Broadband services usually log to connect when the computer starts up as well do firewalls.

Question: Which came first...

1. The firewall loads and is protecting your computer BEFORE your computer goes online.

2. Your computer goes online unprotected before your firewall has time to load and kick in.

Is there a way to know for sure which of these usually occur if both the firewall and a broadband's service auto-connect loads on startup?

Idea: An option to list and autostart programs AFTER the firewall is fully loaded and protecting your computer. Users can specify what programs they would like to have start up after the firewall loads if they use a broadband service.

Well, in the case of Zone Alarm specifically, there are two parts to this program, running as two separate processes on your system. The actual firewall is the True Vector Service (the program is vsmon.exe), which loads as a service and starts as early as possible in the boot process (for a service). Also, vsmon starts very fast and is fairly light weight, so its protection is in place very quickly.

The ZoneAlarm.exe (or zaplus.exe or zapro.exe) are actually just the user interface and this program is what displays the ZA icon in the systray. The ZA user interface starts as a regular process from the Windows Startup folder, which is accessed later in the boot process. This program is a bit bigger and slower to start, as well, but, your protection is in place prior to this starting because vsmon should already be running.

If you are on an NT version of Windows (NT, 2K or XP), then vsmon.exe starts very early in the boot process indeed. Long before your network connection will be logged in.

Yes, most firewalls have an engine that loads first, and then the GUI. I believe most firewalls try to load as early in the boot process as possible, but each firewall may be different, so you need to find out from the support place of your firewall of choice.
Outpost version 1 loaded early in the boot process, but it started in the allow all mode. Obviously this was a design flaw and has been corrected in version 2 to start in the block all mode until the boot sequence is complete.
I have no information on other firewalls or I would share it with you. :)
It's a fair question and I know many are concerned about it. I think a lot of things would have to be in place for anything nasty to happen before bootup was complete and I think that is unlikely.
But then I'm on dialup. ;D

Or is that, I'm on dialup. :'(

Well, WhiteMateria, you made a pretty significant change to your first post there after I answered the first time, including removing your reference to Zone Alarm. ;)

I agree with root that most firewalls are probably going to load the main part as early as possible, but, I don't think you'll find much in the way of firewalls that help you customize startup - i.e. "start these programs after the firewall is ready." If you are actually using ZA as your first posting implied, I still think you are covered by how the true vector service starts.

In particular “Look ‘n’ Stop” has "Persistant Internet Filtering" Feature which one is capable of using on Win2K/XP Machines that blocks ALL at a Driver Level (lnsfw.sys), blocking All Application’s Connections which may Load before Look ‘n’ Stop Application does.

Also you can Manually Tweak A Software Firewall’s Booting Process such like doing the following;

-{ Quote: "Enhanced Look ‘n’ Stop Start-up Tweak

Look ‘n’ Stop is capable of Loading before Windows Shell (Explorer.exe) on NT Systems by making a batch file (.bat) and necessary Registry Data modification.

Warning; unless you experienced registry modifier do not attempt this. Careless actions in the registry can prevent your Windows from booting up or booting up fully.

STEP 1: Create userinit.bat file in %SYSTEMROOT%\SYSTEM32\
STEP 2: Edit userinit.bat file
STEP 3: Paste the following;
start %PROGRAMFILES%\SOFT4E~1\LOOKNS~1\LOOKNS~1.EXE -auto
start %SYSTEMROOT%\system32\userinit.exe
exit

STEP 4: Go-to Start Menu \ Run, Enter in; REGEDIT and Press Enter button or click OK button.
STEP 5: Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the “Userinit” Value from %SYSTEMROOT%\system32\userinit.exe to %SYSTEMROOT%\system32\userinit.bat
STEP 6: Re-boot the Machine.
" }-

-{ Quote: " quoting: WhiteMateria link=board=23;threadid=8418;start=0#54598 date=1050176545]
Broadband services usually log to connect when the computer starts up as well do firewalls.

Question: Which came first...

1. The firewall loads and is protecting your computer BEFORE your computer goes online.

2. Your computer goes online unprotected before your firewall has time to load and kick in.

Is there a way to know for sure which of these usually occur if both the firewall and a broadband's service auto-connect loads on startup?

Idea: An option to list and autostart programs AFTER the firewall is fully loaded and protecting your computer. Users can specify what programs they would like to have start up after the firewall loads if they use a broadband service.
" }-

Hello,

If you are unsure whether yourrFW starts before you connexion, use startup delayer (free) : http://www.r2.com.au/software.php?page=2&show=startdelay
and manage the programs' starting order

Rgds,

Hey JacK

I believe the goal is to Shield from unauthorized malicious Software making Outgoing Connections which had inserted itself secretly into a Start-up Group of your Operating System, are you going to manage those too? To Load up after Nth amount of time after your Software Firewall becomes fully Loaded? I surely feel safe now knowing that Utility Exists!!!! ;D


-{ Quote: " quoting: JacK link=board=23;threadid=8418;start=0#54820 date=1050322375]
-{ Quote: " quoting: WhiteMateria link=board=23;threadid=8418;start=0#54598 date=1050176545]
Broadband services usually log to connect when the computer starts up as well do firewalls.

Question: Which came first...

1. The firewall loads and is protecting your computer BEFORE your computer goes online.

2. Your computer goes online unprotected before your firewall has time to load and kick in.

Is there a way to know for sure which of these usually occur if both the firewall and a broadband's service auto-connect loads on startup?

Idea: An option to list and autostart programs AFTER the firewall is fully loaded and protecting your computer. Users can specify what programs they would like to have start up after the firewall loads if they use a broadband service.
" }-

Hello,

If you are unsure whether yourrFW starts before you connexion, use startup delayer (free) : http://www.r2.com.au/software.php?page=2&show=startdelay
and manage the programs' starting order

Rgds,
" }-

I recently tried Kerio for a little while and was quite surprised that it popped up almost first thing after rebooting where as ZA free (at least the UI) would come up after a bunch of other stuff loaded and a time or two after I had alread dialed in.

Whether it means anything or not security wise I liked seeing the Kerio UI come up so fast because I had often worried about this issue with ZA.

May not have made me more secure but it made me feel better. :)

As long as you understand this is the GUI and not the engine, therefore, it is not really giving you any indication of when your protection actually begins. :)