Jeremy, Sygate Personal Firewall has an option to "Block all traffic while service is not loaded". Just go to tools/options/security and check the appropriate box. If you want to test it, go to http://soho.sygate.com/default.htm to download a copy of Sygate Personal Firewall. Make sure you uninstall Zone Alarm before installing Sygate. Then, port scan the machine before the service loads if you can and you should get no reply.
Seth -----Original Message----- From: Jeremy Anderson To: Enquiries Cc: [EMAIL PROTECTED] Sent: 7/11/02 6:04 PM Subject: Re: security question On Thu, 11 Jul 2002, Enquiries wrote: > Dear All > > I have been wondering for quite some time since I got broadband a few weeks > ago whether the followign is a security risk: the time between opening up > the pc and the anti-virus and firewall to boot up takes about 2 minutes in > total... Is there a small security risk within those two minutes as the pc > is virtually open to the internet? I have noticed that as soon as my > firewall is finally finished booting up it does give out "denied access"? Or > is there something there that actually protects the pc until the firewall > and anti-virus load? If not what can one do to protect one's pc? > > windows 98SE - mcafee anti-virus - zonealarm firewall A disclaimer: I'm sorry if this message sounds a little patronizing. Having worked in computers for 15 years now, including 8 years as a professional sysadmin, my experience has been that clever uberhackers who can pry a PC wide open in the 30 second window between the network being started and the firewall coming up completely are EXTREMELY rare. Users who do things which are harmful to their own systems, either due to carelessness or neglect, are as common as dandelions in the springtime. I may get flamed for this, but I think in _most_ cases, personal firewalls are redundant. My rationale is as follows: 1) A stock out-of-the box Windows 98 machine has one vulnerability to the outside world. That is the SMB file-sharing mechanism. If you didn't share any of your directories to the Internet (you didn't set up any of your directories to be shared, did you?), there's not much of a hole here. There are some other potential problems, but most of those can be resolved by keeping your system patches up to date (have you visited http://windowsupdate.microsoft.com/ lately?). 2) Many ISPs who provide broadband set up some level of firewalling at their routers, both to save themselves from users who do clue-challenged activities (see #1) as well as users who set up their home machines as porn download sites, etc. Now, this having been said, personal firewalls aren't completely useless. If you are downloading random games, etc. off the 'net, a personal firewall, in conjunction with a good piece of antivirus software, will do a lot to protect you from your own carelessless. Another thing to look at is what exactly your firewall is denying. For instance, if you are seeing deny messages to port 80, it means that something is looking for a web server which is not on your box. Usually these are worms and robots, not human beings. I logged 250 accesses like this to my box a few days back. Port 53 accesses are people looking for BIND (also not on your box), 21 are searches for an FTP server you don't have, and so on. In summary, there are lots of things to worry about, but this short window between boot time and the firewall coming up is probably very low on that list. Happy trails! Jeremy
