查看: 13333|回复: 13
收起左侧

[分享] [原创]世界著名防火墙最新测评报告的详细解读Norton篇(原版翻译)

[复制链接]
daryl
发表于 2007-1-16 17:18:07 | 显示全部楼层 |阅读模式
Norton Personal Firewall 2006 version 9.1.0.33 - Review

Norton Personal Firewall is one of many products from the well known Norton family. It is very robust and has a full integration with other software from Symantec. This is why it can be quite heavy for common users. The security of Norton Personal Firewall is below-average and it misses several important security features. This product is not appropriate for any kind of use where the security is taken seriously.

Norton Personal Firewall 2006 version 9.1.0.33 – 概览

诺顿个人防火墙是著名的诺顿产品家族中的一员。作为重量级产品,它整合了赛门铁克的其他软件,这也是为什么它的体积对于普通用户来说显得比较庞大的原因。诺顿个人防火墙的安全水准比较低并且遗漏了一些重要的安全功能。因此该产品不适用于需要经常面对严重的安全问题的用户。

Tested version

Norton Personal Firewall 2006 was recommended to us by its vendor Symantec Corporation as a representative firewall product from Norton product family. We were offered a full version of this product but we have used trial version for our analysis because the postal delivery of the package could take long and we were also assured that the only difference between full and trial version is the 15 days limit. Symantec offers only one better product called Norton Internet Security which includes Norton Personal Firewall and Norton Antivirus. The functionality of its firewall engine is the same as in Norton Personal Firewall. Norton product family took the third place in our survey we made before we started with the Windows Personal Firewall analysis project.

The full version of Norton Personal Firewall 2006 is available for $49.99, Norton Internet Security costs $69.99. There are no free versions of Norton products, only time limited trialware.

测试版本

诺顿个人防火墙2006作为诺顿产品家族的代表由其开发者赛门铁克公司推荐使用。虽然我们获得了该产品的完全版,但是由于包裹邮递可能需要比较长的时间并且我们相信完全版和试用版的差别只在于15天的使用期限限制,因此选用了试用版作为分析的蓝本。赛门铁克还推出了一款更加出色的名为诺顿网络安全套装的产品,包含了诺顿个人防火墙以及诺顿防病毒软件。该产品的防火墙采用的核心与诺顿个人防火墙(单品)完全一样。在启动Windows个人防火墙分析项目前,我们对使用者进行了相关的调查,诺顿产品家族在参选品牌中排名第三。

完全版诺顿个人防火墙2006定价49.99美金,诺顿网络安全套装售价69.99美金,除了带有时间限制的试用版外,诺顿产品不提供免费版本。

Installation and initialization

At first we have downloaded the latest available trial version of Norton Personal Firewall 2006 which was 9.1.0.33. The installer package was bigger than we expected, 23 MB is little too much for a personal firewall installer. The installation started with an update of Microsoft installer. Then we have seen a standard installation wizard. The first positive surprise was a system scan for programs that can be in conflict with Norton Personal Firewall. Then the raw installation process started and it took very long. Hundreds of files were installed and also tens of components were registered. The installer also integrates Norton to the system very much but do not even bother to ask the user whether it is desirable. On the other hand the integration to Internet browsers is implemented only for Internet Explorer, there is no support for minor browsers. During the installation you are asked to restart the operating system. After the reboot Norton recognized that the Windows Security Center is enabled and asks whether you want to disable it. Norton implements its own security center and having Windows Security Center enabled may cause redundant alerts. Another part of the installation process is Network Wizard which recognizes network interface and allows users to select appropriate settings for every interface. We have missed a chance to set a password to protect Norton settings in the installation process. However, it can be set later in the control panel.

