Are cable modem XP Pro computers vulnerable during boot up and shut down?

Discussion in 'other security issues & news' started by Devinco, Jul 30, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Everyone,

    I just read an excellent post on layered security etc. at DSLReports and found this part very interesting:

    Modem Stand-by - If your Broadband modem has a "Standby" switch, consider using it to keep your machine disconnected from the Internet:
    1) During Start-up, at least until your SWF and AV are fully loaded and running.
    2) When you are not actively using the connection, especially if unattended.
    3) During Shut-down.

    So let's say the external cable modem (with no standby switch) is directly connected to the network card (no router or hardware firewall) and the user has a software firewall and AV installed.
    1. Is the computer vulnerable to outside internet attack (let's say the ip is known) during the power on, POST, or during the entire Windows XP boot process prior to the software firewall and AV loading?
    2. Is the computer vulnerable to outside internet attack during the shut down or restart process?
    3. If the computer is vulnerable, what is the nature of the vulnerability?
     
  2. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    I know with Sygate Pro you are not vulnerable if you configure it to not allow any traffic while Sygate's service is not loaded. As you mentioned in your post, a hardware firewall would also protect you during reboots, shutdowns and startups.
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK

    In theory yes there is a very slight possibility of being infected by a trojan/worm etc in the microseconds between windows starting and connecting to the network and the firewall/antivirus becoming enabled.

    In practice it won't happen as almost all firewalls/antiviruses start as services, especially with XP/W2K/2003 and those services are enabled before the networking part of windows is enabled & the same happens in reverse, windows networking shuts down before the FW/AV services do

    No baddie will be able to be downloaded to the computer until windows has been fully booted
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Snook,

    Thanks for your reply.
    ZA Pro appears to have something similar with its vsmon.exe (True Vector service).
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi dvk01,

    Thank you for your clear and definitive answer, it makes a lot of sense. :)
     
Loading...
Thread Status:
Not open for further replies.