My mum did the Symantec Security check on her Vista PC and found port 80 and 443 Open instead of Stealth. I had quick look and found that the service which uses these ports is the WebClient service. I turned off the service, and set startup type to Manual instead of Automatic, and then ran Symantec Security check again and the ports were stealthed. You should be safe to keep this service turned off, unless you are in a corporate network and use WebDAV. A google search for WebClient gets this article (see MORE INFORMATION at the bottom of the article): http://support.microsoft.com/kb/832161 Then after rebooting and experimenting with this service turned off and on, I found ports still hidden (stealthed) on the Symantec Security check with service back on. Still I think it is better to keep service turned off unless it is needed. As we just finished using Skype just before I started investigating this problem, I found that when you login to Skype your PC will start listening on 3 ports, 2 of which are 80 and 443. Skype has option "Use port 80 and 443 as alternatives for incoming connections", presumably to get past firewalls blocking other ports. So my main suggestion is to make sure you log out of all programs first before running port scanning tests. You could also uncheck the option in Skype, as long as you have the other incoming port in Skype configured to work with your routers firewall. Doesn't explain why Norton Firewall can't hide the ports. If you use router with inbuilt firewall, these ports should will be hidden anyway.
