http://www.members.tripod.com/~KB0DSW/Internetsecurity.htmlAny hardware or software firewall is only as good as the set of "rules" it has been "configured" to implement. The most restrictive rules would have as their default to EXCLUDE all activities that the user does not authorize explicitly. Most firewall users use default rules that take the opposite approach: anything not specifically disallowed is permitted.
Norton does a very poor job of documenting firewalls for the average user. An introductory manual is at
http://www.lmp.at/ftproot/Motherboard/Gigabyte/GA-7zxe/setup_cd/Utility/Norton/firewall/English/MANUAL/NPF.PDFNorton does a better job supporting corporate firewalls. See the Norton "Client Security Administrator's Guide" at
http://software.berkeley.edu/windows/scs/test/scs-docs/scs1.1_admin.pdfConsumer versions of Norton allow most of the same functionality as corporate firewall software for configuring rules that will make your computer as secure as you can stand.