Archived from groups: comp.security.firewalls (More info?)

I have recently purchased and installed Norton Internet Security 2004.
I was previously using Zone Alarm but had no anti-virus software and
thought it was time I got better protected, so thought that a combined
package would cause me less administrative hassle. I am running
Windows 98.

I have disabled the Automatic Live Update but something in the
programs that it sets running on my PC keeps trying to dial out to the
internet. No matter how many times I hit "Cancel" on the dial-up
connecion box, it keeps coming back up. Eventually I let it connect
but I couldn't see where it was trying to get to. After downloading
about 200-300k over the connection, it stopped and I could disconnect
without it complaining. I have had to do this about 2-3 times over the
past couple of days. And no, this is not coming from any spyware - I
have Ad-Aware & Spy Bot and neither found anything to complain about.
I think it may be coming from some component called ccApp which is run
on startup.

I have disabled everything I can find in the configuration options
that is called "Automatic" and removed the (disabled) Live Update task
from the scheduler.

Since installing the product, I seem to be constantly at its demand
and it's taking over my life and my PC. I thought it was supposed to
make my life easier?

Any advice gratefully received.

TIA

Liz D

Archived from groups: comp.security.firewalls (More info?)

Hi Liz,

It may be when you first install it you want to do a Update for NIS and NAV.
But most likely it is your Registration and it does the Live Update
anyway as part of the registration process.
You should have a checkbox to stop it from registering.

Also I'm not that up on NIS 2004 as I have NIS 1.0 but you should put a
Block All TCP/UDP Rule either direction at the end of your Rules List
when you are not using Rules Assistant.
And when you are using RA you should set that Rule to Ignore but still
to Log.

Sometimes UDP's drop through the Rules List and the Log doesn't always
show if they were Blocked or Allowed.
NIS is AtGuard and that was a Must Rule but NIS tells you the same thing
in the Help Files but in so many words and you really got to dig to find it.

Look under "Rules Assistant", "Unused port blocking" and "Implicit
Block" in the Help Files.

Not sure if they changed that for your Version of NIS but you might want
to check on it anyway.
Think it was stupid of them not to include that up front.
BTW I like my NIS 1.0 and have no intention of changing it.

It's a good Rules Base Program where you have an App Based before I believe.

Kevin

Archived from groups: comp.security.firewalls (More info?)

"!:?)" <"!:?)"@*.com> wrote in message news:<vidPc.163136$OB3.55674@bgtnsc05-news.ops.worldnet.att.net>...
> Hi Liz,
>
> It may be when you first install it you want to do a Update for NIS and NAV.
> But most likely it is your Registration and it does the Live Update
> anyway as part of the registration process.
> You should have a checkbox to stop it from registering.
>
> Also I'm not that up on NIS 2004 as I have NIS 1.0 but you should put a
> Block All TCP/UDP Rule either direction at the end of your Rules List
> when you are not using Rules Assistant.
> And when you are using RA you should set that Rule to Ignore but still
> to Log.
>
> Sometimes UDP's drop through the Rules List and the Log doesn't always
> show if they were Blocked or Allowed.
> NIS is AtGuard and that was a Must Rule but NIS tells you the same thing
> in the Help Files but in so many words and you really got to dig to find it.
>
> Look under "Rules Assistant", "Unused port blocking" and "Implicit
> Block" in the Help Files.
>
> Not sure if they changed that for your Version of NIS but you might want
> to check on it anyway.
> Think it was stupid of them not to include that up front.
> BTW I like my NIS 1.0 and have no intention of changing it.
>
> It's a good Rules Base Program where you have an App Based before I believe.
>
> Kevin


Hi Kevin

Thanks for the feedback.

NIS 2004 seems to be App based rather than rules based. I have turned
off "Automatic Program Control" in the Personal Firewall options and
it hasn't tried to dial out since then, so this may have caught it.

I have added a "Monitor" rule under the "Advanced" options for
TCP/UDP. I'm not sure I would know what to do with any information,
but I might be able to use it to figure out what it is doing.

I ran a Live Update manually after installing and registering the
product and downloaded about 10MB of updates, which took over an hour
on a dial-up modem. It currently wants me to download about 25MB for
a "Norton Internet Security URL Update", which I'm going to have to be
really convinced I need to do before I agree to download it. I can't
believe anyone actually lets the program do this automatically - it
would tie up my computer permamently running endless updates if I let
it.

