How good is the Norton firewall?

Topic

New Reply

I have just installed Norton Internet Security 2010 which is supposed to have a 2-way firewall. I have just logged on to Gibson Research Center and tried their Firewall Leak Test which showed fail, firewall pemetrated, with this comment “LeakTest was not prevented from connecting to the Gibson Research web server. You either have no firewall, you have deliberately allowed LeakTest to connect outbound, or (if neither of those), LeakTest has just slipped past your firewall’s outbound “protection”, if any.

Does this mean the Norton firewall is sub-standard? A phone call to Symantec resulted in them saying if the main window of their product said “Secure” then all was working correctly.

Reply | Quote

Replies

Does this mean the Norton firewall is sub-standard?

No not necessarily, you would do well to look over the firewalls faq sheet and fine tune the advanced properties accordingly.

Reply | Quote

Leaktest attempts to connect to the GRC web site from your PC. Norton should warn you that a program is attempting to access the internet and ask if you want to allow this. This behaviour in Norton should be configurable via the options.

cheers, Paul

Reply | Quote

So how secure is Win7 firewall? Not very, since it didn’t ask anything and let Leaktest bypass just like that. Better start looking elsewhere in security issues.

Reply | Quote

So how secure is Win7 firewall? Not very, since it didn’t ask anything and let Leaktest bypass just like that. Better start looking elsewhere in security issues.

The OP asked about Norton Internet Security not Win7. Your post makes no senses in that context.

Joe

--Joe

Reply | Quote

Does this mean the Norton firewall is sub-standard?

The average user is, understandably, annoyed by having to answer multiple prompts for permission — remember the Vista UAC prompts? Therefore, I believe most software firewalls now are configured to launch in a quiet “learning” mode by default. If you prefer a more paranoid mode, you will need to set that for yourself.

Reply | Quote

Does this mean the Norton firewall is sub-standard? A phone call to Symantec resulted in them saying if the main window of their product said “Secure” then all was working correctly.

The Symantec response proves they are selling rubbish.

It is possible that something is wrongly configured and the leak-test failure is not due to a Norton Fault.
Wait a bit – I looked out the window and saw a pig flying past.

The essential fact is that the Gibson code was not prevented from “phoning home”,
so any malware on your machine would also be able to phone its home and disclose all you private stuff.

I can understand that a Firewall could make a mistake and let something out.
I can understand that it would not REALISE it had let something out and therefore continue with the pretence that it is “Secure”.
I CANNOT understand a Norton agent SAYING that a leak-test failure should be disregarded and that their Firewall is working correctly.
Perhaps by “working correctly” the agent actually MEANT “we never managed to fix this – it is working NORMALLY”.

Whatever the reason for this leak-test failure, that failure indicates malware can phone home,
and it was grossly incompetent of Norton to tell you that all was well.

Alan

Reply | Quote

The essential fact is that the Gibson code was not prevented from “phoning home”, so any malware on your machine would also be able to phone its home and disclose all you private stuff.

No, I believe you have missed something here. The fact that a program not recognized as malware was able to use the network connection does not prove that “any malware” would be able to use the network connection. Comprehensive security suites should remove malware and spyware either on access (real-time scanner) or during scheduled or manual scans. It is true that there may be a gap between the time of infection and updated detection, so those who engage in risky downloading behaviors should configure their firewalls for maximum protection.

Reply | Quote

It’s the age old “how secure do you make it without annoying the user” question. I always err on the “annoy the user” side.

cheers, Paul

Reply | Quote

My firewall passed that test with flying colors, so I would suggest you dump Norton and get a better system. I’m using Vipre from SunBelt Software and someone will have to come up with a really fantastic produce for me to change.

Reply | Quote

Just because a firewall passes a “leak test” does not mean it is good. It means that the vendor knew the parameters of that specific test, and specifically tuned their product to pass that test. The problem is, these “leak tests” do not reflect real-world environments. It’s like creating custom “malware” which does not exist in the field, and then tuning your predictive heuristics to block or remove that particular piece of lab-created artificial code. Again, if vendors pay the “research lab”, they can get a preview of the specs for the upcoming tests, and tune their products to pass those tests. Matousec has done this with Outpost, and they were totally discredited on that basis. So these tests must be taken with a very large grain of salt, especially if the testing lab is a for-profit company.

Comodo has complained for years about the lack of objectivity of Matousec, even though their firewall consistently passes the tests with flying colors. Gibson Research is much more trustworthy than Matousec, but I still believe that some vendors were tipped off before the tests, and made specific changes to their products in order to gain higher scores. Call me paranoid, but I do believe that a company can be bought off — even Gibson.

Norton as a complete suite has passed all INDEPENDENT lab tests with flying colors. There is also nothing wrong with the Windows 7 or Vista firewall — both versions will keep you safe enough for almost any legitimate purpose on the Internet, when combined with adequate antivirus (Microsoft Security Essentials) and antispyware (Super Antispyware) scanners and perhaps some web shields, or a safer browser (like Firefox or Chrome).

How safe do you need to be? What do you do on line which puts you at greater risk? Can you control or reduce these risks? Are you a careful web surfer, or do you click on anything which flashes at you? If a security alert pops up, do you always click “allow”? And isn’t that the same as if the alert never came up, and the security program did nothing to protect you? Ninety-nine plus percent of the time, the problem with on line safety lies between the keyboard and the chair — i.e., the End User.

