I was a KIS 2009 user, started taking a trial of NIS 2010. I've found a serious problem with NIS 2010.
Unlike KIS 2009, NIS 2010 has failed in the GRC Leak Test. When I tested with 1.2 version I get this message:
Firewall Penetrated!
LeakTest WAS ABLE to connect to the main GRC.COM Web Server!
LeakTest was not prevented from connecting to the Gibson Research web server. You either have no firewall, you have deliberately allowed LeakTest to connect outbound, or (if neither of those), LeakTest has just slipped past your firewall's outbound "protection", if any.
As am a new user of NIS 2010, unable to block this serious vulneralibity. How to fix this problem?
The Smart Firewall has Ports that it is Set to Block should any activity try to use these Ports to get to you computer/laptop. Therefore, the "LeakTest" must have used a Port that allows activity to reach your computer. Since the test did not contain any Malicious data, Intrusion Prevention did not Block this; if Malicious data was Detected, then Intrusion Prevention would have Blocked this. These tests can create a sense false Vulnerability. You can use symantec's Security Check to test your Norton Product. symantec is the best one to use since symantec made your Norton Product. I hope this was helpful.
@Since the test did not contain any Malicious data, Intrusion Prevention did not Block this; if Malicious data was Detected, then Intrusion Prevention would have Blocked this.
Thanks for that clarification Floating_Red.
You mean I can safely ignore this test on NIS 2010. One last question:
Does it mean no real malicious program could intrude and send data bypassaing the NIS 2010 like Leaktest did? I wanted to be assured of this because 24x7 I simple don't know how to monitor those new and smart malicious programes. Please respond.
I was a KIS 2009 user, started taking a trial of NIS 2010. I've found a serious problem with NIS 2010.
Unlike KIS 2009, NIS 2010 has failed in the GRC Leak Test. When I tested with 1.2 version I get this message:
Firewall Penetrated!
LeakTest WAS ABLE to connect to the main GRC.COM Web Server!
LeakTest was not prevented from connecting to the Gibson Research web server. You either have no firewall, you have deliberately allowed LeakTest to connect outbound, or (if neither of those), LeakTest has just slipped past your firewall's outbound "protection", if any.
As am a new user of NIS 2010, unable to block this serious vulneralibity. How to fix this problem?
These tests are not reliable, so please take the Results with a pinch of salt, as already mentioned by another user. If you use the symantec Security Check, then generally, if your Results are "Safe!", then you will be Protected. Also, please be sure to keep your Definitons up-to-date and your Norton Product will do it's job at protecting you.
There are also Malwarebytes' Anti-Malware - free version - and SUPERAntiSpyware Free Edition products that is recommended you install to make sure your Norton Product is not missing anything which could be on your system. These really are two excellent products. Please be sure that you do not pay for them; if you do, they will add Real-Time Protection which will interfer with Norton's Scanners which will reduce your Protection. I would recommend doing a Full Scan with both these Products at least once-a-week, along with your N.I.S. 2010 Full System Scan; be sure to run one Scanner after the other, if you decide to install these other Products.
@Since the test did not contain any Malicious data, Intrusion Prevention did not Block this; if Malicious data was Detected, then Intrusion Prevention would have Blocked this.
.........
Does it mean no real malicious program could intrude and send data bypassaing the NIS 2010 like Leaktest did? I wanted to be assured of this because 24x7 I simple don't know how to monitor those new and smart malicious programes. Please respond.
Thanks again.
It's more like this: the thief (malware) could possibly get into the warehouse (your computer) and use a forklift (other programs on your computer) already in the warehouse but not be able to take the goods (your data) out of the warehouse. Norton's Smart Firewall and Intrusion Prevention processes would stop anything from send malicious data / processes OUT from the system or even from attacking your system internally.
As mentioned by others, not every program is perfect and catches everything all the time. MalwareBytes and SUPERAntiSpyware are excellant second level defences to check that every thing is running smoothly on your system.
