If you're a fan of Seinfeld, you'll remember the Bubble Boy: a kid who, though good at Trivial Pursuit, could not leave a protected plastic bubble. Nothing got in and little got out. With Norton Personal Firewall, your computer will share the same fate.
Introduction
Microsoft's Charles Fitzgerald once said, "If you want security on the Net, unplug your computer." There's now another option: Norton Firewall. Don't get too excited though. Symantec's Norton Firewall accomplishes the difficult task of securing your computer in almost the same way as unplugging your Internet connection. To explain, indulge me in a short trip down memory lane and a small moral object lesson.
I was raised in an environment where the authority figures around me had a hard time modulating the balance between excess and modesty. For example, many who guided my moral education believed that alcohol was evil. The belief wasn't merely that alcohol could cause evil or that it could be used by evil people. Rather, the teaching was that the substance itself was somehow evil. I think the belief sprang from the fact that alcohol can be abused and cause lots of personal and social heartache. But instead of teaching moderation, and providing education on developing the discipline of avoiding excess, my moralist elders demonized the substance and demanded that people entirely refrain from drinking alcohol. In many ways, while this approach was pretty effective in keeping people away from the dangers of alcohol, it taught us relatively nothing and prevented people from enjoying many of the healthy and wonderful things about a fine scotch or a perfectly aged Merlot. Looking back, the approach now strikes me as a bit lazy. It's much easier to demonize something entirely and avoid dealing with it altogether than it is to accept that it can be used for evil or good and to do the really hard work of figuring out which is which.
This anecdote does relate to Norton Personal Firewall in that the application is a lot like my childhood leaders. Norton Personal Firewall will protect you. Unfortunatly, it will do so at the cost of essentially unplugging you from your network. It will lock everything out and warn you about everything that passes through it instead of using intelligent logic to determine what is risky and what is not. You'll be safe but, in my opinion, you'll be too safe.
| Price to Value | Rating  |
What's Not:
There is little about the Norton Personal Firewall to recommend. It's slow, overprotective, and overly complex. I suffered from installation problems as well. For the money, there are other products that do a much better job.
| Installation & Setup | Rating |
What's Not: On the first installation, the installer worked as expected and did a good job of transitioning my computer from Windows Firewall to the Norton Personal Firewall. While not a one-click process, the installer wasn't too invasive although it did need quite a bit of handholding.
Prior to installing the application, the installer did a pre-install integrity scan which checked the computer for problems that would prevent the firewall from installing properly.
[nortonfw_install_integrityscan.JPG]
After the main installation is completed, Norton Personal Firewall will check for updates and ask the user about using Norton's security features rather than the Windows Security Center. When I agreed to let Norton manage my security, the Windows Security Center icon disappeared from my task tray. Then Windows Security Center, accessed from Control Panel (Windows XP), indicated that it was no longer managing my security because the service was stopped. Norton seemed to opt for replacing Windows Security Center rather than integration with it.
[nortonfw_install_nextsteps.JPG]
The installer wrote about 86 Mb to the hard disk and created roughly 4200 registry keys. The uninstaller removed the application fairly well removing all the files but leaving most of the registry keys.
In order to do an evaluation of the uninstaller, I had to uninstall the product right after installing it (to get accurate disk space measurements and the like). The uninstaller seemed to work fine but I had quite a bit of trouble getting the product installed again. The installer complained that the previous version hadn't been uninstalled completely and it couldn’t do anything to fix it. I had already removed the product by way of Add/Remove Programs so I had no other options.
[nortonfw_install_error2.JPG]
Subsequent attempts to install produced another dialog box that stated that an installation process just ran and a reboot was required.
[nortonfw_install_error.JPG]
I tried a number of times to reinstall the software. I manually deleted files and tried a registry cleaner to try to get my system to a state where Norton Personal Firewall would reinstall. After the fourth attempt, I used Total Uninstall (which I use to monitor all my installations) to do a complete system clean of all things Norton. That did the trick and I finally was able to reinstall the product. Overall it was a horrible experience that wasted a lot of time.
| User Interface | Rating  |
What's Hot: The UI is broken down into two main sections. The Norton Protection Center is a quick-glance overview of the status of the security on your system. It tells the user which areas need attention and provides a big "Fix Now" button to address any open issues. I had problems getting the protection to work. Pressing the Fix Now button didn't seem to do anything and neither did clicking on a link that was supposed to show me details of my problems. Clicking on one of the detail links did present me with a small dialog box that outlined the protection status for that area.
[nortonfw_protect_center_info.JPG]
The other main area of the UI is Norton Personal Firewall section which, obviously, is where users can manage the firewall. Each subsection has a separate screen where you can turn that area on, off, or configure it. Norton Personal Firewall does include a timer for each section allowing you to turn the protection off temporarily or permanently. The timed increments in which the security item will remain off includes five minutes, 30 minutes, one hour, four hours, or until the system restarts.