BTW I downloaded some Windows 98 patches the other day as I thought I
should bring everything up to date, and the dialling out problems
started after this. Do you think this might have caused some
incompatibility with NIS 2004? (Though they were pretty old patches,
some dating back to 2001).

Thanks for the info

Liz D

Archived from groups: comp.security.firewalls (More info?)

liz_davidson_nz@hotmail.com (Liz D) wrote in
news:55f01bc2.0408012004.18fbc6ae@posting.google.com:

> I ran a Live Update manually after installing and registering the
> product and downloaded about 10MB of updates, which took over an hour
> on a dial-up modem. It currently wants me to download about 25MB for
> a "Norton Internet Security URL Update", which I'm going to have to be
> really convinced I need to do before I agree to download it.

This is the list of sites to block for parental control. If you're not
using that feature, you don't need them.

> I can't
> believe anyone actually lets the program do this automatically - it
> would tie up my computer permamently running endless updates if I let
> it.

Yes, updating Norton products after installing can be a real pain. I once
downloaded all the updates at once (some 30MB) only to have the first,
smallest update crash and having to download it all again. After that, I
downloaded things in pieces, with reboots between. What a pain!

--
Clark G
* take away the em's to reply

Archived from groups: comp.security.firewalls (More info?)

Hi,

Liz D wrote:

> Hi Kevin
>
> Thanks for the feedback.
>
> NIS 2004 seems to be App based rather than rules based. I have turned
> off "Automatic Program Control" in the Personal Firewall options and
> it hasn't tried to dial out since then, so this may have caught it.

Good glad you solved that.

> I have added a "Monitor" rule under the "Advanced" options for
> TCP/UDP. I'm not sure I would know what to do with any information,
> but I might be able to use it to figure out what it is doing.

In my NIS 1.0 I have Categories like NIS Secure Sites ect...
Some Categories can not be placed below others like NIS System Keeping
can not be put under NIS Medium Protection that is last.
And others Like General and Web Browsers do not matter what order but
can not be placed below any NIS Categories except NIS Secure Sites that
can be put anywhere above the other NIS Categories.

After you apply and close the window with the Firewall Rules you will
see the Rule has moved in the list later when you check it if the
Category was not set correctly.

The Monitor Rule should be placed at the end of your Rules List so it
will hit all the other Rules first.
When it doesn't have a matching Rule it will hit that Monitor or Log
Rule and write to the log.
In the Log you should see that Rule and the next should say "User
Permit/Block", "Unused port blocking" and "Implicit
> Block"
If it doesn't then it dropped through without logging what action was
taken and is usually a UDP.
(It does catch UDP but I've seen them drop through too.)
I believe it is still blocked but doesn't log it for some reason.

It will also give you a way to update your Trojan List when you go to
the Symantic Test Site and let them probe for the latest Trojans.
Look through the Log after and look for those Logged Monitor Rule for a
list of Ports and if TCP or UDP it probed.
You can then make your own Rules for those new Trojans.
If you still subscribe to NIS Updates you won't have to do that

>
> I ran a Live Update manually after installing and registering the
> product and downloaded about 10MB of updates, which took over an hour
> on a dial-up modem. It currently wants me to download about 25MB for
> a "Norton Internet Security URL Update", which I'm going to have to be
> really convinced I need to do before I agree to download it. I can't
> believe anyone actually lets the program do this automatically - it
> would tie up my computer permamently running endless updates if I let
> it.

If you have kids then you may want to download those URL's but if not
you can turn that feature off or uncheck the URL part of the upgrades
each time.

>
> BTW I downloaded some Windows 98 patches the other day as I thought I
> should bring everything up to date, and the dialling out problems
> started after this. Do you think this might have caused some
> incompatibility with NIS 2004? (Though they were pretty old patches,
> some dating back to 2001).

Good job.
And if you have criticial update use it to alert you of the update but
use the START BUTTON and then Windows Update to be sure it's not a
Hacked Popup.

Also MS NEVER sends Upgrades or Patches by Email and any you see are
Viruses that include a real looking Website and URL thats has a minor
misspelling to fool you.
Always use your Start Button to Update Windows and use the Criticial
Update as a notice that there is a new update is there for you only.

>
> Thanks for the info
>
> Liz D

Any time, hope it helps.

Kevin