Sean thanks I just reread XP sp2 details and your right sp2 starts the firewall SOONER during boot (like before it starts most network services :-)
http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnwx p/html/securityinxpsp2.asp Boot time security. In earlier versions of Windows there is a window of time between when the network stack started and when ICF provided protection. Consequently, a packet could have been received and delivered to a service without ICF filtering it, potentially exposing the computer to vulnerabilities. In SP2, the firewall driver has a static rule called a boot-time policy to perform stateful filtering. This will allow the computer to perform basic networking tasks such as DNS and DHCP and communicate with a Domain Controller to obtain policy. Once the firewall service is running, it will load and apply the run-time ICF policy and remove the boot-time filters. This change should increase system security without affecting applications. [EMAIL PROTECTED] GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2 > -----Original Message----- > From: Sean Donelan [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 04, 2004 8:55 AM > To: Smith, Donald > Cc: [EMAIL PROTECTED] > Subject: RE: FW: Worms versus Bots > > > On Tue, 4 May 2004, Smith, Donald wrote: > > If you follow these steps outlined by SANS you should be able to > > successfully update and NOT get infected. This is short, > easy, fully > > documented (with pictures :) > > http://www.sans.org/rr/papers/index.php?id=1298 > > The risk is smaller, but still exists if you follow these > directions for XP pre-SP2. See the Microsoft release notes > for XP SP2 for details about the fix. > > If you do not have XP SP2, you need to disconnect your > computer from the network prior to every boot cycle until it > is fully patched. > >