How important for a firewall to run as a service??

I am currently running Jetico 1.x, and have found it nice, light, and also with sound protection and control over both port usage and process initiation.

Now I find that Jetico 1.x does not start at boot as a service (unless a work-around solution, like NTWrapper, is used).

If I am behind a router (Dlink 604), will that not hide my computer at least until Jetico starts running as an application?

Then, if I take this computer (laptop) on the road, at an airport, coffee shop, etc., and use it, how vulnerable is my system during boot-up, before Jetico starts running, assuming my wifi starts at boot and before Jetico does?


//

 

1)Yes,your router will protect you.

2)I wouldn't worry about a few seconds time that jetico needs to boot.

Reading security forums makes me paranoid too,but at the end,none of what i fear happens,i don't see live malware on my pc and the same occurs for most people in here.It's more of a hobby tinkering with applications i think.

 

See this
Post #84 and beyond

 

Thanks, Hyperion. Are you speaking for *any* router, or does Dlink have a special status? All I really know is that my router has one "public" address that the world sees, but my "real" address is totally different. Is this difference what protects me??


//

 

Thanks a lot, lucas1985. I thought I had seen that thread some time ago, but with all my meanderings in these Wilder forums, it becomes a little hazy !



Stem seems to think that a service is better, but that there still may be some vulnerable moment or two when first booting and before log-in completes. Is that a fact?

I'm feeling a bit easier about sitting behind a hardware firewall, but now I'm concerned about when I go on the road and use public wifi access. Will my Jetico 1.x be enough protection even before log-in, or do I absolutely need to get it placed into "service" level position? I am currently running it as a service with the help of the work-around of NTWrapper, but this is a bit cumbersome and has slowed my boot-time by 90 seconds or more; plus causing other complications. If I can be protected without the use of NTWrapper assistance, I'd prefer to uninstall it and just run Jetico 1.x au naturel.

//

 

Yes,any router and i don't see why D-Links would be any different.I ve a D-Link too...The thing is the IP adress on the internet is assigned to your router,which on its turn,assigns as you say a private IP to your PC via the router's own DHCP server or using static address.The router,allows to start traffic only from your PC towards the internet and not the opposite and will block all outside connections.So at least from outside you don't have to worry about anything.Unless of course for some mistake you ve left forwarded some windows service port which then would remain open and thus could theoretically could be exploited.

If your router has SPI firewall,then even better.That's the general idea,i m no security expert.

 

Thanks again, Hyperion. Is your Dlink a stateful packet inspection firewall??


//

 

Well,it is a router/adsl modem with integrated SPI firewall (D-link 524T).But even without it i don't think there is any problem that should concern you,cause basically on startup,it's how the router works that protects you.

And for outbound control,you ll need a software firewall anyway.The SPI firewall simply controls if the incoming packages are solicited from your PC or not.

As for the boot time of Jetico,unless you ve precious information on your PC,i wouldn't even think about it.I think the chance is 1 in a billion to get hacked while booting or while entering your password to login to Windows (assuming you don't login automatically which would reduce the window of vulnerability even more).

If you really can't find peace with the idea that there are a few seconds where someone might hack you (although if you have patched system it would be like the chance of winning the lottery),change firewall and get one that runs as service.

But my advice is not to get so paranoid about it.Think of the 2 choices,make a decision and relax,don't think about it anymore.Or if you really like Jetico and don't want to leave it,you could consider using a HIPS that runs as service,cause it would stop anything trying to execute without your authorization.Right now i use just a simple free firewall behind the router and SSM free.No resident AV.

 

I don't feel paranoid about the situation, I feel relatively safe; but I am trying to get as clear a picture of my situation before making a final decision/adjustment.

You mention SSM, and I downloaded it but have never run it yet. Does it run as a service? And does it lock out any changes to the system that might be attempted during start-up and shut-down?

I've grown to like Jetico 1 for its lightness and flexible adjustability. If I can keep it and stay safe, I think I will, for now at least.


//

 

All HIPS run as a service
You have two situations before logon and between user switching:
-Incoming connections: your NAT/SPI router protects you so no problems. The concerns are if you are in a public LAN/WLAN
-Outgoing connections: the network subsystem is loaded before the firewall driver. If your system is infected this is the opportunity to phone home.
You can ask Stem to test Jetico with NTWrapper

 

Thanks, Lucas. I'll do that.


//

 

Hi Samspade,

I don't know about your wifi - but mine is usually the last thing to start. Usually, my laptop wakes up from hibernate, I log on, and then a moment or two later as the machine wakes up the connection is re-established.

Check to see how quick you get a wifi connection in the boot process.


Mike

 

How does one check that? And can you be sure that no code can get into or out of your system even if the wifi is not fully operational??

Sam


//