Why does NIS 2007/08 Nag Least?

OK, I want my computer to be protected from serious damage by reasonably likely threats. Nothing I do is mission critical and the environment I use it in isn't particularly dangerous so I don't feel the need to go overboard but neither do I want some keylogger to sneak on and steal the password to my credit card accounts.

My new laptop came with NIS 2007 Trial preinstalled so that's been running for a week or so. I've also tried NIS 2008 Trial on my desktop at home for a couple days as well as trying BitDefender's 2008 suite and most recently downloading the trial of Onecare 2.0 from Microsoft. And before all this I'd had Kaspersky's suite running for a couple months on my desktop machine.

BitDefender seemed to use as little memory and CPU cycles but its default firewall setup popped up plenty of questions over the few days it was running. Like your typical naiive user I just clicked "Allow" every time since it always had the name of a program I recognized and BitDefender always recommended allowing it. I don't think anything snuck by me.

Kaspersky had always seemed pretty quiet but I read somewhere that by default its firewall sets up totally permissive. So I reinstalled it and bumped the firewall up to "training mode" and it nagged even worse than BitDefender (or at least the same). Seemed to use a little more resources, too. I also clicked "Allow" every time on Kaspersky to no apparent ill effect.

I've only had OneCare 2.0 on since last evening and it has asked about Google Desktop a couple times but I think it's set by default not to ask very much. That's the sort of "hands off" paternalistic approach they are marketing and I think that's pretty much what I want long-term.

Now back to Norton. Aside from asking if it's OK to reboot after a LiveUpdate download, it never asks a thing. On the laptop the 2007 version seems to use similar resources to Kaspersky or OneCare, a bit more than BitDefender. But it passes my no-nag criteria with flying colors. The reviews I've read all indicate that the default NIS 2008 configuration is quite secure but now I'm wondering if it is pulling a Kaspersky and just leaving the outgoing firewall a bit open by default. The reviews indicate that Norton's whitelist is just much more extensive and well implemented than others.

Given that I am required to have a firewall+AV running on my laptop in order to access my employer's VPN I've got to put either Norton or OneCare (or something similar) on there and keep it up to date. Otherwise I'd just use the Vista firewall and Defender and do an occasional scan with some freebie AV scanner. Or maybe Prevx CSI...they find stuff all the others miss, don't you know . But some kind of suite is required and my ideal is one that's cheap and never nags. OneCare is pretty affordable at $40, Norton less so at $60 but unless Norton is fooling me by leaving the firewall open it is the winner in the no-nag, light-running sweepstakes. What do you guys think?

 

I don't think you can go wrong with Norton. It will give you the protection that you are looking for without all the pop ups. also there may be a setting as to how it alerts you in the settings.

 

The firewall is working and can be checked by "View History". If you see an instance that has either an amber or red colored bar on the side that is where NIS blocked an intrusion or portscan. If you highlight it and click on the button on the right ("view details" or similar--I am at work so I am going by memory) and you should see a button with something like "notify me" on future warnings.

There is a BIG difference between NIS '04 and NIS '07-up. '04 liked to drove me crazy with warning pop-ups.

 

If you want more outbound control, click on "Ask me what to do" in the Firewall settings. From what I can tell, NIS uses a large whitelist to check if an outbound connection is legit or not which is on by default.

 

I used to have Zone Alarm on my WinXP system, probably going back as far as '04 which is when I believe we first got high-speed Internet access. All those pop-ups were so infuriating but I thought that was the price of being on the 'net 24x7. When the desktop machine got blown up by lightning a few months ago, I just used the Vista firewall for a long while before breaking down and installing KIS a few weeks ago. It doesn't nag nearly as much as Zone Alarm used to but then again it apparently was just allowing a bunch of stuff to go through without asking.

I may turn on "Ask Me" for a couple days out of curiosity but I'm becoming reassured that pretty good protection is happening without needing to nag me. It makes the (IMHO) high yearly price for Norton seem at least worth considering I suppose.

 

"Ask me" is like the training mode like most firewalls use (allow /this instance/always/never). I had it on for a while but reverted back to default. It must have one heck of a whitelist for recognizing some obscure programs I have, lol.

But if you start missing pop-ups, just turn Program Launch and Program Component Monitoring on

 

Exactly. I don't have anything all that strange but for instance there's an obscure compressed-document-format reader that I have installed to read certain genealogical records on-line. Even OneCare made me give a heads-up/head-down on that one. NIS 2008 did not. I'd conservatively estimate that .EXE to be somewhere in the 5,000th-10,000th range of applications you'd put on a whitelist. Maybe Norton's list is really that big...

 

OR it could be using a blacklist which may be easier to maintain. I have yet to see an outbound warning but that is mainly because NIS or Vista has blocked the installation of the malware at the start.