How come KIS 2009 doesn't allow Leak Test 1.2? I mean, with KIS 2009, Firewall never got penetrated.
Your firewall security has actually not been compromised. Of the options that GRC offers to explain your results the most accurate is "you have deliberately allowed LeakTest to connect outbound." Or more precisely, the Norton Smart Firewall has made the allowance. Some firewalls are set up to block anything that uses the methods of internet access that are included in leak tests. Norton is set up to block these attempts only if there is a malicious payload involved. So a known safe program like the GRC Leak Test is allowed, but a keystroke logger, for example, attempting to phone home using a legitimate program as a decoy would be blocked. Norton's Smart FIrewall is very highly advanced and examines every communication attempt closely for telltale signs of malicious activity.
By turning off Automatic Program Control and enabling Advanced Events Monitoring, you would essentially be configuring the Norton Firewall to behave like the KIS firewall. Leak tests will be blocked in this mode. But the important thing to note is that Norton will block actual leaks, as opposed to just tests, in either configuration, so you are no more vulnerable to these types of sneaky tricks when employing the more user-friendly APC, than you would be using AEM or KIS.
One further note: There seems to be some confusing of leak tests and portscans in this thread. A leak test is designed to detect if a program on the local PC can use any number of devious methods to trick a firewall into allowing it to access the internet. Testing to see if a firewall can prevent some outside agent from accessing the PC via insecure ports is something different, and is more properly done using a portscan test such as GRC's Shields Up.
I like that analogy with the thief and subsequent actions but it set me to thinking -- always a dangerous process -- and perhaps a better analogy might be to shoplifting?
At the entrance to a store during opening hours anyone can walk in -- although if you are wearing a ski mask and a hoodie you might well be stopped or a silent alarm would go off -- but if someone lifts something off the display and tries to walk out without paying for it there's a very good chance they will trigger an alarm at the exit, at the latest, and something will happen to them. Yet the entrance and the exit to the store are perfectly free to legitimate "traffic".
In a sense that is why programs like Malwarebytes and SAS can detect and clean up after an incident once they know it has happened but why it is much more difficult to stop the entry of the "quick-change artist", the thief.
And of course:
"The greatest danger to the computer lies between the left ear and the right ear of the user .... "
@These tests are not reliable, so please take the Results with a pinch of salt, as already mentioned by another user.
Sure Floating_Red. I will consider that, have to check out the NIS 2010 performance so that I could convince myself going with this suite for this 2010 year. Hope it turns out to be a good experience.
Well, am user of Malwarebytes' Anti-Malware any I always run this software after fully updating it. Also, I turn OFF my wirless router + firewall before running (full scan) such competing/complementary tools (only to avoid clash between 2 programs).I must admit that I never heard of Super Anti Spyware...3-4 times an year I install run and remove Spybot Search and Destroy :)
@Norton's Smart Firewall and Intrusion Prevention processes would stop anything from send malicious data / processes OUT from the system or even from attacking your system internally.
dbrisedine - I wanted to share one more thing here. KIS 2009 used to protect my workstation in a very good way. Example, am a avid user of uTorrent to download Linux distros, software, movies, tc shows etc (average 50 GB month). It used to save my PC from *intrusion* attacks, displaying the alerts that my PC has been thrawted the attacked by TCP bad flag .....
Question: Will NIS 2010 deliver the same result like KIS 2009 with the DEFAULT installed settings? I am little worried with this P2P risks but wanted to take no chances and sorry for asking so many questions. Please bear with me :)
@So a known safe program like the GRC Leak Test is allowed, but a keystroke logger, for example, attempting to phone home using a legitimate program as a decoy would be blocked.
