Review – Norton Internet Security 3.0

Norton Internet Security 3.0
Company: Symantec Corporation

Price: $129.95
http://www.symantec.com

In the movie Marathon Man, starring Dustin Hoffman and Lawrence Olivier, the evil Nazi dentist, played splendidly by Olivier, keeps asking Hoffman’s character, “is it safe…is it SAFE?”

Many malicious hackers, crackers, and script kiddies who lurk the Internet are asking your computer virtually the same question: “Are you safe?”

If the answer is “No” then you may have a serious problem.
Symantec’s Norton Internet Security 3.0 (referred to hereafter as NIS3) attempts to solve the non-trivial problem of how to protect the average naive Macintosh user from being hacked, while still keeping the Mac easy to use. That’s a tall order. Let’s see how well Symantec performed.

NIS3 is suite of three distinct applications: Personal Firewall, Privacy Control, and AntiVirus. Personal Firewall does the heavy lifting, as it controls inbound and outbound data flows from your Mac. This app acts as the gatekeeper to prevent hackers from penetrating your machine. AntiVirus scans for and eliminates viruses. Privacy Control watches outbound transmissions to prevent unauthorized confidential data from leaving your computer, as well as doing web browser ad blocking and enforcing parental controls for young web surfers.

Installation

Installation’s easy. If you have an active Internet connection, NISW3 will automatically install all the latest components. If you’re not online when installing you can update at your leisure. But be sure to update as soon as possible after your initial installation is complete.

Be warned that NIS3 installs “kext” kernel extension files, and you may get a message on the first boot after installation that certain system files have been modified. Some geeks don’t like non-Apple applications installing kext files, as some feel it can reduce system reliability.

Symantec provides a well-designed setup process that will help the naive user configure Personal Firewall. It detects if any services are currently enabled, and then adjusts its settings accordingly. If you’ve enabled File Sharing from the Sharing preference pane, NIS3 will open the proper ports. If you turn off File Sharing, NIS3 will see this, and ask you if it should make the appropriate changes. It’s quite elegant. You’re asked if you wish to allow inbound access for various services (file sharing, FTP, printer sharing, etc.) for computers on your local network, or for machines on the Internet at large. You set minimal, medium, or maximum protection. If you wish to know, you can see exactly what the various protection levels provide.

Not sure if you have the right amount of protection? You can have NIS3 quick-check your Mac locally, and report what ports are open. If you are online, NIS3 can have a special service accessed via the Symantec web site probe your machine, and test your protections in real time. This is a much more accurate check than the quick-check.

The AntiVirus application is the same one that comes with Norton SystemWorks 3, so please refer to my SystemWorks review.

Privacy Control

Privacy Control is an outstanding addition, especially for parents. Parental control applications are popular, given the burgeoning number of highly graphic porn sites and chat rooms. Parents can allow or disallow web sites group kind (adult-oriented sites, health sites, sports sites.) You can specifically allow certain sites that belong to a group that you have disallowed. You can block by name or IP number.

Privacy Control also permits you to control certain types of data leaving your computer, such as credit card, phone number, or address information. If you have protected your credit card, and your little under-age shopper tries to place a credit card order at Neiman-Marcus On-Line, Privacy Control will see the card number try to go to the shopping cart, and require a password to allow the data to go out. No password, no credit card number is sent.

You may choose to enable advertisement blocking, to cut the clutter of zillions of garish blinking ads that clog many web sites. The offending ad is replaced with a small icon that says, “Ad blocked.” To me, this is almost worth the price of the software by itself, as I have grown to detest the many blinking, animated ads that have taken over the World Wide Web.

Once installed, a small “menulet” in the menu bar provides the ability to toggle both Personal Firewall and AntiVirus on and off without having to open the main applications themselves; a nice touch. Toggling AntiVirus off is handy when you know that you wish to not scan a file download, for example.

I found that Personal Firewall generally does what it sets out to do: prevent access to your Mac from any unauthorized ports. Given that I am not a hacker (nor do I aspire to be) I tried to get in to the test Macintosh via http, ftp, chat, ssh, telnet, and a few other protocols without any success. Personal Firewall locked things up tight, and the logging ability allowed me to review my attempts to hack into my own machine.

But who really needs Personal Firewall? Should every Mac owner even buy a software-based firewall such as Norton Personal FireWall? Given the fact that OS 9 has never been successfully hacked, and OS X has a powerful built-in firewall, why spend for NIS3?

If you are a dial-up user, I’ll go out on a limb and say that you can probably do just fine without any firewall protection. Many dial-up users don’t stay online for long periods of time (trying to download Apple system software updates may be an exception). They also get dynamic, not static IP an address, which makes it virtually impossible for hackers to target your machine across connection attempts. To be sure, you could be hacked in the short amount of time you’re logged on checking your email, but the chances are vanishingly small compared to the attempts launched against broadband users.

If this crazy assertion makes you nervous, install NIS3 and don’t look back.