The last part of the installation and initialization process is LiveUpdate. This is universal update software for all Norton products and it is run during the initialization to ensure the latest upgrades are installed. With the latest installation package we have not expected any updates but LiveUpdate found 10 MB of them. The run of LiveUpdate was very problematic. Because of unknown reasons LiveUpdate behaved very confusedly. It looked like it downloaded every file three times and the whole process took very long to finish. The result of this update was that the most of upgrades were not installed correctly and the most common error there was "LU1856: LiveUpdate was unable to access the file it downloaded". We run LiveUpdate after a minute again and this time everything was ok and updates were installed properly. However, it took several minutes for some components (especially Symantec Trusted Application List) to be updated. When LiveUpdate finished this time there were errors again but also a reboot requirement appeared. After the second restart Norton automatically initialized some rules for common system processes and alerted us that there is no antivirus in the system and that Windows updates are disabled. This alert bothered us many times later and so we have switched it off in Norton Protection Center. We run LiveUpdate for the third time and finally we saw no errors after the installation of updates. However, it required a reboot again.

Our installation and initialization process for Norton Personal Firewall 2006 was exhausting, took very long time and was not trouble-free at all. It is probable that users who will not install Norton on the clean installation of Windows as we did may experience even more troubles. Basic users may also find difficult to choose appropriate options in some dialogs of installation wizards. This is why Norton did not receive 100% value in any of measured installation features.

安装和初始化

首先我们下载了诺顿个人防火墙2006最新的试用版,版本号9.1.0.33。安装包的大小比我们想像的大,23M的体积对一款个人防火墙产品安装程序来说太大了。安装开始的时候先要更新Microsoft installer,然后我们才看到标准的安装界面。安装前对可能与诺顿防火墙冲突的项目进行扫描的功能给了我们不错的惊喜,随后原始程序的安装过程开始并且进行了相当长的时间。几百个文件被按装,10个相关组件被注册,而安装程序还无视了用户的意愿,强制性的将诺顿深度整合到系统中。此外,诺顿与浏览器的整合只针对IE进行而不支持其他的小型浏览器。安装过程中您将被要求重新启动电脑,然后诺顿会确认Windows安全中心正在工作并询问您是否需要禁用该功能。因为诺顿将启用自己的安全中心,所以如果仍然开启Windows安全中心的话将造成冗余的警告信息。安装过程的另一部分是识别网络接口的网络搭建程序,允许用户对每一个网络接口进行合适的设定。在安装过程中我们不能设定密码以保护对诺顿防火墙的设置,但可以随后在控制界面中进行。

安装和初始化最后一步是实时更新(LiveUpdate)。这是一个诺顿系列产品普遍使用的更新升级程序,并且在程序初始化的时候就执行,以确保最新的程序得以安装。因为我们采用的是最新的版本,所以并没有料想到需要什么更新,但是LiveUpdate却发现了将近10M的待更新内容。要想顺利运行LiveUpdate真可谓困难重重,由于未知的原因,该程序表现的非常不稳定,似乎下载每个文件都要重复3次而整个更新过程需要花费很长的时间才能完成。更新的结果就是大多数的更新内容都没有被正确的安装,而且总是弹出“LU1856: LiveUpdate无法安装已下载的文件”的错误提示。几分钟后我们再次运行LiveUpdate,这次一切都很顺利,所有的更新都被正常安装。但是在更新某些组件的时候却耽搁了几分钟的时间(尤其是“赛门铁克可信任执行程序清单”的组件)。当这次的更新完成的时候,错误再次发生,还是重新启动计算机的要求。第二次重新启动后,诺顿自动初始化了一些系统常用进程的规则,并警告系统缺乏防病毒软件同时Windows安全中心被关闭。这个警告在后来令我们不胜其烦,不得不在诺顿防护中心中将它关闭。我们第三次运行LiveUpdate,更新完成后没有任何错误发生,可是,又一次弹出重新启动的对话框。

诺顿防火墙2006的安装和初始化将我们折腾的精疲力竭,耗费了很长的时间而且麻烦不断。如果其他用户象我们一样将诺顿防火墙安装在一个非纯净的的系统上,那么他们很可能遇到更多的问题。初级用户也会为在安装过程中弹出的对话框作出合适的选择而大费周折。这就是为什么诺顿防火墙在安环节的各项指标测试中都没有获得满分的原因。

