How Norton Personal Firewall works

I have Norton Security Online v 10.2.0.30 installed and have some questions about what is going on under the hood. This is in part to help me choose the appropriate security setup when I upgrade my system.

So, In Norton firewall there is one thing in particular I can do that I have wanted to do for a long time: block internet access to specific pieces of software. I am tired of every development house assuming its ok to have their software go out in the internet whenever to do... whatever.

Norton allows me to set up rules for specific pieces of software. The first one I created today was to block Windows Media Center from accessing the internet. I use media center to play videos, not to download ads from the internet and provide a possible hacker access point.

It worked like a charm. My two questions are: how is Norton doing this (seems like more than IP filtering), are there other utilities that will provide the same functionality?

I would love to get to the point where I can generally block internet access, but allow specific pieces of software to go to specific sites

Next, I have slightly changed one of the access rules in the firewall from automatic handling of illegal/unknown internet access atempts to notify/manual. Every 4-5 minutes I get a message that some unknown software is attempting to connect to the internet using IE. I would love to be able to know what software/process is initiating the request. Is there some way to do this?

FWIW, I am currently running a single computer with high speed access through a cable modem. The plan after upgrade is to have a stand alone firewall (I have a P3 waiting to be loaded with IPCop) to protect an internal network of, well, whatever I end up wanting to run.

Looking forward to some answers.

Thanks.
Fred.

 

Sounds like you're a prime candidate for purchase of a router. If you're going have multiple computers on the Internet, get a router. And, think of it as a key part of your Internet security. They provide a hardware firewall.

I haven't had any Norton products since Norton System Works 2002 and Norton Personal Firewall 2002, so I won't attempt to answer your question on Norton.

 

As far as a firewall, he mentioned ipcop which does hard firewalling, belives hes just curious about norton until he gets that setup.

 

As far as I know, a router won't work if I want to set up a dmz for a server. It also won't do outbound filtering.

I want to use Norton as a springboard for learning what I need when I set up my firewall. I've never done any IP filtering so I have not sure what I can and can't do on the firewall.

While waiting for replies I poked around this site and found downloaded and installed a port sniffer. That at least tells me what services are going out on the internet, how often they are going out and where they are going.

I Played around with Norton a little and turned on program launch monitoring which broke some of my isp software. In fixing things up, it created a list of executables that are allowed to launch internet enabled programs. Is Norton using hooks into the OS to determine which executables are launching internet aps?

Funny thing, with program launch monitoring on, Norton blocked itself and the popup came up as "unidentified program trying to..."

Just trying to learn so I can set up effective inbound/outbound security.

Fred

 

Fred,
I'm just curious about your use of Norton's. It is rather system hungry. Is it slowing your PC down any? I had it pre-installed on a Dell Laptop & it wouldn't allow me to access the Internet at all! So I had to remove it with a tool I found on Geeks. Anyway, just curious. Good Luck. Shanrene

 

shanrene123. I don't notice much of a performance hit, but I am mostly using my pc for browsing at the moment.

For me, its a freeby from my ISP and hasn't caused me any real performance problems, so I use it for now.

Fred