Re: ZoneAlarm loading last.
- From: What's in a Name? <spamthis@xxxxxxxxxxxxxxxxx>
- Date: Mon, 27 Jun 2005 19:59:15 -0400
Duane Arnold wrote:
nemo <nemo@xxxxxxxxxxxxxxx> wrote in
news:92r0c150eperj0i83l0dnbhe83volbtk2s@xxxxxxx:
WinXP and broadband.
With ZoneAlarm loading last in my start-up sequence, am I at any risk
from the UnGodly seizing on my machine before the firewall
initialises? I ask 'cos I keep getting asked by a local county-wide
charity to set-up their volunteers' computers and I'd hate to look a
right eejit by installing ZoneAlarm on their machines only for it to
fall at the first hurdle.
You bet it can be beaten at boot, because third party PFW(s) are not an integrated part of the O/S and they are unable to get to the TCP/IP connection first before anything else can. You would have to know what registry hacks on the dependencies for services that provide the network TCP/IP connection and configure them that they couldn't start without ZA or any other PFW solution starting first. That I know of, 3rd party PFW solutions do not jack around with other service's dependencies, especially O/S ones. Yes, you could hack the registry yourself *not recommended*.
MS made a change in the XP FW so that it will get to the TCP/IP connection first at boot before anything else can to protect the TCP/IP connection, since it is an integrated O/S solution.
I am not going to stake my life on it, but I did try some of the more popular PFW(s) full trail versions and free ones as to what was happening in the boot and logon sequence by installing Gator on the machine and setting rules to block Gator by IP(s), Domain Names(s) and use the PFW"s App Control to stop execution and/or make contact with the remote sites and Gator beat them every time at the boot and logon sequence and Gator had the ability to start switching IP(s) too.
You can test it for yourself with some of the PFW solutions by using Active Ports (free), putting a short-cut for Active Ports in the Start-up folder and setting AP's refresh rate to high, installing Gator and boot machine and see what happens, along with using a packet sniffer like Ethereal. You'll most like find that Gator has made contact with several IP(s) and has sent packets to them before the PFW can get to the TCP/IP connection and stop it. You don't boot the machine and you'll have no problem.
Not even with IPsec that's on the Win 2K, XP and 2K3 O/S that the rules set in IPsec could stop Gator at the system boot and logon.
Duane :)
I have read that you shouldn't run 2 firewalls at the same time but I use Sygate Personal Firewall along with Windows Firewall(WinXP Pro).
What I haven't seen is the reason why I should turn off WF.
I don't have a router and use my XP box as ICS.
-max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
You can find my e-mail address on my pages.
.
- Follow-Ups:
- Re: ZoneAlarm loading last.
- From: Duane Arnold
- Re: ZoneAlarm loading last.
- References:
- ZoneAlarm loading last.
- From: nemo
- Re: ZoneAlarm loading last.
- From: Duane Arnold
- ZoneAlarm loading last.
- Prev by Date: Re: 550 Infections?
- Next by Date: Re: ZoneAlarm loading last.
- Previous by thread: Re: ZoneAlarm loading last.
- Next by thread: Re: ZoneAlarm loading last.
- Index(es):
Relevant Pages
|
