Review of OS 10.4.x-compatible Norton Personal Firewall 3.0.3

Norm Nager · 07-28-2005, 10:52 PM

Among the features that factored into my decision several years ago to adopt NPF was its Stealth mode, which I was pleased to see incorporated in OS 10.4.x's built-in firewall when I had to make the switch while waiting for Symantec's compatible update to be released. When combined with a router device between one's computers and the internet, Stealth provides a great deal of protection

But there were other features of NPF I sorely missed when I had to temporarily switch to the built-in Apple firewall until the late-July release of NPF 3.0.3

1. NPF allows me to deny all access selectively to certain ports or ranges of ports. I missed that with 10.4.2's built-in firewall. For example, with NPF, I created six settings, two for individual ports and four for ranges of ports my research and trial-and-error found were the paths used by certain software to respond to pings from "home." Problem: those responses created conflicts.

2. Access for file sharing does not have to be an all or nothing proposition as it seems to be with the built-in firewall. I can restrict file sharing (and other sharing) to what amounts to a closed circuit between my two computers by identifying them in the NPF settings. Actually, you can create a "closed circuit" with any number of other computers that you "trust." You simply specify which addresses have access to specific ports.

3. One of the cooler features that you don’t see with Tiger’s built-in firewall is NPF letting you see, in real-time, which machines are connected to your computer, which service they are using, and their IP address. And if you see something with which you’re not fully comfortable, you have the option to disconnect them.

4. I can allow access for individual ports, such as the one used by my FAXstf Pro program.

5. I can choose for any port or for any range of ports to deny or allow access for incoming and/or outgoing traffic.

6. NPF's Finder menubar pull-down menu icon allows me to quickly enable or disable the firewall. Although launching NPF places its icon and its menu in the dock and I could handle enabling or disabling from there, my Finder menubar is less cluttered and never hidden.

7. NPF is automatically updated via Symantec's LiveUpdate per the schedule I set for weekly downloads of new virus definitions. I also can access LiveUpdate, Norton AntiVirus 10, and NPF from the same pull-down menu.

8. It provides several options for logging of suspicious outgoing and/or incoming activity as well as logging of Stealth mode activity.

9. I've used the program to track excessive, repeated efforts to ping my computer. It had a feature for identifying the company or institution by name, as well as number. That's good if you want to alert an organization of unauthorized use of their server.

10. NPF also provided options to select for notifying me when my other Mac settings conflict with my firewall settings and/or notifying me of conflicts with high port numbers.

11. Before Mike Romo started hanging around in the MacFixIt.com forums, I had very good technical support when I contacted Symantec. When Mike ran the now-closed MacFixIt.com Symantec forum and whenever he drops in on the MacFixIt.com Utilities forum, the support has not been "very good," it's been outstanding.

Respectfully, Norm

Footnote: My only association with Symantec has been as a consumer and as a volunteer external beta tester. I donated my time for testing NAV 10.0 before its public release, but not NPF 3.0.3

Phil St. Romain · 07-28-2005, 11:31 PM

That's an excellent, substantive review, Norm. Thanks.

nkuvu · 07-29-2005, 10:02 AM

Should point out that the built in firewall can do a lot of what you're mentioning. For example, specifying individual ports to be open. Or setting up a trust between machines on selected ports.

Granted this has to be done from the command line and not Apple's Preference Pane, but it can be done with the built in firewall.

There are a few things in the list above that the built in firewall doesn't do -- tracking suspicious activity or showing what machines are connected, for example. But the built in firewall isn't nearly as limited as the Preference Pane makes it out to be.

snowjay · 07-29-2005, 10:21 AM

Actually from the command line you can see what machines are connected by using netstat.

nkuvu · 07-29-2005, 10:55 AM

Quote:

Originally Posted by snowjay


	Actually from the command line you can see what machines are connected by using netstat.

Which isn't the firewall. Sorry, should have been more clear -- there are programs to see connected machines, and there are programs to track suspicious activity, but neither task is done by the firewall.

Phil St. Romain · 07-29-2005, 11:10 AM

BrickHouse has been around awhile and costs only $25.00 -- lots of configurability. I used it for awhile when I was hosting a couple of servers. Just fyi.