I am currently running 64-bit Windows 7 Home Premium with MSE and the out-of-the-box Windows 7 firewall. Nothing else active. I browse with Chrome with only a few privacy Extensions (including a nice one which blocks Google Analytics). I patch as advised. And I maintain a good, clean Acronis backup of the System and Windows partitions on an external drive which never connects to the Internet. Am I safe? Safe enough. Am I going to worry that I could be safer? No, I have better things to do with my time.

Norton is perfectly fine security software — in fact, it is overkill, and that is why I do not use it. One of the first things I did on this laptop was to remove the pre-installed Norton Internet Security Trial Subscription software. But if you like Norton, keep it. It will serve you well, even without raising it to “paranoid” security levels.

-- rc primak

Reply | Quote

Norton as a complete suite has passed all INDEPENDENT lab tests with flying colors.

Citation please Bob, not that we don’t trust you. ;-))

cheers, Paul

Reply | Quote

Citation please Bob, not that we don’t trust you. ;-))

cheers, Paul

AV Comparatives, AV-Test.org, and Dennis Technology. Citation. (OK, it is a Symantec Press Release, but they have links to all their citations). And I also read somewhere else (PC Magazine?) that NIS 2010 passed West Coast Labs tests with very good marks.

I knew someone would call me out on this one.

-- rc primak

Reply | Quote

These reports are possibly not reliable.
AV-Test.org, and Dennis Technology are both private companies that were commissioned by Symantec to perform the tests.
AV Comparatives claims to be a non profit organisation that publishes a report every 3 months. The Symantec product is rated Advanced, many other products were rated Advanced+.

Make up your own mind.

cheers, Paul

Reply | Quote

Here is a link to page 2 of a discussion on this exact issue. The reason I linked to page 2 is because Message #15 has links to two PCMagazine reviews that address the Norton Firewall.

http://community.norton.com/t5/Norton-Internet-Security-Norton/ShieldsUP-and-Leaktest/m-p/102228/highlight/true

Reply | Quote

Here is a link to page 2 of a discussion on this exact issue. The reason I linked to page 2 is because Message #15 has links to two PCMagazine reviews that address the Norton Firewall.

http://community.nor…/highlight/true

The very lengthy post near the middle of that thread just about says it all. Norton is not blocking the “leak test” samples because it is intelligent enough to recognize them as fakes. Now that’s intelligent design!

Since I am not posting here to defend Norton, nor to defend any testing organization, I will not respond further to criticisms of the Symantec Press Release. I think my previous post also applies to these results and the organizations which published them. West Coast Labs does not publish head to head comparisons, but it sets minimum standards for security products. These standards are met by most of the popular products. Just choose one (or more) with which you feel comfortable, install it, and get on with your life. Anyway, that’s what I’ve been doing lately.

I don’t think this discussion about who’s good enough, who’s truly good, and who’s best of breed will ever deliver definitive answers. Only your experiences (and mine) can guide us towards better on line security. Thanks to all who have contributed to this thread for helping offer your insights. I hope we have answered the original question, as well as anyone can.

-- rc primak

Reply | Quote

It may be worth looking at the following Gibson Research CenterWeb page:

http://www.grc.com/lt/scoreboard.htm

The Symantec (Norton) product is not “BAD” or “RUBBISH“!!!

My Rig: AMD Ryzen 9 5900X 12-Core CPU; ASUS Cross Hair VIII Formula Mobo; Win 11 Pro (64 bit)-(UEFI-booted); 32GB RAM; 2TB Corsair Force Series MP600 Pro 2TB PCIe Gen 4.0 M.2 NVMe SSD. 1TB SAMSUNG 960 EVO M.2 NVME SSD; MSI GeForce RTX 3090 VENTUS 3X 24G OC; Microsoft 365 Home; Condusiv SSDKeeper Professional; Acronis Cyberprotect, VMWare Workstation Pro V17.5. HP 1TB USB SSD External Backup Drive). Dell G-Sync G3223Q 144Hz Monitor.

Reply | Quote

It may be worth looking at the following Gibson Research CenterWeb page:

http://www.grc.com/lt/scoreboard.htm

Note: the last edit of that page was over 5 years ago. I’m sure that several of these firewalls don’t exist any more and that all the others have had several updates since then. I would not place any faith in those ratings for todays software.

Joe

--Joe

Reply | Quote

Precisely: Today’s software MUST surely have improved since then!

My Rig: AMD Ryzen 9 5900X 12-Core CPU; ASUS Cross Hair VIII Formula Mobo; Win 11 Pro (64 bit)-(UEFI-booted); 32GB RAM; 2TB Corsair Force Series MP600 Pro 2TB PCIe Gen 4.0 M.2 NVMe SSD. 1TB SAMSUNG 960 EVO M.2 NVME SSD; MSI GeForce RTX 3090 VENTUS 3X 24G OC; Microsoft 365 Home; Condusiv SSDKeeper Professional; Acronis Cyberprotect, VMWare Workstation Pro V17.5. HP 1TB USB SSD External Backup Drive). Dell G-Sync G3223Q 144Hz Monitor.

Reply | Quote

Precisely: Today’s software MUST surely have improved since then!

You’d hope so. But I try to practice “trust but verify”.

Joe

--Joe

Reply | Quote