Question about Firewalls and Startup?

Discussion in 'other firewalls' started by WhiteMateria, Apr 12, 2003.

Thread Status:
Not open for further replies.
  1. WhiteMateria

    WhiteMateria Registered Member

    Joined:
    Apr 27, 2002
    Posts:
    24
    Location:
    Moonlit dreams in the desert oasis
    Broadband services usually log to connect when the computer starts up as well do firewalls.

    Question: Which came first...

    1. The firewall loads and is protecting your computer BEFORE your computer goes online.

    2. Your computer goes online unprotected before your firewall has time to load and kick in.

    Is there a way to know for sure which of these usually occur if both the firewall and a broadband's service auto-connect loads on startup?

    Idea: An option to list and autostart programs AFTER the firewall is fully loaded and protecting your computer. Users can specify what programs they would like to have start up after the firewall loads if they use a broadband service.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Well, in the case of Zone Alarm specifically, there are two parts to this program, running as two separate processes on your system. The actual firewall is the True Vector Service (the program is vsmon.exe), which loads as a service and starts as early as possible in the boot process (for a service). Also, vsmon starts very fast and is fairly light weight, so its protection is in place very quickly.

    The ZoneAlarm.exe (or zaplus.exe or zapro.exe) are actually just the user interface and this program is what displays the ZA icon in the systray. The ZA user interface starts as a regular process from the Windows Startup folder, which is accessed later in the boot process. This program is a bit bigger and slower to start, as well, but, your protection is in place prior to this starting because vsmon should already be running.

    If you are on an NT version of Windows (NT, 2K or XP), then vsmon.exe starts very early in the boot process indeed. Long before your network connection will be logged in.
     
  3. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Yes, most firewalls have an engine that loads first, and then the GUI. I believe most firewalls try to load as early in the boot process as possible, but each firewall may be different, so you need to find out from the support place of your firewall of choice.
    Outpost version 1 loaded early in the boot process, but it started in the allow all mode. Obviously this was a design flaw and has been corrected in version 2 to start in the block all mode until the boot sequence is complete.
    I have no information on other firewalls or I would share it with you. :)
    It's a fair question and I know many are concerned about it. I think a lot of things would have to be in place for anything nasty to happen before bootup was complete and I think that is unlikely.
    But then I'm on dialup. :D

    Or is that, I'm on dialup. :'(
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Well, WhiteMateria, you made a pretty significant change to your first post there after I answered the first time, including removing your reference to Zone Alarm. ;)

    I agree with root that most firewalls are probably going to load the main part as early as possible, but, I don't think you'll find much in the way of firewalls that help you customize startup - i.e. "start these programs after the firewall is ready." If you are actually using ZA as your first posting implied, I still think you are covered by how the true vector service starts.
     
  5. Ph33r

    Ph33r Guest

    In particular “Look ‘n’ Stop” has "Persistant Internet Filtering" Feature which one is capable of using on Win2K/XP Machines that blocks ALL at a Driver Level (lnsfw.sys), blocking All Application’s Connections which may Load before Look ‘n’ Stop Application does.

    Also you can Manually Tweak A Software Firewall’s Booting Process such like doing the following;

     
  6. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    If you are unsure whether yourrFW starts before you connexion, use startup delayer (free) : http://www.r2.com.au/software.php?page=2&show=startdelay
    and manage the programs' starting order

    Rgds,
     
  7. Ph33r

    Ph33r Guest

    Hey JacK

    I believe the goal is to Shield from unauthorized malicious Software making Outgoing Connections which had inserted itself secretly into a Start-up Group of your Operating System, are you going to manage those too? To Load up after Nth amount of time after your Software Firewall becomes fully Loaded? I surely feel safe now knowing that Utility Exists!!!! :D


     
  8. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    I recently tried Kerio for a little while and was quite surprised that it popped up almost first thing after rebooting where as ZA free (at least the UI) would come up after a bunch of other stuff loaded and a time or two after I had alread dialed in.

    Whether it means anything or not security wise I liked seeing the Kerio UI come up so fast because I had often worried about this issue with ZA.

    May not have made me more secure but it made me feel better. :)
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    As long as you understand this is the GUI and not the engine, therefore, it is not really giving you any indication of when your protection actually begins. :)
     
Loading...
Thread Status:
Not open for further replies.