:: NORMAN :: Antivirus | Firewall

Proactive IT security

Home

News

Support

Partner

Select country

Select product

Support » Frequently Asked Questions » Norman Personal Firewall » Why do I need Norman Personal Firewall?

Why do I need Norman Personal Firewall?

Add to My Norman Bookmarks

This section was written with the inexperienced user in mind, so if you are comfortable with the concepts of services, IP addresses, cookies and active content, you can skip this bit. The rest of you should keep on reading. Don't worry, it's not as hard as it seems.

The short answer is that a Firewall is a tool for preventing unwanted intrusion. The longer answer follows.

Whenever you're connected to the Internet, reading mail, surfing the web, you make connections to other computers all over the world. Normally, this is okay. However, this also implies that other computers may connect with yours. And that's mostly where the trouble starts.

Although advertisements might show you a rosy red picture of the Internet, the truth is far from it. There are people out there who entertain themselves by destroying people's experience of the Internet. By hacking your computer, they may look into your private documents, use your computer for their own acts of evil or render your computer completely useless by deleting important system files.

You're not doomed yet though, because a hacker has to be able to connect to your computer to do any real harm. This is where the NPF steps in. Normally, your system does not tell you when a connection has been made to your computer. NPF allows you to monitor which connections are made and whether or not you will allow them. By doing so, you minimise the chance of your computer being exposed to the wrong kind of people.

For a brief introduction to the terminology used when describing a firewall and its actions, you should also make yourself familiar with the expressions below.

IP addresses and DNS

When you're connected to a network, e.g. the Internet, your computer, along with every other computer, is assigned a unique identification. This is called an IP-address. It consists of 4 numbers, ranging from 0 to 255, separated by a dot.

Example: 10.0.0.255

Now, numbers are fairly easy to handle for computers, but you can't exactly call them intuitive. You always typed addresses with names, not numbers?

Enter the Domain Name Service, or DNS. This is a service that allows you to type easy-to-remember addresses, like www.normanuk.com. When you type this in your web browser, this information is sent to a DNS server, which has a list of all registered names and their concurrent IP addresses.

The DNS server then replies with the IP address to our web server. Now the computer finally understands where it's headed, and you enter our website. In effect, IP addresses and DNS are two sides of the same matter, IP addresses are just more difficult to interpret.

Services

A computer may offer several services to its users, such as web and mail. However, if it only has one IP address, how does it differentiate between the services it has to offer?

This is solved by using what is known as ports. When you direct your web browser towards www.normanuk.com, the browser, in addition to the address of the server, also sends a port number. This number is used to decide which service you are about to use.

Some well-known ports are:

Web browsing (HTTP) 80
Receiving mail (POP3 and IMAP) 110 and 143
Sending mail (SMTP) 25
File Transfer (FTP) 21

The most commonly used are also listed with their names respectively within NPF. A complete and updated list of port-numbers can be found at Internet Corporation for Assigned Names and Numbers website (www.icann.org).

Cookies

Cookies are information capsules, used to identify you, and not the computer. When you log on to a website, using for instance username and password, you are sent a cookie that "tags" you as who you are. It is then stored on your computer for later use.

Later on, when the website needs to show you customised or personalised information, it retrieves the cookie, thus knowing that you are indeed the person for which the information is intended.

Today, cookies are used on most popular sites, and some of the information gathered using cookies could be used for marketing purposes. As a rule of thumb, you should allow cookies from sites that you are familiar with, such as your on-line bank or search engines.

Active content

Active content like scripts, applets and ActiveX components differ from the standard web-documents, in that they are actually small programs, intended to extend your experience of a website. However, these programs may also contain malicious code.

Scripts

Scripts are most commonly used to enable dynamic content. This may be to change a picture when you hold the mouse-pointer over it, or to add other experiences to a web page such as simple animation. They pose a security threat as they can alter system settings and potentially compromise your privacy.

Applets

Applets are small programs designed to be launched inside a host application. Java is a representative of this kind of active content. Applets have limited access to the operating system, making them more secure than other types of active content. However, examples of these applets using security-holes in the host application have been reported.

ActiveX

ActiveX is a set of rules for information sharing between applications. These rules are comparable to applets, but ActiveX poses a potential threat because they do have access to the operating system.

Bottom line

So now you know why you should have a firewall, and some basic concepts about networking. So how does this apply to you?

The firewall is never more secure than the user. It may help you on the way, but in the end is it you that have to make the decisions. Therefore, you should disallow any connection that you do not feel comfortable with.

The things you should consider when you receive a Connection Alert:

Do you know which application that tries to establish the connection?
Does the address look familiar?
Do you recognise the service it uses? (web, mail, file transfer)

If you can answer no to any of the above, you should consider disallowing this connection.

You should consider disallowing cookies unless you know that it is necessary for the activities on a web site. Such sites include:

Online banks
Web-based e-mail readers such as Hotmail
Search engines such as Google, Altavista and AllTheWeb.
Any other site that requires you to log on with a user ID and password.

Active content should also be blocked from sites that you do not trust.

CURRENT VIRUS THREATS

Medium risk
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Latest virus definition file published

>>	2008-08-08

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam and antiadware, the company plays an important role in the data industry.