Built-in Firewall Vs Norton Personal Firewall?

Question

Level 2

180 points

Built-in Firewall Vs Norton Personal Firewall?

Hi,

I have Norton Personal Firewall 3.0 that I've been using for awhile.
I've just discovered that the program won't open anymore,
and infact hasn't been running for awhile.
Symantec has recommended uninstalling and then reinstalling to fix this.

But now I'm wondering if it's worth reinstalling the Norton Firewall?
Does it have any capabilities that the built-in Firewall with 10.3.9 doesn't?

I'd also like to be able to 'test' whichever firewall I'm using.
To somehow 'see' what attempts have been made on my computer, and check that the firewall's working, is this possible with either firewall?
Norton says it should throw up an alert whenever it blocks an attempted access, but this has never happened in the 2 years I've had it running.
This makes me think the Norton firewall wasn't working, even before the problem with it not opening.

I also can't remember what settings I had in the Norton firewall,
I've got an Airport Extreme connected to a Router, and also have a Squeezebox that connects wirelessly to stream music to my stereo.
How can I find out which ports I've currently got on/off etc when the Norton firewall won't open?

Many Thanks

G5, Mac OS X (10.3.9)

Posted on Apr 4, 2006 5:19 AM

Reply

Answer 1

Apr 4, 2006 5:52 AM in response to Callie

Hi Callie;

Personally, I don't allow anything from Symantec on my Mac but that is me.

I think the firewall that comes with OS X is as good of one as you can get and it is free. So why pay Symantec for one?

Allan

Reply

Answer 2

Mac-Medic

Level 6

17,301 points

Apr 4, 2006 1:20 PM in response to Callie

Allen is right. Get rid of Norton. It's just going to slow your computer down if it doesn't mess it all up first. OS X's built-in firewall works just fine.

To make your Mac even more secure and invisible on the net, do this: Open your "Sharing" control panel, click on the "Firewall" tab, then click on the "Advanced.." tab on the lower right and check "Enable Stealth Mode." When you enable stealth mode, all uninvited data traffic receives no response from your computer. Stealth mode virtually hides your computer behind your firewall, and other computers sending traffic to your computer receive no information about your computer.

- Bmer
Mac Owners Support Group
Join Us @ MacOSG.com
 An Apple User Group 
ITMS: MacOSG Podcast >>

Reply

Answer 3

CMDRFISH

Level 2

187 points

Apr 4, 2006 2:39 PM in response to Mac-Medic

I dont believe that is a option for her since she is running 10.3.9, at least I havent found it on any of my 4 Mac's with 10.3.9 but maybe I am still missing it.

Reply

Answer 4

CMDRFISH

Level 2

187 points

Apr 4, 2006 2:39 PM in response to CMDRFISH

That is stealth mode. Sorry forgot to mention that.

Reply

Answer 5

FragOrder

Level 2

225 points

Apr 4, 2006 2:43 PM in response to CMDRFISH

Norton is just about useless for firewall, as well as disk repair, (disk doctor) and other progams that where helpful with older OS's. With OS X- most people agree that norton would cause way more problems then it's worth.

Reply

Answer 6

ds store

Level 7

30,855 points

Apr 4, 2006 7:41 PM in response to Callie

Just say no to Norton.

I think their software has just about as many exploits as Windows, and running anything as root is really asking for trouble.

Don't give anything your admin password, unless you completly trust the source and even then watch out. Hackers are targeting applications that install themselves or run with admin password. So keep those apps on a very short leash, not running all the time or not at all if possible.

I'd also like to be able to 'test' whichever firewall I'm using.
To somehow 'see' what attempts have been made on my computer,

There are websites that will probe all your ports and run trojan tests to see if your suspectible to anything.

http://scan.sygate.com/

I have found the Mac OS X firewall pretty good if you enable the full options and logging. Look at console>logs>ipfw.log to see the blocked attempts.

Also you should consider a outgoing firewall like Little Snitch, this lovely program will stop all unusual activity from contacting your network and wait for your approval. So if you run malicious Quicktime file (trojan) and it launches Terminal and attempts to download a bigger payload you'll be warned.

You will be very surprised how much stuff is going on behind your back also.

Reply

Answer 7

FragOrder

Level 2

225 points

Apr 5, 2006 4:35 PM in response to ds store

Tried the stealth mode as well and all was blocked! Im happy!

Reply

Answer 8

Apr 6, 2006 9:03 AM in response to FragOrder

Norton is just about useless for firewall

I'd be interested to know on what basis this statement is made. I've been running Norton Firewall for quite a few years now and it has performed up to, and sometimes above, expectations. There are aspects that are still better than the Apple supplied software - such as the GUI display of log entries and explanations of what they mean.

Sure there are other cheaper/free alternatives but that doesn't mean the Norton firewall isn't effective.

Graham

Reply

Answer 9

Apr 6, 2006 2:28 PM in response to Kiwi Graham

It's probably effective, but it's increasingly pointless, since more and more users are behind NAT routers, and that's where the real 'firewalling' should be happening.

It's not hard to read the ipfw.log files, which is really only needed to help catch misconfiguration of your router's firewall.

I probably wouldn't run Norton's firewall if it was free, I definitely wouldn't pay for it.