I really hope so, am not worried about Leak Test anymore. Only am concerned about any malicious program snooping into my PC and sending the data secretly (bypassing the firewall). No way I could know about it :(
Allow me to confess that I have a good loyalty and mindset towards KIS 2009 but KIS 2010 is really taxing my Workstation performance with unwanted/sudden scans (it was never the case with KIS 2008 and 2009 versions). I read good reviews NIS 2010 and considering to go with that for this year with a 3-User Licence pack.
So, NIS 2010 would be used on 3 machines (1 machine is highly sensitive; Bank accounts and stock trading operations etc). I am little concerned moving to a new suite (genuinely). Hope my concern in understood. In that perspective am trying to understand more about NIS 2010.
@There seems to be some confusing of leak tests and portscans in this thread.
Thank you for reminding me about this!! I always rely on their lovely piece of instant tool called Shields Up!
NIS 2010 passed in the File Sharing test but there was one FAILURE reported while Common Ports scanning....again unlike KIS 2009. Here is the summary:
Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection....
Unsolicited Packets: PASSED
Ping Echo: PASSED
How to fix Solicited TCP Packets failure? Please help me. Thanks in advance.
On the ShieldsUp! test, is this testing your router's IP or your system's IP? Do you have your router / modem (your ISP device) set up to just connect and pass everything directly to your system or is it doing any type of NAT / Firewalling / blocking / bridging internally?
On the question you asked, Norton will block all the bad network traffic in the default settings. You may not get a pop up with a warning (depending on the level of the "attack") but it will be recorded the incident in your History logs every time.
@Norton will block all the bad network traffic in the default settings.
That's what I wanted to be assured, suddenly felt that am somewhat new to this Interface (detail and depth) after getting used to KIS for years....would have pick this interface ASAP. Thanks for the clarification.
Well, I do use D-Link ADSL2 + Wireless Router (this workstation gets connected using Ethernet; remaining 2 laptops by Wi-Fi).No NAT and Internal Hardware Firewall is OFF. So you can see the potential risk. Most of the time 3 machines would be online sharing a single 2 MBPS line using this Wireless Router. That's why I wanted to be very sure before i go with 3 user pack of NIS 2010.
Coming to the point, how to solve this: Solicited TCP Packets: RECEIVED (FAILED)
There are also Malwarebytes' Anti-Malware - free version - and SUPERAntiSpyware Free Edition products that is recommended you install to make sure your Norton Product is not missing anything which could be on your system. These really are two excellent products. Please be sure that you do not pay for them; if you do, they will add Real-Time Protection which will interfer with Norton's Scanners which will reduce your Protection.
I have the paid versions of both Malwarebytes' Anti-Malware and SUPERAntiSpyware. Both can be configured in preferences NOT to run real-time protection and can be disabled from starting up with Windows startup.
I believe in supporting companies like Norton, Malwarebytes, and SUPERAntiSpyware by purchasing registered products if I continue to use them long term, even if they offer free versions.
<< I have the paid versions of both Malwarebytes' Anti-Malware and SUPERAntiSpyware. Both can be configured in preferences NOT to run real-time protection and can be disabled from starting up with Windows startup. >>
Thanks for confirming that -- I was wondering about this the other day when someone said they had downloaded the non-free version although suggested to download the free one.
akula2 wrote: No NAT and Internal Hardware Firewall is OFF
Curious, if you care to share why your setup does not take advantage of the added security of NAT and the Hardware Firewall? Perhaps I misread your message...As you are behind the D-Link. I am curious why you're not utilizing all that the router offers. Maybe setting up the NAT is not practical...But, why disable the D-Link Hardware Firewall?
@Maybe setting up the NAT is not practical...But, why disable the D-Link Hardware Firewall?Again, if I misread your message..Sorry
bjm, you haven't misread my post.
a) I thought NAT serves no purpose to my single workstation config with a single eth card. Am I correct?
b) Hardware firewall I didn't enable because I don't know how to setup the Hardware and NIS 2010 working smoothly. Any information on that is highly appreciated.