Thanks EagleKeeper. This is a personal computer that is not connected to a corporate network. I've read a lot of good reviews on Norton's current product, but in the past I've heard so much bad stuff about Norton that I've been scared of it.
Is there any reason that you prefer the Windows firewall to the Norton's?
To be honest I don't really care for over the other much.
I guess the difference is with either one you need to be able to do what one does on the Internet in either case, without alot of fooling around with it. The windows firewall is already there whereas with the norton firewall it would be a good thing to turn off the windows firewall to allow nortons to do it's job otherwise you would end up trying to mitigate any differences.
And for that matter, I'm not sure I see the wisdom of disabling a built in firewall in order to install a third party firewall.
But, just to carry this thought out a little further, and I do encourage any input on this. Typically an exploit can only be used against an open port on a pc, if the port is not open on the target then the exploit cannot happen. If the related ports are not open then you get nothing done because even though you might be able to send on one port the receiving port may be closed.
It's not unusual for well used protocols to use different ports or endpoints for communications. For specifics just google RFC (add your protocol here) to see how it is implemented.
In the end I think that most folkes here are right it's not a science, it is an art and your not going to find consensus either here or on the web.
I guess that's why the security industry is lucrative.
And just to wind up this post, the latest versions of Norton (just the antivirus) have a much smaller footprint and are alot faster then the older ones. Again, I think the best people that analyse malware work for Symantec but it is a war of escalation, you got thicker armor I build a bigger bomb.
Ok, just one anecdote to keep you on your toes. One time we were running symantec network security (i think) from a central server ( all it did at the time was push definitions) but on the perimeter I was running snort sensors. The sensors picked up something fishy but couldn't point to anything specific. It did give me the originating IP addresses though so I called the local admin but in the end it didn't help.
Anybody remember spybot32?