Reply

Answer 10

Callie Author

Level 2

180 points

Apr 8, 2006 5:50 AM in response to ds store

Hi ds store,

I'm happy to get rid of Norton.
I've turned on the inbuilt Firewall.
I've got the following boxes ticked to allow
Personal File Sharing (548, 427)
Squeezebox (3483, 9000) this allows music to stream wirelessly.

A friend has recommended using Brickhouse.
What would I be able to do with it that I can't do with the inbuilt Firewall?

How do I enable "full options and logging" ?

I've had a look at console>logs>ipfw.log
there's nothing in any of these.
Is this good?

I've done all the scans on sygate, and am wondering about the results
(see below)
I'm not sure what to do to make the firewall work better.
I don't understand how a closed port is still a security risk?
What else can I do to protect a port if it's already closed?
As to open ports, don't they need to be open?
I haven't ticked ports 80, 67, 21, 23, 254, 255
yet they're found to be open by then scan. Why is this?

Would all these problems be solved if I upgraded to Tiger
and turned on Stealth mode on the inbuilt firewall?
Would Little Snitch protect me from all Trojans?
What about spyware?

Sorry for all the newbie questions!
Many Thanks.

UDP scan
DHCP SERVER 67 OPEN
all other commonly used ports and trojans reported as closed,
but says
This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.

Trojan scan
21, 23 and 80 OPEN
nothing else reported.
still said scanning... after several hours.

TCP scan
FTP 21 OPEN
File Transfer Protocol is used to transfer files between computers. A misconfigured FTP server can allow an attacker to transfer files, Trojan horses, and virus programs at will.
TELNET 23 OPEN
Telnet is used to remotely create a shell (dos prompt), this can allow an attacker to control your system as if he was sitting in front of it.
WEB 80 OPEN
HTTP web services publish web pages. A misconfigured web server can not only offer an attacker needed information about his target, but it can allow for various security breaches.
unknown 254 OPEN
unknown 255 OPEN
other ports reported as still scanning after several hours

Stealth scan
reiterates the above results for vulnerabilities of closed and open ports.

Reply

Answer 11

ds store

Level 7

30,855 points

Apr 8, 2006 6:16 AM in response to Callie

Doing a fresh install of Tiger will give you better and more advanced Firewall options not available in Panther. UDP blocking for instance. Plus it will close any holes left open by any previous Mac OS X exploits.

Under Tiger I run the sygate test and I'm a ghost.

Would Little Snitch protect me from all Trojans?

Little Snitch is a outgoing Firewall, it will stop a majority of unusual outgoing network behavior automatically so you have the option to set conditions of that connection attempt. It will not stop trojans, but it can stop most trojans from making a internet or network connection. It all depends if the exploit being used for the trojan gets to use root or not. Little Snitch runs as root.

What about spyware?

There is Mac spyware, but because there are so few exploits for Mac OS X and that spyware requires root access, it's incredibly difficult for it to get on your Mac from a remote location. Spyware is more likely to be installed in person by someone who has admin access to your machine.

As a matter of routine, and especially if you suspect or have a serious security update, you should do a fresh install of Tiger, then update, then install apps and files you know from cd/dvd-r.

Apple issues patchs for exploits, but they don't do anything to check if the system is vunerable from a exploit before the patch was applied. This might be the case for you.

Reply

Answer 12

Callie Author

Level 2

180 points

Apr 8, 2006 7:36 AM in response to ds store

Hi ds store,

Thanks for your advice.
So, would I need to backup all my documents first?
Would a fresh install of Tiger wipe my whole harddrive?
When I get the Tiger install disc does it give me the option to either update or fresh install?
Then I'd need to re-install all my non standard applications,
re-configure the airport
re-configure the firewall.

Sounds like a big pain!
But if I've been without a firewall for a while,
I guess some trojans or spyware could be on my Mac.

Many thanks

Reply

Answer 13

Apr 8, 2006 8:41 AM in response to Callie

Hi Callie;

If by a fresh install ( I personally hate it when everyone renames things with cute names to suit themselves. Why they can't use the same terminology as the vendor I'll never know.) it being suggest that you do an Erase & Install, I have to disagree. So far I have never found the need to do that. Generally I have used Upgrade to get to newer versions of OS X. I have used Archive & Install when I felt I had problems that the Upgrade would not handle. So far I have never had any problems serious enough to use Erase & Install.

If you select Archive & Install and request it to save your network connections, you will not have to reinstall anything. At least that is the way it worked when I used it. I then tested my system to be sure everything worked. Once I was satisifed that things were working correctly, I deleted the Previous System folder.

Allan

Reply

Answer 14

beerad72

Level 1

15 points

Apr 8, 2006 9:22 AM in response to Allan Eckert

What about antivirus's are they very necessary with a mac if you have your fire wall enabled? And if so what would you guys recommend? I'm new to mac's so any help would be appreciated thanks.

Reply

Answer 15

Apr 8, 2006 9:41 AM in response to beerad72

Hi beerad72;

I am in the camp of users that are not using any antivirus at the present time. I still feel that the treat from virus on the Mac is so low at the present time I don't think it is worthwhile spending the CPU cycles or money for one. That is my opinion on the subject.

Firewalls are put into place for a different reason then virus. They are there to prevent unauthorized access to your system. A firewall will not protect you from virus. A firewall is a good thing to protect your system and OS X has a very good one built into.

Allan

Reply