What's wrong with Norton?

I don't ever see it recommended on here. My license is coming to an end for Norton on my xp computer and don't know whether there is something better. It seems to stop a lot of stuff, I see warnings like "deep throat trojan" etc has been stopped...sounds good. Do all firewalls block this type of stuff? I'm currently testing OP pro on an old win 98 computer, but am finding it a bit confusing. Why does it say open ports, I'd rather it said stealthed. Also sometimes it says "one or more components of this application have changed" and gives me options and I'm afraid I don't really understand the details. Think I'm going to have to find something else.

 

At one time I used Norton FW 2003; to give it it's due, it was incredibly easy to use and kept me in good basic stealth. The trouble is it allowed some 'trusted' programs to create their own access rules, which always struck me as being very unsafe - supposing a trojan tricked it into allowing access!

Also, Norton does not perform well in leak tests; see here:- http://www.firewallleaktester.com/tests.htm

I also think Norton is extremely poor value for money, there are free ones that perform better. I now use Zone Alarm Pro which suits me just fine and feels a lot 'safer'.

 

Norton isn't necessarily a bad product, it's just not a great product either. Most people have a problem with the way Symantec codes their products. They usually involve a large number of background services and processes (for example, see here). Norton security products tend to be inefficient, slowing down the computer in often noticeable ways, and are sometimes difficult to completely uninstall.

Anyway, did you have Norton Personal Firewall or Norton Internet Security? Because when you say that you received messages like 'Deep Throat Trojan has been stopped', that would be more of a signature based response more closely associated with an AV/AT/IDS type of product rather than a pure firewall. To be clear, the role of a traditional firewall is not to scan inbound packets for viruses and trojans, but rather to hep prevent network based attacks by selectively "filtering" what packets make it in and out of your PC. Of course, products are increasingly taking on more and more areas of security functionality and so some of the definitions begin to overlap as well. The point, though, is that many people find that they prefer to select specific, best-of-breed products for the various security functions (ie, host firewall, AV, AT, anti-spyware, etc.) rather than rely on Symantec to provide a one-size fits all sort of solution.

 

Norton will screw your computer up faster than anything I seen. and anything norton is hard to get out of your computer too. It really messed mine up.

 

My experience with Norton products is that they are very heavy on resources, they invade your registry and system, putting files and reg entries by the thousands everywhere (slight exageration), and that they tend to slow my system down. I used both NAV and Norton Firewall before and would not go back to either anymore. They are also hard to remove, being so complicated. It might actually be best to just leave it on your system if it's working fine now, rather than try to remove it, because you may wind up reformatting your system as a result. Not likely, but it's possible. At best, it will leave bits and pieces of itself scattered around your system.

 

Will leave CrazyM to speak for himself (when he wakes up! ) I'm still running NIS 2002, (also known as 4.0.3) which is older than what you've got (NPF 2003, I believe?). That was as far as I was willing to go (and many of the old hands never went that far).

Wouldn't worry about the license (actually it's an update license), since I've received no updates of consequence since July 2004 and I had to get that straightened out with Symantec, along with a coupla other folks over at BBR/DSLR. It's more a matter of knowing all the ins and outs and idiosyncracies of NIS/NPF than anything else -- and, unfortunately, Symantec itself isn't going to help you much in doing that.

At least with NIS/NPF 2002 (and earlier) we could still do our own diagnostics; you (unfortunately) can't really do that with NIS/NPF 2003 (or later) versions.

Actually, most of the 'old hands' have shut down those rules and replaced them with two (CrazyM, presuming he's still running NIS/NPF at all) or three (me) much simpler and less alarmist rules. That 'warning' doesn't mean what you think it means (and something that Symantec has never bothered to clarify).

Pretty much; if appropriately configured. If you run any of the software firewalls at 'high' security, then they block everything not explicitly allowed anyway -- and esspecially unsolicited inbound probes. The only point of the 'rule' that you reference is that it indicates a probe against a port traditionally used to search for the presence of the 'Deep Throat' Trojan on your machine. It doesn't mean you are infected with the Deep Throat Trojan; it only means you've received an unsolicited communication attempt on the default 'Deep Trojan' port. That's it'; plain and simple.

Wouldn't we all? I'm not familiar with Outpost, so someone else will have to answer that question.

