD on a dial-up connection. Of all things that concern me about NIS/NPF, 'bloat' is probably the least. It's still smaller than the last installation of MS Word, for that matter.
     
  5. controler

    controler Guest

    I won't argue with you one bit about Symantec JVM
    You know I like Nortons products and care less about the size.
    I will mention that I just saw the other day an implement for @guard that makes it comatiable with ME but am not sure about XP
    I just wish I could find that link back again. I still do have the latest version of @guard though. I use Sygate's free version right now only because of curiousity but do notice some very good features included in the PRO version I would love to try out.
    JVM. ya know it's really a shame. I been comming to Wilders now for a few years and was a beta tester for Symantec for a while as well as other well known companies but none of the other software makers
    we post about here allow me to test their software. I have asked.
    And I don't call testing software posted on public websites as "Beta" a
    real Beta testing group.
    I also just saw the other day a new program to work with the 2003 version of NIS for LOGS, ad-blocking ect. I will see if I can find that one back again for you.
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    For AG and ME you could try the following link:
    http://geocities.com/bazilio_c/AG_vs_WM.htm

    Not sure how reliably this worked. It has been a long time since I have seen discussions on it. As for AG and XP, my understanding is there is a problem with logging not working.

    Regards,

    CrazyM
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    With the router/gateway in place, it will block all unsolicited inbound traffic and your systems on the LAN will not see it. Your consideration then is control of outbound traffic from the LAN systems and if you want a software firewall on those systems for that.

    Regards,

    CrazyM
     
  8. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    As you've probably guessed, I myself have no problem with criticizing Symantec's implementation of NIS/NPF (indeed, I do it quite frequently!), and I wasn't trying to playing a hissee to root's chigger. (Okay, let's see how many of you Euros can figure that one out! :rolleyes: ) I'd just like to get the criticism back on substantive grounds here. That said, I'm very unlikely to have any problems with root's criticisms along those lines.
    Interesting. Could this be because you're a known Symantec Beta tester? (For those who may be wondering, I've never been a Symantec beta tester; i don't like the NDA involved. Besides, it's much more fun to send them e-mail before a release and then rip them a new one when they don't respond in a personally gratifying manner! :D)
    Hmmm, could this have been Eric Howe's and Christian's new AGNIS Ad-Block LIst, complete with Christian's ProWAGon (to allow use with NIS/NPF 2003)? If it's something else, I'd sure like to know about it!
     
  9. controler

    controler Guest

    JVM

    yes I was looking at prowagon also but thought I had seen something else. Dang memory keeps leaving me.
    Better start taking my Ginko.
    Believe me as a beta tester , you do have quick access to the
    project leaders. They usualy respond quickly.
    You have however gained enough respect with Symantec to now be
    on a e-mail basis with the man himself :D (Peter Norton)
     
Loading...
Thread Status:
Not open for further replies.