How important for a firewall to run as a service??

Discussion in 'other firewalls' started by SamSpade, Nov 26, 2006.

Thread Status:
Not open for further replies.
  1. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    I am currently running Jetico 1.x, and have found it nice, light, and also with sound protection and control over both port usage and process initiation.

    Now I find that Jetico 1.x does not start at boot as a service (unless a work-around solution, like NTWrapper, is used).

    If I am behind a router (Dlink 604), will that not hide my computer at least until Jetico starts running as an application?

    Then, if I take this computer (laptop) on the road, at an airport, coffee shop, etc., and use it, how vulnerable is my system during boot-up, before Jetico starts running, assuming my wifi starts at boot and before Jetico does?


    //
     
  2. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    1)Yes,your router will protect you.

    2)I wouldn't worry about a few seconds time that jetico needs to boot.

    Reading security forums makes me paranoid too,but at the end,none of what i fear happens,i don't see live malware on my pc and the same occurs for most people in here.It's more of a hobby tinkering with applications i think.
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  4. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks, Hyperion. Are you speaking for *any* router, or does Dlink have a special status? All I really know is that my router has one "public" address that the world sees, but my "real" address is totally different. Is this difference what protects me??


    //
     
  5. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks a lot, lucas1985. I thought I had seen that thread some time ago, but with all my meanderings in these Wilder forums, it becomes a little hazy !

    :eek:

    Stem seems to think that a service is better, but that there still may be some vulnerable moment or two when first booting and before log-in completes. Is that a fact?

    I'm feeling a bit easier about sitting behind a hardware firewall, but now I'm concerned about when I go on the road and use public wifi access. Will my Jetico 1.x be enough protection even before log-in, or do I absolutely need to get it placed into "service" level position? I am currently running it as a service with the help of the work-around of NTWrapper, but this is a bit cumbersome and has slowed my boot-time by 90 seconds or more; plus causing other complications. If I can be protected without the use of NTWrapper assistance, I'd prefer to uninstall it and just run Jetico 1.x au naturel.

    //
     
  6. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Yes,any router and i don't see why D-Links would be any different.I ve a D-Link too...The thing is the IP adress on the internet is assigned to your router,which on its turn,assigns as you say a private IP to your PC via the router's own DHCP server or using static address.The router,allows to start traffic only from your PC towards the internet and not the opposite and will block all outside connections.So at least from outside you don't have to worry about anything.Unless of course for some mistake you ve left forwarded some windows service port which then would remain open and thus could theoretically could be exploited.

    If your router has SPI firewall,then even better.That's the general idea,i m no security expert.
     
  7. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Thanks again, Hyperion. Is your Dlink a stateful packet inspection firewall??


    //
     
  8. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Well,it is a router/adsl modem with integrated SPI firewall (D-link 524T).But even without it i don't think there is any problem that should concern you,cause basically on startup,it's how the router works that protects you.

    And for outbound control,you ll need a software firewall anyway.The SPI firewall simply controls if the incoming packages are solicited from your PC or not.

    As for the boot time of Jetico,unless you ve precious information on your PC,i wouldn't even think about it.I think the chance is 1 in a billion to get hacked while booting or while entering your password to login to Windows (assuming you don't login automatically which would reduce the window of vulnerability even more).

    If you really can't find peace with the idea that there are a few seconds where someone might hack you (although if you have patched system it would be like the chance of winning the lottery),change firewall and get one that runs as service.

    But my advice is not to get so paranoid about it.Think of the 2 choices,make a decision and relax,don't think about it anymore.Or if you really like Jetico and don't want to leave it,you could consider using a HIPS that runs as service,cause it would stop anything trying to execute without your authorization.Right now i use just a simple free firewall behind the router and SSM free.No resident AV.
     
  9. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    I don't feel paranoid about the situation, I feel relatively safe; but I am trying to get as clear a picture of my situation before making a final decision/adjustment.

    You mention SSM, and I downloaded it but have never run it yet. Does it run as a service? And does it lock out any changes to the system that might be attempted during start-up and shut-down?

    I've grown to like Jetico 1 for its lightness and flexible adjustability. If I can keep it and stay safe, I think I will, for now at least.


    //
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    All HIPS run as a service ;)
    You have two situations before logon and between user switching:
    -Incoming connections: your NAT/SPI router protects you so no problems. The concerns are if you are in a public LAN/WLAN
    -Outgoing connections: the network subsystem is loaded before the firewall driver. If your system is infected this is the opportunity to phone home.
    You can ask Stem to test Jetico with NTWrapper
     
  11. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    Thanks, Lucas. I'll do that.


    //
     
  12. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Samspade,

    I don't know about your wifi - but mine is usually the last thing to start. Usually, my laptop wakes up from hibernate, I log on, and then a moment or two later as the machine wakes up the connection is re-established.

    Check to see how quick you get a wifi connection in the boot process.


    Mike
     
  13. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415


    How does one check that? And can you be sure that no code can get into or out of your system even if the wifi is not fully operational??

    Sam


    //
     
Loading...
Thread Status:
Not open for further replies.