Broadband users are generally on-line 24/7/365, with IP addresses that seldom change, even if they are technically dynamic. Evildoers have plenty of time to focus on your machine if they wish to test their skills. Most broadband users are connected to their ISP either through a cable modem or a DSL modem, and many of them use routers or wireless access points (aka AirPort) downstream from the cable/DSL modem to share their high-speed connection between several machines in their home or office. Once a hardware router enters the picture, the need for a software solution drops.

Most routers made can serve as a firewall for a home network. Granted, you wouldn’t use it to protect a giant corporate enterprise, but most will serve perfectly well for home use. One router can serve a large number of Macs.

A software solution like Norton Personal FireWall can serve a home network, but it needs to be installed on every machine, as each machine must provide its own protection.

Geek alert!

Having a router serve both as the distribution point for Internet connectivity, IP number assignment AND firewall access control is a more centralized approach. The router can be set up to send certain types of packets to one machine and not the other. This is called “port forwarding”; you can allow FTP access to Mac 1, and Web server requests to go only to Mac 2, while letting Timbuktu requests go to Mac 3. Once the router is configured, you’re set. But until port forwarding is configured, a hacker can’t get to a Mac inside the router via a fake FTP request (for example), because the router doesn’t know which Mac should get the request. This is a direct result of having a router act as a DHCP server, assigning IP addresses to each Mac on the network, as well as doing network address translation (NAT). NAT allows several Mac to share a single IP address when communicating to the Internet outside the router. The NAT part of the router keeps track of which Mac gets what information from the outside. If the router does not know which Mac gets a request for file sharing, it’s not going to let the request through to ANY Mac. That’s good protection.

With a software solution for firewall protection, you have to make sure the software is always on and configured. If you toggle Personal FireWall off for a short time, then forget to turn it back on, and then you’re left yourself out in public with your pants down. That can be worse than embarrassing where security is concerned. Also, you need to be concerned with software compatibility. Symantec may have to update NIS3 to maintain compatibility with the recently-shipped Panther upgrade to Mac OS X. If this takes time, you may have periods when you are left exposed. In contrast, my Asante router has not been affected by the ongoing software changes on my Mac.

Confusing?

Hardware firewalls and routers can definitely be more confusing for the newbie to install and configure. It’s almost impossible to avoid swimming in the Internet jargon soup of TCP/IP acronyms when setting up a router. You’ll miss the Norton Wizard to help you through the configuration process of deciding what ports to open. You’ll need to know whether to choose DHCP for your client Mac or go with manually assigned addresses. That may be a lot to ask for someone who simply wants to know that his or her Mac is buttoned up.

Ironically, if you have a router or Wireless Access point installed, you probably ARE secure. Most routers ship from the factory with ALL inbound ports closed, and this prevents hackers from getting in. The fun starts when you want to allow access for Timbuktu or File Sharing. That’s when you get to enjoy the process outlined above. But having a router or Wireless Access point with factory settings should keep you secure.

Apple’s OS X built-firewall is configured via the Sharing preferences panel. It’s easy enough to use, and is smart enough to know which ports need to be opened to let services such as File Sharing or FTP service operate. But Apple’s firewall is quite the blunt instrument; it has none of the logging and reporting capability that NIS3 possesses, nor can it make distinction between allowing access from within your personal network and prohibiting access from outside your network. Norton can easily set to allow or prohibit access according to specific IP number ranges, or just inside or outside your network. The setup wizard walks the user through these settings s quite easily.

Logging

Another capability that NISW3 has in spades (and that many consumer-level routers and access points do NOT have) is comprehensive logging and reporting. NISW3 can be set to tell you about virtually every IP packet both inbound to and outbound from your Mac, expected or not. You can have NISW3 tell you as soon as an unexpected packet arrives; what kind of service request it’s making, and what port it’s trying to use. You may prefer just to have the information logged to a file, and then review it later. The software has the ability to provide a “visual traceroute” feature, which allows you graphically display the origin of the packet that you’re investigating. The only drawback to Visual Tracking is that the location shown relates more to the general vicinity of the network the suspicious packet comes from, not the exact location. When I tracked a packet coming from my desktop machine (using Comcast broadband) I could only find that its packets were coming from Southern Arizona. Well, that’s not like getting GPS coordinates, but it’s at least useful.

What if you decide to take a “belt and suspenders” approach, and install both a hardware router AND Norton Personal Firewall? You should know that even if you allow access to the services you want via Personal Firewall, youÕd still need to open up the proper ports on the router, as it sits “upstream” from each client Mac. If the access is closed down at the router, having Norton allow access at the Mac itself will do no good! Having both types of protection installed is adding to the setup complexity, without adding any more protection.

Conclusion

For those users who have broadband access but NO hardware router (especially for the non-geeks amongst us), then Norton Internet Security 3 makes sense. It’s easy to install and setup, and it provides good protection. It’s clearly preferable to the OS X firewall.

If you have a router or Airport base station/WAP setup, you already have protection that can be more effective (if you manage to get it configured) than Personal Firewall.

Whether or not you decide to use Personal Firewall, AutoProtect is a useful application, especially for those needing parental controls or ad blocking.

MyMac Ratings:
Personal Firewall 4 out of 5
AutoProtect 5 out of 5
AntiVirus 4 out of 5


David Weeks

Leave a Reply