Hardware requirements

Hardware requirements of Norton Personal Firewall 2006 are simply excessive. Many components are installed even if they have no use for the personal firewall and there is no chance to switch them off without affect on the system security. Norton Personal Firewall 2006 takes over 76 MB of disk space and over 40 MB RAM. It slows down the system to about 78% of the original performance

硬件要求

诺顿个人防火墙2006的硬件硬件要求明显是比较夸张的。大量组件被安装到系统,即便有不少对于个人防火墙来说是没有用处的,而用户对这些组件所做的任何改动都将影响到系统的安全性。诺顿个人防火墙2006需要占用76M的硬盘空间以及超过40M的内存空间,并将使系统的运行效率降低22%。

Common behaviour and control

Working with GUI (graphic user interface) of Norton Personal Firewall is very slow too. Norton uses many components which take quite a long time to initialize. And sometimes it can take up to a few seconds to open some dialogs. Otherwise control panels are mostly well designed and easy to use. Users are given powerful interface to edit many settings of Norton Personal Firewall and Protection Center. From the icon popup menu users are able to disable the whole protection as well as to disable all network traffic immediately. Norton implements comprehensive event logging and it contains easy to use log viewer. Sometimes Norton alerts and decision making is quite confusing. For example if component control is on and you try to access the Internet with a new application you are asked whether to allow an access to the Internet with unrecognized modules. You can choose between Allow always or Block always. However, if you choose Block always and try to perform the same action again you are asked again as if there was Block once instead. And if you choose Allow always you are asked whether to allow access to the Internet for unknown application. There are more situations like this where Norton behaves illogically. Another imperfection is that all windows of Norton GUI are fixed in their size and sometimes they are too small and it is very uncomfortable to work with them. Also password protection was not implemented well. You are asked for a password only when you access personal firewall settings and not for settings of Protection Center. You can also run LiveUpdate and even allow any protected action without being asked for the password. On the other hand there is no session for logged on user. If you access some password protected dialog just after you leave it you are asked for the password again. Neither of these imperfections cause security problems but it is why Norton received only 90% in Easy of use classification.

习惯性应用和控制

利用诺顿个人防火墙的图形用户界面操作,其反映也是相当的迟缓。诺顿需要花很长的时间对它调用的许多组件进行初始化。有时候打开几个对话框需要好几秒。(如果不是上述的表现)其控制面板还是设计的相当美观便捷的。功能强大的界面使用户能够对防火墙以及防护中心的设置进行多种编辑。通过弹出菜单的图标,用户可以马上关闭全面保护以及全部网络活动。诺顿对事件进行综合性的记录,使用日志查看器调阅比较方便。有时,诺顿的防护警告和决定都显得非常混乱,比如在组件控制功能打开的情况下,您尝试用一个新的应用程序访问网络,,您将被询问是否允许一个未识别的模块连接网络,您可以选择总是允许或者总是阻止,但是当您选择了总是阻止并试着重复刚才的操作,您仍然将被询问同样的问题,似乎上次您选择的并不是全部阻止而是阻止一次。如果您选择总是允许,您将被询问是否对未知应用程序访问网络予以放行。诺顿防火墙还有很多类似的非逻辑的情况。还有一个缺陷就是该防火墙的图形用户界面的尺寸大小是固定的,有时候非常的小,使用起来非常的不舒服。密码保护功能的表现也不是很好,只有在您访问个人防火墙设置而不是防护中心设置的时候才被要求提供密码。您也可以运行LiveUpdate甚至设置不需要询问密码就允许所有的防护性操作。此外,对于计算机的使用者来说,密码保护功能缺乏时效性:如果您刚刚获得某个保护提示的密码,哪怕您只是离开机器很短的时间,您下次登陆计算机的时候将被再次询问密码。尽管上述的任何缺陷都不会引起任何安全问题,但却是为什么诺顿在应用性环节测试中只获得90%评分的原因。

