Norton for the unwary

 

Antonia J Jones, Fall 2005

 

 

 

My personal choice is NOT to use Norton Firewall. I find the Zone Alarm firewall perfectly effective. Using Norton is a bit like living in a totalitarian state. You can only do things which Big Brother Norton approves. That is not to say that, if you are a civilian and want to be safe, Norton is not an excellent fortress to cower within – you pay your regular subscription and Brother Norton looks after you very well. Until, that is, you want to do something that’s against the default Norton Party Line (NPL).

 

The trouble is that there are lots of things you might want to do which fall outside the NPL. Examples are: use Yahoo Messenger with a webcam (or any other Instant Messenger program), use Skype, with or without the Spontania webcam plug-in, etc. etc. Now I’m not saying you can’t run these applications if you have Norton, just that setting them up to work without utterly compromising your security, i.e. punching an application-specific hole through the fortress wall, is a LOT harder than it should be. This is partly because of Norton’s poor documentation (although their telephone support is excellent if you are up to date with your subscriptions) and partly because very often the Application suppliers don’t give you the essential information.

 

One way around these problems (which usually works), is to install ALL the applications you ever want that might cause problems BEFORE you install Norton. However, this is not very practical, particularly because many machines are supplied with Norton pre-installed on a 60-day trial. So you say: “I can always UN-INSTALL Norton, install my application, and then re-install Norton.” Ho, ho, ho! You poor innocent! Just try it!

 

Un-installing Norton is a bit like trying to get out of a bath full of super glue. If you are a civilian you don’t stand a chance. You may get to a point where it looks like it’s gone, but it isn’t really - it’s just non-functional from your point of view and in hiding. This, by itself, is one excellent reason NOT to install it in the first place. Norton have an absolutely first rate technical reputation – they can do a clean un-install if they want to. The fact that they don’t means that they have lost their ethical sensibilities – they don’t know right from wrong.

 

OK so how can we open up a port for a particular application? I ran slap-bang into the ‘Yahoo Messenger webcam’ issue this summer and found plenty of people on the web who had the same problem. What I did not find was anyone who had figured out a solution. So here is the correspondence…

____________________________________

 

I saw your posting regarding configuring your Norton Firewall to allow your webcam to work with Yahoo Messenger. It seems that lots of people have had this problem but no-one has posted a solution. I spent hours figuring it out and here is what worked for me.

 

1. Set Yahoo Messenger/Preferences/Connection "No proxies".

 

2. Logout of Messenger.

 

3. Get IE up and under Tools/Internet/Options/General, delete cookies and delete files. This is just in case Yahoo has left a note to itself saying the firewall is blocking your webcam. It may not actually be necessary.

 

4. Get the Norton Control Panel up.

 

5. Under Options/Firewall add port 5100 to monitor. Again I'm not sure this is strictly necessary but it was part of the sequence that eventually got the whole thing working and I am not about to mess with it again!

 

____________________________________

 

REMARK: That Yahoo Messenger webcam uses port 5100 is information that only the Application provider can supply

____________________________________

 

 

THE NEXT BIT IS THE THING I THINK ACTUALLY MADE IT WORK

 

6. In the Norton Control Panel where it says Personal Firewall On. Highlight it and click on the "Configure" Tab. Now click on the "Advanced" and then "General" Tabs. Finally click on the "Add" Tab. We are going to add a rule that lets Yahoo Messenger use port 5100 (but no-one else hopefully).

 

7. Check the "Permit" box. Then click <<Next>>

 

8. Check the "Connections to and from other computers" box. Then click <<Next>>

 

9. Now check "Only the computers listed below" and then click "Add"

 

10. In the "Networking" window that comes up check "Individually" (it seems to be the default).

 

11. Now in the "Enter computer" box type

 

www.webcam.yahoo.com

 

____________________________________

 

REMARK: The address of the webcam server is information that only the Application provider can supply

____________________________________

 

 

12. We are now back to the "Add Rule" panel. Check the "Only computers and sites listed below" box.  It should say something like "Single address name: www.webcam.yahoo.com"

 

13. Click <<NEXT>> and on the Add Rule panel check TCP and UDP (again it may not be necessary to have both but this is what worked for me).

 

14. Check "Only the types of communication or ports listed below". Click "Add".

 

15. In the "Specify Ports" panel check "Individually specified ports" and check "Local". In the box that appears type the port number 5100 and then click "OK".

 

16. It should then jump back to the "Add rule" Panel and you should see under the checked "Only the communications and ports listed below" the immortal legend "local port 5100".

 

17. Click <<NEXT>>.

 

18. I didn't bother to check either of the next two boxes which are about logs and reporting. Click <<NEXT>>.

 

19. In "Select the category etc." click "Instant Messenging" Click <<NEXT>>.

 

20. In the "Which locations..." I checked "Default (Active)". Click <<NEXT>>.

 

21 Finally read the summary of what you have done that comes up and click "Finish".

 

All other things being equal (e.g. the webcam is actually plugged and the driver is installed etc.) your webcam should be there when you invoke it from Yahoo Messenger.

 

Hope this helps. Please post it if it works for you.

 

Kind regards

____________________________________

 

Phew! What a rigmarole! My question is: why couldn’t Norton give some standard examples like that in the manual? Better still, why couldn’t they write a menu driven module into their software that, in essence, says “what port do you want to open and what address do you want to open it to?” You then type the required information (hopefully supplied by the Application provider) and, hey presto, it’s done! Why not? You tell me – what an industry!

 

Postscript

 

[1] You can find useful information on related topics at

 

http://www.portforward.com/cports.htm

 

[2] I see some later net discussion by someone who wanted to do a similar thing for AIM, but the ports were specified only as 1024-5000 and no sever address was given. If you have a similar problem you might look at

 

http://firewalling.com/personalfirewalls/nortoninternetsecurity2005.htm

 

I haven't tried this solution but the author seems to know what he is talking about.