I am kind of confused. You connect to the internet after your OS has booted up. So when every security item is in place, only then you logon to internet right. So why are we saying that, I quote
" the time between opening up > > the pc and the anti-virus and firewall to boot up takes about 2 minutes in > > total... Is there a small security risk within those two minutes as the pc > > is virtually open to the internet? Hence, let everything load and all security is in place, only then you would connect to internet. Sounds like you logon to internet as the OS is loading halfway. Cheers Gill -----Original Message----- From: Cheryl Goh [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 3:06 PM To: Jeremy Anderson Cc: [EMAIL PROTECTED] Subject: Re: security question I totally agree with Jeremy. If file and print sharing is turned off and there are no other services such as an FTP or IIS Server running on the box (this would be 3rd party app in the case of win98) then the chances of hacking the box is extremely low. It is only when the user chats on IRC or surfs the web that vulnerabilities are introduced. By then your personal firewall would have loaded anyway. I'm not sure on this but an issue would also be at what point the network services are loaded. Chances are the the firewall is loaded within a few seconds of the network services thus reducing the window size. Any thoughts? ----- Original Message ----- From: "Jeremy Anderson" <[EMAIL PROTECTED]> To: "Enquiries" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, July 12, 2002 9:04 AM Subject: Re: security question > On Thu, 11 Jul 2002, Enquiries wrote: > > > Dear All > > > > I have been wondering for quite some time since I got broadband a few weeks > > ago whether the followign is a security risk: the time between opening up > > the pc and the anti-virus and firewall to boot up takes about 2 minutes in > > total... Is there a small security risk within those two minutes as the pc > > is virtually open to the internet? I have noticed that as soon as my > > firewall is finally finished booting up it does give out "denied access"? Or > > is there something there that actually protects the pc until the firewall > > and anti-virus load? If not what can one do to protect one's pc? > > > > windows 98SE - mcafee anti-virus - zonealarm firewall > > A disclaimer: I'm sorry if this message sounds a little patronizing. > Having worked in computers for 15 years now, including 8 years as a > professional sysadmin, my experience has been that clever uberhackers who > can pry a PC wide open in the 30 second window between the network being > started and the firewall coming up completely are EXTREMELY rare. Users > who do things which are harmful to their own systems, either due to > carelessness or neglect, are as common as dandelions in the springtime. > > I may get flamed for this, but I think in _most_ cases, personal firewalls > are redundant. > > My rationale is as follows: > > 1) A stock out-of-the box Windows 98 machine has one vulnerability to the > outside world. That is the SMB file-sharing mechanism. If you didn't > share any of your directories to the Internet (you didn't set up any > of your directories to be shared, did you?), there's not much of a > hole here. There are some other potential problems, but most of those > can be resolved by keeping your system patches up to date (have you visited > http://windowsupdate.microsoft.com/ lately?). > > 2) Many ISPs who provide broadband set up some level of firewalling at > their routers, both to save themselves from users who do > clue-challenged activities (see #1) as well as users who set up their > home machines as porn download sites, etc. > > Now, this having been said, personal firewalls aren't completely useless. > If you are downloading random games, etc. off the 'net, a personal > firewall, in conjunction with a good piece of antivirus software, will do > a lot to protect you from your own carelessless. > > Another thing to look at is what exactly your firewall is denying. For > instance, if you are seeing deny messages to port 80, it means that > something is looking for a web server which is not on your box. Usually > these are worms and robots, not human beings. I logged 250 accesses like > this to my box a few days back. Port 53 accesses are people looking for > BIND (also not on your box), 21 are searches for an FTP server you don't > have, and so on. > > In summary, there are lots of things to worry about, but this short window > between boot time and the firewall coming up is probably very low on that > list. > > Happy trails! > > Jeremy > > >
