Are cable modem XP Pro computers vulnerable during boot up and shut down?

[Devinco]

Hi Everyone,

I just read an excellent post on layered security etc. at DSLReports and found this part very interesting:

Modem Stand-by - If your Broadband modem has a "Standby" switch, consider using it to keep your machine disconnected from the Internet:
1) During Start-up, at least until your SWF and AV are fully loaded and running.
2) When you are not actively using the connection, especially if unattended.
3) During Shut-down.

So let's say the external cable modem (with no standby switch) is directly connected to the network card (no router or hardware firewall) and the user has a software firewall and AV installed.
1. Is the computer vulnerable to outside internet attack (let's say the ip is known) during the power on, POST, or during the entire Windows XP boot process prior to the software firewall and AV loading?
2. Is the computer vulnerable to outside internet attack during the shut down or restart process?
3. If the computer is vulnerable, what is the nature of the vulnerability?

[Snook]

I know with Sygate Pro you are not vulnerable if you configure it to not allow any traffic while Sygate's service is not loaded. As you mentioned in your post, a hardware firewall would also protect you during reboots, shutdowns and startups.

[dvk01]

Quote:

Originally Posted by Devinco

.
1. Is the computer vulnerable to outside internet attack (let's say the ip is known) during the power on, POST, or during the entire Windows XP boot process prior to the software firewall and AV loading?
2. Is the computer vulnerable to outside internet attack during the shut down or restart process?
3. If the computer is vulnerable, what is the nature of the vulnerability?

In theory yes there is a very slight possibility of being infected by a trojan/worm etc in the microseconds between windows starting and connecting to the network and the firewall/antivirus becoming enabled.

In practice it won't happen as almost all firewalls/antiviruses start as services, especially with XP/W2K/2003 and those services are enabled before the networking part of windows is enabled & the same happens in reverse, windows networking shuts down before the FW/AV services do

No baddie will be able to be downloaded to the computer until windows has been fully booted

[Devinco]

Hi Snook,

Thanks for your reply.
ZA Pro appears to have something similar with its vsmon.exe (True Vector service).

[Devinco]

Quote:

Originally Posted by dvk01

In theory yes there is a very slight possibility of being infected by a trojan/worm etc in the microseconds between windows starting and connecting to the network and the firewall/antivirus becoming enabled.

In practice it won't happen as almost all firewalls/antiviruses start as services, especially with XP/W2K/2003 and those services are enabled before the networking part of windows is enabled & the same happens in reverse, windows networking shuts down before the FW/AV services do

No baddie will be able to be downloaded to the computer until windows has been fully booted

Hi dvk01,

Thank you for your clear and definitive answer, it makes a lot of sense.