Review - Norton Internet Security 2000

posted onNovember 19, 2000
by hitbsecnews

This article was first published over at Cnet Malaysia . The original link can be found here

We've all heard it before--some Web site getting defaced by a cracker on the other side of the planet just because the site's security was weak. You sit there and you tell yourself, "this sort of thing only happens to servers, and I'm still safe cause I'm just a desktop user". Well that may have been true in the past, however more users are starting to get always-on connections and even those that don't have a fixed IP address, are still susceptible to Denial of Service attacks and other malicious probes from the void. Add to this the fact that viruses get nastier each time a new variant comes out, and horror stories of Web sites with hidden scripts that can scan your online identity, or even your hard drive and you certainly have enough reason to sit up and pay attention.

This is where Norton Internet Security 2000 comes into play. The product combines the popular Norton AntiVirus with a personal firewall in one package, providing almost complete protection against the most prolific forms of computer attack.

The personal firewall component is perhaps the most interesting bit in the package. In brief, a firewall is a virtual barrier between you and the void -- in this case this happens to be the Internet -- which monitors all traffic in the shape of UDP and TCP packets coming into and going out from your PC's ports. Every Windows-based PC has about 65,000 UDP (User Datagram Protocol), TCP (Transmission Control Protocol), Socks, HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), Netbios (used by File and Print Sharing) and telnet ports, the most vulnerable of which is the Netbios port. Norton Internet Security monitors the most common ports and issues a warning when any untoward activity is detected, either coming in or going out.

When any outgoing communication is detected, Norton pops up an alert asking you how you would like it to be handled. The user can then create a specific rule for the application in order to determine whether users will be granted or denied access. If you enjoy playing games online, it's best to chose this option and allow complete access for your game or shut down the firewall completely, otherwise you're likely to find the pop up message to be a little bit annoying.

The package

Although the box seems rather big, you'll find that most of the space within it is taken up by a folded up piece of cardboard - the main contents of the box is nothing more than a comprehensive user guide, the installation CD-ROM and a little "thank you" note. The user guide comes in a fair number of languages and is well written - in short its straightforward without incorporating too much jargon making it easy to understand even for newbie users.

The installation is surprisingly well automated, and the installer prompts you for a few settings but also makes recommendations. Thus new users will be able to get the product up and running with basic security settings (recommended for most users) and the more advanced users out there will be able to tweak their settings to their desired levels.

The product was installed on our test system - a Pentium III 700E machine with 128MB of RAM and 30 GB of hard drive space. The system was running Windows 98 SE. The installer does recommend that you check for updates once the installation is complete - so make sure your Internet connection is available before the installer finishes. By using the auto-update feature, users can ensure that their application is constantly kept up to date. Once the installation is complete, and the relevant files have been updated, the system will prompt you to reboot, afterwhich, you're done.

Testing

In order to take the product through its paces, I went over to another system on my LAN (Local Area Network) and ran nmap against the Windows box. Nmap is a network mapper that actually scans a host or a subnet for services that might be running.

This is usually the first attack carried out by an intruder--a ping scan so the attacker has an idea of what services are running on the machine. Prior to the installation of Internet Security 2000, these were the following ports open on the machine.

The nmap scan was run from a Red Hat 6.2 server running nmap V. 2.54 BETA3. We ran the scan twice. Once from the internal network (192.168.1.x) and another time from one of my servers sitting on a public network. The output shown below is for the scan from the outside. Note: Both results for the internal and external scans were the same.

This is what was shown before the firewall had been setup and was running.

[root@eileen /]# nmap -P0 202.188.87.12

Starting nmap V. 2.54BETA3 ( www.insecure.org/nmap/ ) Interesting ports on isdn-brf-87-12.tm.net.my (202.188.87.12): (The 1529 ports scanned but not shown below are in state: filtered) Port State Service

139/tcp open Netbios

Nmap run completed -- 1 IP address (1 host up) scanned in 391 seconds [root@eileen /]#

This is what was shown after the installation was complete.

[root@eileen /]# nmap -P0 202.188.87.12

Starting nmap V. 2.54BETA3 ( www.insecure.org/nmap/ ) Interesting ports on isdn-brf-87-12.tm.net.my (202.188.87.12): (The 1529 ports scanned but not shown below are in state: filtered) Port State Service

113/tcp closed auth

Nmap run completed -- 1 IP address (1 host up) scanned in 391 seconds

[root@eileen /]#

Keep in mind that the -P0 flag was used as the standard nmap command returned a 0 hosts up result. In short, the firewall was doing a pretty good job of ignoring our ping probes and ignored all of our requests for ACK (Acknowledge) packets.

As you can see, even with the -P0 flag enabled, the target machine was pretty well locked down and the only port shown was auth (113) and even then, the port was in a closed state - in short an attacker would not be able to connect to the machine at all.

Final notes

If you're the type of user that's paranoid about the possible attacks you might face from going online (and I don't blame you for being paranoid either), then perhaps Internet Security 2000 has what you'd need - complete peace of mind security from almost everything out there. Just remember to update your virus definition files so that your system is kept up to date.

1.) Review: Norton Internet Security 2000 - Dhillon Andrew

2.) Dreamcast Underground - 101Bytez

3.) A look at ASPs (Application Service Providers) - Liquid Sphear

4.) Quake III on Linux - L33tdawg

5.) ID Theft - What they do - Hunterose

6.) Reversing a trojan - metaray!abrams

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes