norton antivirus "internet worm protection"

  • Thread starter Thread starter Morten S
  • Start date Start date
M

Morten S

just installed Norton Antivirus 2005....
do I really need to have "internet worm protection" enabled if I already got
Zonealarm firewall running?
 
Morten S said:
just installed Norton Antivirus 2005....
do I really need to have "internet worm protection" enabled if I
already got Zonealarm firewall running?
Click to expand...

The firewall is boundary protection. What if the worm is on your host
but not trying to get past the boundary (i.e., it damages YOUR host and
doesn't go looking for more hosts)? The firewall isn't going to scan
your e-mail attachments or your file downloads since you allowed those.
A worm doesn't have to go wandering off your host. It could simply keep
replicating itself until it fills up all the space on your hard drive.
I'm still using NAV 2003 (as part of NIS 2003) but when my subscription
runs out then I'll probably get something different.

From what little description there is of the "Internet worm protection"
feature on Symantec's web site, it appears to be an inbound detection so
it overlaps the firewall's protection *if* the firewall did indeed stop
that inbound intrusion attempt. There is some more description at
Symantec's page at http://snipurl.com/9h2b. The first four features are
duplicates of what Norton Internet Security provides, and might be
covered by other firewalls, too (don't know about the *freebie* ZA since
it has far less features).

When ZA pops up its alert that a program wants Internet access, do you
know for sure if it is a good program or an infected one or spyware
(which are least detected by anti-virus products)? In fact, a program
can call a second program to perform the connection. You say Yes to let
Internet Explorer to allow you to browse but another program can use IE
to make the connection. Most personal firewall users figure that they
are safe in deciding if an application can get Internet access and then
they allow it, but they never know if it was that program that initiated
the connection request (i.e., did it want the connection or did
something else use it to make the connection). See the Google copy of
my other posts at http://snipurl.com/9h2f and http://snipurl.com/9h2g.
The tooleaky test tool is at http://tooleaky.zensoft.com/. Don't assume
outbound protection is going to protect you against malicious use of
your Internet connection. It's been too many years since I used ZA Pro
to remember if it had the ability to detect this double-layered method
of getting an Internet connection, and since the freebie ZA has less
features then I suspect it isn't available in that version.
 
When ZA pops up its alert that a program wants Internet access, do you
know for sure if it is a good program or an infected one or spyware
(which are least detected by anti-virus products)? In fact, a program
can call a second program to perform the connection. You say Yes to
let Internet Explorer to allow you to browse but another program can
use IE to make the connection. Most personal firewall users figure
that they are safe in deciding if an application can get Internet
access and then they allow it, but they never know if it was that
program that initiated the connection request (i.e., did it want the
connection or did something else use it to make the connection). See
the Google copy of my other posts at http://snipurl.com/9h2f and
http://snipurl.com/9h2g. The tooleaky test tool is at
http://tooleaky.zensoft.com/. Don't assume outbound protection is
going to protect you against malicious use of your Internet
connection. It's been too many years since I used ZA Pro to remember
if it had the ability to detect this double-layered method of getting
an Internet connection, and since the freebie ZA has less features
then I suspect it isn't available in that version.
Click to expand...

Some firewalls can control whether or not a program can launch others,
or even control whether or not to allow an unknown program to run at
all. I think this includes services, but dont quote me on that.
 
Theo said:
Some firewalls can control whether or not a program can launch others,
or even control whether or not to allow an unknown program to run at
all. I think this includes services, but dont quote me on that.
Click to expand...

It wasn't until I happened to wander through NIS that I found the
function to alert me to a second program trying to use an authorized
program to make a connection. I suspect it may not be a feature
included in the freebie version of many firewalls, like ZA and maybe
even for Sygate Personal Firewall, but hopefully it is included in their
paid Pro versions.
 
It wasn't until I happened to wander through NIS that I found the
function to alert me to a second program trying to use an authorized
program to make a connection. I suspect it may not be a feature
included in the freebie version of many firewalls, like ZA and maybe
even for Sygate Personal Firewall, but hopefully it is included in their
paid Pro versions.
Click to expand...

I am running Sygate Personal Firewall 5.5, Build 2637. This is the
free version. The feature is included. I would highly recommend
Sygate Firewalls for their reliability.
 
Back
Top