Ah! Well, that one is easier to answer. An internet-enabled application typically uses one main executable which then 'calls' multiple *.DLLs, *.SYS, etc., executables to do its job. That message, in particular, simply means that either the main executable or one of the 'called' routines has been changed. Now, if this is related to something like Internet Explorer, Outlook Express, or Outlook -- and you've recently updated/upgraded one of these applications (or the OS itself), then something will quite likely have changed. However, if you haven't done this, it may indicate that one of the executables has been subverted. We'd need more information to establish what the actual situation is here. (Like the filename of the executable, its file size, filedate lastmodified, and file version information, in particular, for someone to make an authoritative statement on the issue.)

Hope that helps.

 

Hello Creature Piecan,
My NPF 2004 is about to expire too. I will not renew. I agree with jvmorris there is not a need to rush out and get another firewall if yours is working doing it's job. I do not really care for NPF, but as long as it is not broke I guess I'll keep it. If it ever gives me a problem it's gone.

(OutPost is on my other machine).

 

Automatic rule creation is enabled by default in NIS/NPF but can be disabled in order to be prompted for every new application that wants access to the network. The wizard still allows you to use predefined rules or you can create your own.

Regards,

CrazyM

 

If everything is working fine and you are comfortable with it, stick with it. As for the licence, as it has already been noted, the firewall will continue to function fine. If you venture beyond the automatic settings, NIS/NPF is very configurable. Unfortunately Symantec has made it awkward to work with this flexibility.

Regards,

CrazyM

 

Thanks for your detailed reply Joseph and to everyone else who took the trouble to post thanks very much.
I think as NPF is playing nicely at the moment it's probably best to leave well alone. If I ever have to do a clean install then I won't bother to put it on again.
I got OP Pro off my windows 98 computer, I've read how good it is, but it's just not for me. Zonealarm is on there instead now..well seems easy enough and don't use the old computer much anyway to warrant buying anything.
Mercurie if you're going to continue using NPF without subscribing to the updates won't it compromise the security? I haven't had the constant reminders to renew like I used to. Could one of you guys do me a favour and check under Options whether you have a tick next to "Monitor for updates to Intrusion detection" with a dot next to "automatically update my protection". I've noticed that there is only a tick next to "monitor updates to firewall" and every time I try to select the same option for intrusion and click ok the next time I look it's gone again! You can find it under the tab Options-Liveupdate-Monitor for Updates to Intrusion Detection Cheers!

Andie

 

Just want to say NPF2003 works extremely well, and is very simple to use. If you can take a look at CrazyM's guide it is of great help.

the two biggest points that I was able to resolve, with the aid of the guide were these:

1-set the firewall control to highest (not medium like recommended)

2-on the settings tab there is a box called "automatic program control". IMHO, there is no reason for anyone, anywhere to choose this setting, the box should be checked from time to time to insure that it is not on automatic.

to give you an idea of the scale of this decision, if i were to check, and do an automatic program scan, NPF would enable roughly 300 programs for internet access. By choosing myself, I have 25. Big difference. Also, if I delete access for a deleted program, I know i will have to re-issue permission if it (or anything) tries to connect with those credentials. With the automatic setting deleting has no meaning, as it may well get reauthorization without your knowledge.

be on the lookout for "configure automatically (recommended)" in the pop ups for first time access. Stick with permit and block.

It's funny because Norton asks like it is some huge big deal to have to make these decisions. Its not. Microsoft Word wants to connect. I say no. Once. the issue is settled. I find out later I made a mistake, it really should connect. I go to program control delete the Word rule, next time the program asks I say permit.

this concludes my lesson for users who just want the program to work and don't want a degree in firewall science.

-HandsOff

actually, let me add this: Sometimes you need to allow a program to access the net during installation. Usually, you can just remove it after installation aside from the rare cases where the programs really do need to access the internet. If you don't like loose ends, check in the manual controls if they installed themselves into the internet driving seat after you install new software.

 

Topper-
I'm surprised at you! as knowlegable as you are about computer security! automatic configuration is a choice. unfortunately a default choice.

This seems like complaining that an a/v's hueristic engine is no good after setting it at the lowest level of detection.

For point number two, it has been ages since i have been in this neck of the woods, so I am donning my asbestos suit befor i say this:

"I do not think leak tests have any value whatsoever in determining the effectiveness of a firewall"

you pick a firewall that does good in the tests, and I'll pick one that offers good protection, and we'll see who comes out best.

Not only are most of the tests irrelevent, in the process of taking them you have revealled all of the detail any hacker would love to get their hands on.

Not saying that they cant be trusted, but i am saying why trust someone when you don't have to. We don't know what there agenda is, could some be promoting particular firewalls? I don't even want to know.


-HandsOff

 

Thanks very much for that Handsoff. Will have a look for CrazyM's guide too. Andie

 

http://www.gpick.com/agnisrules/index.html

Regards,

CrazyM