07-28-2005, 10:52 PM	#1
Norm Nager All Star Join Date: Mar 2002 Posts: 962	Review of OS 10.4.x-compatible Norton Personal Firewall 3.0.3 Among the features that factored into my decision several years ago to adopt NPF was its Stealth mode, which I was pleased to see incorporated in OS 10.4.x's built-in firewall when I had to make the switch while waiting for Symantec's compatible update to be released. When combined with a router device between one's computers and the internet, Stealth provides a great deal of protection But there were other features of NPF I sorely missed when I had to temporarily switch to the built-in Apple firewall until the late-July release of NPF 3.0.3 1. NPF allows me to deny all access selectively to certain ports or ranges of ports. I missed that with 10.4.2's built-in firewall. For example, with NPF, I created six settings, two for individual ports and four for ranges of ports my research and trial-and-error found were the paths used by certain software to respond to pings from "home." Problem: those responses created conflicts. 2. Access for file sharing does not have to be an all or nothing proposition as it seems to be with the built-in firewall. I can restrict file sharing (and other sharing) to what amounts to a closed circuit between my two computers by identifying them in the NPF settings. Actually, you can create a "closed circuit" with any number of other computers that you "trust." You simply specify which addresses have access to specific ports. 3. One of the cooler features that you don’t see with Tiger’s built-in firewall is NPF letting you see, in real-time, which machines are connected to your computer, which service they are using, and their IP address. And if you see something with which you’re not fully comfortable, you have the option to disconnect them. 4. I can allow access for individual ports, such as the one used by my FAXstf Pro program. 5. I can choose for any port or for any range of ports to deny or allow access for incoming and/or outgoing traffic. 6. NPF's Finder menubar pull-down menu icon allows me to quickly enable or disable the firewall. Although launching NPF places its icon and its menu in the dock and I could handle enabling or disabling from there, my Finder menubar is less cluttered and never hidden. 7. NPF is automatically updated via Symantec's LiveUpdate per the schedule I set for weekly downloads of new virus definitions. I also can access LiveUpdate, Norton AntiVirus 10, and NPF from the same pull-down menu. 8. It provides several options for logging of suspicious outgoing and/or incoming activity as well as logging of Stealth mode activity. 9. I've used the program to track excessive, repeated efforts to ping my computer. It had a feature for identifying the company or institution by name, as well as number. That's good if you want to alert an organization of unauthorized use of their server. 10. NPF also provided options to select for notifying me when my other Mac settings conflict with my firewall settings and/or notifying me of conflicts with high port numbers. 11. Before Mike Romo started hanging around in the MacFixIt.com forums, I had very good technical support when I contacted Symantec. When Mike ran the now-closed MacFixIt.com Symantec forum and whenever he drops in on the MacFixIt.com Utilities forum, the support has not been "very good," it's been outstanding. Respectfully, Norm Footnote: My only association with Symantec has been as a consumer and as a volunteer external beta tester. I donated my time for testing NAV 10.0 before its public release, but not NPF 3.0.3 Last edited by Norm Nager; 07-28-2005 at 10:58 PM.

07-28-2005, 11:31 PM	#2
Phil St. Romain Site Admin Join Date: Dec 2001 Location: Wichita, KS Posts: 2,350	That's an excellent, substantive review, Norm. Thanks.

07-29-2005, 10:02 AM	#3
nkuvu MVP Join Date: Jun 2002 Location: Tucson, Arizona Posts: 1,236	Should point out that the built in firewall can do a lot of what you're mentioning. For example, specifying individual ports to be open. Or setting up a trust between machines on selected ports. Granted this has to be done from the command line and not Apple's Preference Pane, but it can be done with the built in firewall. There are a few things in the list above that the built in firewall doesn't do -- tracking suspicious activity or showing what machines are connected, for example. But the built in firewall isn't nearly as limited as the Preference Pane makes it out to be.

07-29-2005, 10:21 AM	#4
snowjay Triple-A Player Join Date: Jun 2005 Location: Westchester, NY Posts: 105	Actually from the command line you can see what machines are connected by using netstat.

07-29-2005, 11:10 AM	#6
Phil St. Romain Site Admin Join Date: Dec 2001 Location: Wichita, KS Posts: 2,350	BrickHouse has been around awhile and costs only $25.00 -- lots of configurability. I used it for awhile when I was hosting a couple of servers. Just fyi.