Complete protection?

Discussion in 'LnS English Forum' started by zullow, Apr 1, 2005.

Thread Status:
Not open for further replies.
  1. zullow

    zullow Registered Member

    Joined:
    Apr 1, 2005
    Posts:
    4
    This is from a thread at the DSLR forums:

    The question raised was "At log-in screen - is your computer vulnerable?" and a member responded with -

    "Software firewalls like Look n Stop by default do not protect the computer until the user account starts up, and are a extreme risk to your system security."

    Can anyone comment on the veracity of this? Is there even a small period of vulnerability during boot or shutdown during which LnS (or another firewall) does not fully protect the system?

    I have LnS automatically starting with system and common to all users.
     
  2. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    If you want LnS to protect you at the earliest opportunity (ie. before you log on), you should start LnS as a service by following the instructions here
     
  3. zullow

    zullow Registered Member

    Joined:
    Apr 1, 2005
    Posts:
    4
    Thanks for your response.

    Forgot to mention that I'm running 2.05p2 on Win98SE. So I don't believe that I can use the "service" you linked to.

    So, evidently, there is, in fact, a gap in protection during boot.
     
  4. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    You're right that you can't run LnS as a service on Win98. It only works on 2000/XP and upwards.

    There is a small gap in protection during boot, and so if you were really paranoid you might want to disable auto-connection to the Internet if you've got that set up. Either that or set it to connect a few minutes after logging on.

    That aside, automatically starting LnS using the System option (ie. from the registry) is slightly better than starting it from the Start Menu so you're already starting LnS at the earliest opportunity.

    As always, if you have anti-virus software, anti-trojan software and anti-adware software installed and regularly perform scans you should not worry about the small gap in protection during boot since no nasties will be present to take advantage of the very small window of opportunity.
     
  5. zullow

    zullow Registered Member

    Joined:
    Apr 1, 2005
    Posts:
    4
    Thank you again, Defenestration, for the explanation.
     
  6. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    My pleasure, zullow :)
     
  7. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada



    Hello Defenestration,


    Can you please explain this part in more detail please? So if I am running Windows Millennium,and have LnS set as a system,is it actually protecting me or not?

    Reason I ask is because you said "if you use this option it will start at the earliest opportunity",so is it 100% protection on my O/S by running LnS as a system on Windows Millennium.

    Sorry just got to know,it was the part when you said it will start at the earliest opportunity,just got me thinking,I alway's thought I was protected until LnS is loaded and not possible to be hacked or get a worm/virus during boot-up?,also Example(scan disk running from an error at boot-up so is LnS protecting me during a scan disk error?) If I have LnS running as a system?
    I always thought it did,but just want to be a 100% sure.

    Thank you for your time.
     
    Last edited: Apr 2, 2005
  8. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey there I am not totaly familiar with this problem but if I remeber right Phantom hat a way of changing some registry settings that started lns before it was started with th GUI itself - may be he can help you if this would work with ME too.

    Ruben

    You can look here for him: http://www.fluxgfx.com/ssc/index.php?
     
  9. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Hey Kush,

    Running LnS as System causes it to be started from the HKEY_LOCAL_MACHINE Run registry key, whereas from the Start Menu LnS will start from the Startup folder. The registry key is parsed by Windows before the Startup folder and so LnS will start earlier from this location.

    You will not be protected until LnS starts up. Therefore, you will not be protected when scandisk is running on boot-up because the registry key is not parsed until after the scandisk stage. As I understand it, no other software firewalls will offer you protection at an earlier stage.

    If you are running AV, AT and AA software then your system will not have any virus/worm which could take advantage of the small gap before LnS becomes active.

    Does this help ?
     
  10. zullow

    zullow Registered Member

    Joined:
    Apr 1, 2005
    Posts:
    4
    Being super careful and paranoid I simply disconnect my box from the net (unplug the cable connection) prior to complete system load, and prior to shut down. Once system is fully booted I re-connect.

    Eliminates this potential compromise risk.
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    The best and most convenient way which has already been implemented in some Software Firewalls are blocking ALL at driver level until GUI fully becomes loaded, and controls for block ALL that applies when GUI becomes exited.
     
  12. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada

    Hello Defenestration,


    Thank you,and yes that has answered a 2 year question I was not 100% sure of,I always thought,that my system was completly safe until LnS is loaded,but from what you have said,it's a no!

    Thank you very much for explaining this to me,I'll try what tosbsas sugguested,to speak with Phantom,I'll give him a try,and Zullow your's seems to be the best answer to this problem(disconnect the modem until LNS is loaded),it sure looked like to me my system would not connect to the internet,until LnS was up and running,reason I have said that,is because I alway's look at the console in Look"n"Stop,and see it starting to make a internet connection and tell's me,when I am connected.

    My computer seems locked until LnS is loaded(can't open or touch anything until LnS is loaded),but I guess I was very wrong?.That LnS is not protecting me during start-up at all!That's a bummer!Sure looked like it would not make a connection until LnS was loaded,but I guess you are right,if you have AV, AT and AA software running there sould be little chance of infection.


    Thank you all for your information,time to upgrade to XP!
     
  13. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada


    Hello Phant0m,

    Must have been writing my post just before you posted yours didn't see you,sorry


    Phant0m is there a way to learn this quoted by you"blocking ALL at driver level until GUI fully becomes loaded, and controls for block ALL that applies when GUI becomes exited"

    That's easy for you to say,your light years ahead of most of us!Can you please point me in the right direction,on just how to complete this fix of sorts, on Windows Me? If there is a way? I have been trying every website and just can't seem to find this information you are talking about.Or do you have to have your Knowledge level to do this kind of stuff? I am good at computers,but this is a bit over my head.help please.....

    Thank you
    KuSh
     
  14. White Window

    White Window Guest

    If you want Look""n"Stop to start-up as the first pogram loaded,there is a free program called StartRight.(do a yahoo! search)or click on this link:

    Http://www.joejoesoft.com


    What is does:

    StartRight: will manage the execution of programs that are automatically started by the operating system at logon time. Instead of executing many programs at once (causing your OS to spit and sputter and attack your hard drive), StartRight will give the OS time to execute the program before running the next program. The OS should become much more responsive almost immediately after logon.


    So you can have LnS start-up first,in milliseconds!I tried it and works great on Windows 98,and Windows Me,LnS is the first program to load,actually StartRight program loads first,then LnS starts in milliseconds afterwards and you can put in order what goes into start-up first,makes boot-up time very smooth,and you can get LnS to load very fast!,before any other program,just make a list in StartRight program and put LnS as number 1 in the list,and you can adjust how many milliseconds it will take for LnS to start at boot-up time.
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    The whole idea of having software firewall GUI load up first is to apply the filterings to detect and stop malicious activities, and the problem with programs loaders (every one I had read about) only applies to what you add manually to its own processing list, which means you would have to manually add malicious programs to programs own loaders processing lists. Now perhaps, not sure haven’t used or even bothered to read about StartRight, but if there is automatic adaptation to new startups, it’ll still be irreverent in so many different ways. For instance any new additions, StartRight would need to be fully launched to detect and extract and maintain its own processing list, which means malicious code would already have succeeded by the times StartRight functions in such an uncommon/rare or even known (to me at least) in such a manner. Another vital thing is the coverage of different startup methods, and I can foresee StartRight covering some of basic Windows startup methods.

    Hi Kush

    A feature of sort can be done and applied on Win9x/ME and NT/2K/XP+, and should be done by the software firewall product developer. And should not be to difficult to implement by the developer.
     
Thread Status:
Not open for further replies.