Norton Firewall
 

A year or so ago i've installed several firewalls and used them.
I thought Tiny Personal (TP) firewall was the best and most easy to use.

I recently installed Norton internet security 2003 (NIS) on my home-box.

NIS keeps giving al kinds of warnings and possible intrusions/attacks ... whereas TP wasn't giving any warnings at all.

This could mean:
a) TP is not good enough.
b) NIS is too sensitive or not correct in giving warnings
c) NIS gives incorrect/false warnings to keep customers satisfied. As in : "As long as you generate some warning-pop-ups from time to time, you'll keep the customer satisfied as he/she has the impression of being under attack and he/she will be very glad to have installed NIS".

As i tested TP succesfully on several online-tests (even "bought" a extensive test on dslreports) and scanned the boxes succesfully on trojans/virusses with several (other) online-tests ... i think i'm left with options b) or c).

Any opinions or experiences on this matter ?

b, EVERY TCP/IP based connection needs approval by norton, incomming AND outgoing.
This process can recieve a one time net access, or permanent net access.
TP will probably only react to incomming connections that aren't triggered by an outgoing request.

If C were true, it would be front, euhm, site(?) news all over the internet.

it acts as ZoneAlarm, where you have to GIVE access to each app accessing the web..
in my humble opinion not recommended for the adv. user, NIS that is

@FR: "frontpage news" ;)

I got suspicious because with NIS you have a whois-function to lookup who's "attacking" you.

When pinging the IP of the attacker i always get a destination unreachable in stead of a timed out message ... strange.

BTW: With TP you can set the access of each app ... even if it doesn't access the i-net. TP will react to whatever is going on, in - or outgoing.

@FR: "coming" ;)

yesterday I had an attack (Trojan) from someone who's from New York.
Pinging the bastard worked.
so Norton Firewall works just fine.

? even more suspicious,
- was it yesterday between 20:00 & 22:00
- backdoor/subseven
- some guy in NY (forgot network)

yep,
same hour.
backdoor
guy or girl from NY.

What are the odds of trying to break in at two different belgian dynamic IP's at the same moment ?

The odds of sending a bogus message to all software customers are a lot bigger.

I keep logging this messages, if i keep getting the same dates & times & trojans & persons as Gamer (or others), the attacks must be "triggered" by Symantec itself.

btw: Gamer, did you register your product ? I didn't.

actually it's VERY common for hackers to scan a broad range for targets, instead of single isolated cases.
Symantec sending out a mass internet broadcast to have their program show some activity is much less likely. And this would definitly have been brought to attention.

BTW you're edging on paranoia here dude, get help, serious.

hehe, i'm on the edge of many things, but not paranoia :D

I'm just confused why one good firewall hasn't shown any intrusion at all for the last 1,5 years ... and another gives an intrusion every two hours or so, since installing it a week or two ago.
All on the same box.

Can't find the logic here ..