[nortonfw_turnoff_protection.JPG]
The main application has what can best be described as a "panic button." Pressing the button turns off all access to all networks. The feature works as expected and can be very useful if you find your computer is under direct attack.
[nortonfw_stopalltraffic.JPG]
What's Not: The application's user interface is a non-standard blend of tabs, buttons, and hyperlinks. While not inaccessible, it was confusing at times and it was sluggish in my tests. In some places, fonts were too big and titles were hidden by other objects on the screen.
[nortonfw_interface_oddities.JPG]
Each item in the firewall section is configurable. The "personal firewall" itself has the greatest depth of configurable options. Most importantly, it allows you to open up ports for various programs that need them. While Norton Personal Firewall does give you a great deal of flexibility in this feature, accessing it and setting it up was very convoluted. To open a single port using mostly default options took no less than 18 clicks of the mouse. In a competitor's product (Micosoft's OneCare), I was able to accomplish the same task in nine clicks. One problem is that their default list of products (for which you might want to open a port) is short and doesn't include popular products like ActiveSync or Remote Desktop Connection.
[nortonfw_firewall_rules.JPG]
| Product Features | Rating  |
What's Hot: The offline and online support are good.
What's Not: As I stated in the introduction, my evaluation of the firewall is that it is far too restrictive by default. In general, anything that required network or internet access after the firewall was installed either didn't work properly or needed manual permissions set in the firewall. For example, Remote Desktop failed to work after the firewall was installed. I expected this because I have Remote Desktop set to listen on a non-standard port on the machine on which Norton Personal Firewall was installed. I opened the port (or at least I thought I had) and still could not get Remote Desktop to work. So I tried to launch a very standard network utility called ipconfig.exe in order to check my IP addresses and ensure I was connected to the network. Norton Firewall flagged ipconfig.exe as a suspicious application and wouldn't allow it to access my network. I had to explicitly tell the firewall that the application was okay. (Note: this happened the first time I installed the firewall but not the second time. The second time, Norton Firewall automatically evaluated the application and permitted it to run.) I never did get Norton Firewall to allow me to use Remote Desktop and had to turn the firewall completely off in order to use the application. Not good.
I also had ongoing problems with other standard applications that attempt to access the internet. I could not get my Google Toolbar gadgets to update even after I uninstalled Norton Firewall (the protection that keeps on protecting) and I even had problems accessing my local network.
[nortonfw_lockdown_example.JPG]
In a span of roughly ten minutes trying to do common tasks on the computer such as browse the internet and use Media Player, I was asked seven times to approve various processes. These included allowing Internet Explorer to access the internet as well as more obscure things like allowing ActiveSync's RAPI Manager to run. It should be said that once permission is given to these applications, you shouldn't be prompted again. Still, for many of these applications, Norton Personal Firewall should have been able to make a decision on what to allow and what to ask about.
My take on this level of "protection" has largely been negative which may be surprising given that I'm reviewing a firewall and protecting is what firewalls are supposed to do. But my philosophical approach to security tools is that they should protect you without you being aware of it. The main purpose of a computer is to be a tool that enables browsing the internet, programming, writing, finances, and so forth. A security suite should protect so that you can better get those things done. An application that prevents you from doing what a computer should empower you to do or that has to ask or tell you every time some potential threat comes along has ceased to function properly in my opinion. It would be like driving an automobile that only goes ten Mph, flashes and beeps at you whenever an object comes within a ten foot radius, and deploys the airbag when you go over a speed bump. Yes, you're absolutely safe. But at what cost?
| Performance | Rating |
What's Not:
Overall, the Norton Personal Firewall interface and scanning engines are sluggish. The UI took 5-7 seconds at times to respond to a mouse click and file operations like copying a bunch of files over the network generally increased by 1-2 seconds with the scanners on. When I tried to run ipconfig to get an IP address, it took approximately 5 seconds for the firewall to respond and tell me that it had detected the "intrusion."
Images
Suggested Features
The software needs a re-write in my opinion. It appears to be a last-generation package that needs to be rewritten with modern tools and a new approach.
Conclusion
Overall, Symantec's Norton Personal Firewall does not stand up against the comptetition. A firewall should not only be measured by how well it keeps threats at bay (which the Symantec product does well) but how well it stays out of the way and lets your computer do what it was meant to do. Norton Personal Firewall is too present: it slows things down and is always in your face. It's also too restrictive and not smart enough to know what to let in and out and what to ask you about.
Related Products
ZoneAlarm Pro, CA Personal Firewall