Security

As we have mentioned above Norton Personal Firewall 2006 is very huge software. This affected the security of this product too. There are many componenets and programs that are not connected well from the security point of view. The whole security is half-implementated and there is number of security holes even though there are a few components with quite well implemented security. But as a whole product Norton Personal Firewall does not meet the security level for any kind of use, not even for common home users. We have found several critical bugs and we have also found that many important security features miss completely. It is very probable that deeper analysis would find much more bugs. Norton Personal Firewall 2006 was not betatested properly and its programers miss basic knowledge of programming Windows NT security products. Professional security products must be implemented by security experts not only by programmers of application software. Based on the result of our analysis we do not recommend using Norton Personal Firewall 2006 at all because its security is very poor. You can see public information about bugs in Norton Personal Firewall in the following sections below.

安全性

正如我们在上文中提到的,诺顿个人防火墙是款体积非常巨大的产品。这同样影响了其防护的安全性。以安全的观点来看,该防火墙的许多组件和模块配合得并不理想。尽管诺顿的一些组件有着相当出色的安全性能,但它的全面安全防护能力还是大打折扣并且暴露出了许多安全漏洞。就整体而言,诺顿不能达到所有类别应用的安全要求,甚至不适合一般的家庭用户。我们测试发现了几处关键性Bug,同时也发现到许多重要的安全功能的完全丢失。高级分析人员很可能在此基础上发现更多的Bug。诺顿个人防火墙2006缺乏完善的测试,其程序人员也欠缺为Windows NT编写安全性产品的基本知识。专业的安全类产品必须经得住安全专家的考察而不仅仅是应用程序的编写者。基于分析的结果,我们不推荐所有的用户选用诺顿个人防火墙2006,因为其安全性尚有较大的缺陷。您将在下个部分看到与其相关Bug的公布信息。

Open public bugs

The following list contains open bugs that are public. This means that a full name, description, testing method and testing program is available for every bug in the list. The list is sorted by the bug penalty, the higher penalty means the more dangerous the bug is.

公布的公共信息Bug

下面的列表列出的是具有公共信息的Bug,也就是说表上的每一个Bug的全名、描述、测试方式以及测试项目都是可用的,列表按照Bug的危害性进行了归类分级,级别越高意味着这个Bug的危害性越高。(略掉细节,仅仅罗列Bug名称和危害等级,下同)

Norton DLL faking via 'SuiteOwners' protection bypass(Dll伪装迂回漏洞)
Risk:Critical bugs  关键性漏洞

Norton Insufficient protection of Norton service registry keys (诺顿注册信息保护缺失漏洞)
Risk:Serious bugs  严重性漏洞

Open private bugs

The following list contains open bugs that are private. This means that their names, descriptions, testing methods and testing programs are not available for free. You can buy private information about a single bug or you can buy the full analysis. The following list is sorted by the bug penalty, the higher penalty means the more dangerous bug.

公布的隐私信息Bug

下面的列表列出的是具有隐私性质的Bug,也就是说表上的每一个Bug的名称、描述、测试方式、测试项目都不是免费使用的。您可以选择购买单个Bug的分析信息或者购买全套的分析信息。列表按照Bug的危害性进行了归类分级,级别越高意味着这个Bug的危害性越高。(略掉细节,仅仅罗列Bug名称和危害等级)

BUG00019P002NF                                        BUG00018P002NF
Risk:Critical bugs  关键性漏洞                 Risk:Critical bug  关键性漏洞

BUG00017P002NF                                       BUG00014P002NF
Risk:Critical bugs关键性漏洞                  Risk:Critical bugs  关键性漏洞

BUG00020P002NF                                       BUG00022P002NF
Risk:Minor bugs  微小性漏洞                  Risk:Critical bugs  关键性漏洞

BUG00016P002NF                                       BUG00021P002NF
Risk:Critical bugs  关键性漏洞                 Risk:Critical bug   关键性漏洞

BUG00005P002NF                                       BUG00013P002NF
Risk:Critical bugs   关键性漏洞                Risk:Critical bugs  关键性漏洞

BUG00008P002NF                                      BUG00002P002NF
Risk:Critical bugs   关键性漏洞               Risk:Critical bugs  关键性漏洞

BUG00001P002NF                                      BUG00000P002NF
Risk:Serious bugs  严重性漏洞               Risk:Serious bugs  严重性漏洞

BUG00015P002NF                                     BUG00012P002NF
Risk:Serious bugs   严重性漏洞              Risk:Serious bugs  严重性漏洞

BUG00003P002NF                                     BUG00006P002NF
Risk:Minor bugs 微小性漏洞                 Risk:Minor bug  微小性漏洞

BUG00009P002NF                                    BUG00007P002NF
Risk:Minor bugs  微小性漏洞                Risk:Unimportant bu非重要性漏洞

BUG00024P002NF                                    BUG00023P002NF
Risk:Unimportant bug非重要性漏洞         Risk:Unimportant bug非重要性漏洞

Fixed bugs

The following list contains fixed bugs. This means that these bugs were fixed by the vendor and that there exists a new version of the reviewed product where these bugs do not appear or there exists a patch for the bug for the reviewed version of the product

已确认Bug

下面罗列的都是已经被诺顿官方承认的Bug。目前已经释放了修正了这些Bug的新版本诺顿预览版或相关补丁包。

Insufficient validation of 'SymEvent' driver input buffer (缓冲区驱动输入失效漏洞)
Risk:Serious bugs 严重性漏洞

[ 本帖最后由 daryl 于 2007-1-16 17:20 编辑 ]

评分

参与人数 1经验 +5 收起 理由
piratk + 5 谢谢分享 ……

查看全部评分

daryl
 楼主| 发表于 2007-1-16 17:19:25 | 显示全部楼层
感谢大家有兴趣浏览这篇翻译的文字,我想先说明一下:该篇文章取自www.matousec.com,由于该公司是专业的安全性产品评估测试公司,因此其发表的结论性报告有一定的参考价值,同时该公司还是一家测试并出售Bug产品的商业公司,其对送测安全类产品的标准相当的严格,评论近乎严苛,所以不管您是哪款防火墙产品的拥护者,阅读本文请以平和的心态面对,说到底,防火墙的实际应用和实验室测试还是有比较大的区别,一款产品是否好用,只有使用者心里最清楚,世界上没有完美的防火墙,只有最适合自己的防火请,发表这些文字只是希望对大家在选择该类产品时提供必要的参考资料。原文地址http://www.matousec.com/projects ... nalysis/results.php,感兴趣的朋友可以浏览。

关于此次评测的相关防火墙的测评报告完全版本请浏览汇总帖http://bbs.kpfans.com/viewthread.php?tid=41822,谢谢

[ 本帖最后由 daryl 于 2007-1-20 02:48 编辑 ]
Thunderbird
发表于 2007-1-16 18:52:19 | 显示全部楼层
楼主辛苦了,

ps:建议版主搞个归档,把这些归一起。
daryl
 楼主| 发表于 2007-1-17 14:50:18 | 显示全部楼层
原帖由 Thunderbird 于 2007-1-16 18:52 发表
楼主辛苦了,

ps:建议版主搞个归档,把这些归一起。

谢谢您的建议,我也在考虑这样操作,但是要等所有的文稿全部翻译完才可以,再次感谢
daryl
 楼主| 发表于 2007-1-20 02:49:16 | 显示全部楼层
汇总帖已经更新发布,欢迎查阅
童年
头像被屏蔽
发表于 2007-1-20 11:51:39 | 显示全部楼层
没用过Norton Personal Firewall ,谢谢分享
lovely
发表于 2007-2-5 23:35:24 | 显示全部楼层
楼主辛苦了啊,谢谢为我们提供这么好的东西
taizhu
发表于 2007-2-20 08:43:09 | 显示全部楼层
楼上说的正确,增长了见识
fanet
发表于 2007-5-9 00:16:02 | 显示全部楼层
太长见识了,我又有了新的方向,KIS 我的最爱
zt113
发表于 2007-5-9 22:54:31 | 显示全部楼层
KIS排名不知几何??
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 17:32 , Processed in 0.240393 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表