Question re: XP start-up sequence

Discussion in 'NZ Computing' started by aka Bob, Oct 1, 2006.

  1. aka Bob

    aka Bob Guest

    I've noticed that when I start up in WXPpro, certain programmes start
    up first and in a particular sequence. What I'd like to see is my
    firewall starting up before anything else, followed by my antivirus.
    Is there a way to configure this to happen? And, if so, how should I
    go about it? TIA.
    aka Bob, Oct 1, 2006
    #1
    1. Advertising

  2. aka Bob

    Dave Taylor Guest

    aka Bob <> wrote in
    news::

    > I've noticed that when I start up in WXPpro, certain programmes start
    > up first and in a particular sequence. What I'd like to see is my
    > firewall starting up before anything else, followed by my antivirus.
    > Is there a way to configure this to happen? And, if so, how should I
    > go about it? TIA.
    >


    Use this tool:

    http://www.r2.com.au/software.php?page=2
    &show=startdelay&vrn=startdelay_v2.2b85

    http://tinyurl.com/qy53c

    Startup Delayer v2.2.85
    Released: 3rd August 2006 [View Release Notes]
    The power to speed up your computer's startup process!

    Can you learn another language in the time it takes for your machine to
    boot? Do you turn on your PC when you go to bed, so it's finished booting
    by the time you get home from work the next day?

    When Windows loads it's Startup file, it attempts to load every program
    in there at the same time. Therefore if you have quite a lot of programs
    starting when Windows starts, each program will try and grab CPU time so
    that it can load.

    If each program tries to do this at the same time, you soon notice the
    slow down that occurs, due to your CPU trying to help all the programs to
    load, and your hard disk accessing multiple files.

    Startup Delayer allows you to setup how many seconds after Windows has
    started, to load each program.

    For Example:
    If you have your mail program and a special clock starting up, then you
    can make your mail start say 10 seconds after Windows has loaded, and
    then the special clock start 20 seconds after Windows Starts.

    Compatible with Windows 98/ME/2000/XP

    --
    Ciao, Dave
    Dave Taylor, Oct 1, 2006
    #2
    1. Advertising

  3. In message <>, aka Bob wrote:

    > What I'd like to see is my
    > firewall starting up before anything else, followed by my antivirus.


    You mean it doesn't already? Does that mean network services that start
    before the firewall are vulnerable until the firewall starts?
    Lawrence D'Oliveiro, Oct 6, 2006
    #3
  4. aka Bob

    aka Bob Guest

    On Fri, 06 Oct 2006 22:13:39 +1300, Lawrence D'Oliveiro
    <_zealand> magnanimously proffered:

    >In message <>, aka Bob wrote:
    >
    >> What I'd like to see is my
    >> firewall starting up before anything else, followed by my antivirus.

    >
    >You mean it doesn't already? Does that mean network services that start
    >before the firewall are vulnerable until the firewall starts?


    Looks like it! What's of even greater concern is that (usually, but
    not always) the first thing to load is my world clock and atomic
    clock, both of which have access to the net. It's only a matter of
    seconds, but on broadband a couple of seconds is all it takes.
    Fortunately, frequent antivirus scans with KAV tell me that my system
    is still clean.
    aka Bob, Oct 7, 2006
    #4
  5. aka Bob

    Dave Taylor Guest

    aka Bob <> wrote in
    news::

    > On Fri, 06 Oct 2006 22:13:39 +1300, Lawrence D'Oliveiro
    > <_zealand> magnanimously proffered:
    >
    >>In message <>, aka Bob wrote:
    >>
    >>> What I'd like to see is my
    >>> firewall starting up before anything else, followed by my antivirus.

    >>
    >>You mean it doesn't already? Does that mean network services that start
    >>before the firewall are vulnerable until the firewall starts?

    >
    > Looks like it! What's of even greater concern is that (usually, but
    > not always) the first thing to load is my world clock and atomic
    > clock, both of which have access to the net. It's only a matter of
    > seconds, but on broadband a couple of seconds is all it takes.
    > Fortunately, frequent antivirus scans with KAV tell me that my system
    > is still clean.
    >
    >
    >

    Some firewalls, actually almost all desktop firewalls, have a couple of
    modules. One is a GUI, the other a networking service. If it is designed
    properly, the network will always be protected as there is a spec on how to
    plug a firewall into XP. This is why ZoneAlarm can break your networking
    if it gets corrupted, or does not uninstall properly.


    --
    Ciao, Dave
    Dave Taylor, Oct 7, 2006
    #5
  6. In message <Xns9855988FB3F87daveytaynospamplshot@203.97.37.6>, Dave Taylor
    wrote:

    > aka Bob <> wrote in
    > news::
    >
    >> On Fri, 06 Oct 2006 22:13:39 +1300, Lawrence D'Oliveiro
    >> <_zealand> magnanimously proffered:
    >>
    >>>In message <>, aka Bob wrote:
    >>>
    >>>> What I'd like to see is my
    >>>> firewall starting up before anything else, followed by my antivirus.
    >>>
    >>>You mean it doesn't already? Does that mean network services that start
    >>>before the firewall are vulnerable until the firewall starts?

    >>
    >> Looks like it! What's of even greater concern is that (usually, but
    >> not always) the first thing to load is my world clock and atomic
    >> clock, both of which have access to the net. It's only a matter of
    >> seconds, but on broadband a couple of seconds is all it takes.
    >> Fortunately, frequent antivirus scans with KAV tell me that my system
    >> is still clean.
    >>
    >>

    > Some firewalls, actually almost all desktop firewalls, have a couple of
    > modules.


    On my Gentoo system:

    root@theon:~ # more /etc/init.d/iptables
    ....
    depend() {
    before net
    ....

    You know what that "before" means? It means run the firewall startup script
    _before_ the network is enabled. Not after.
    Lawrence D'Oliveiro, Oct 7, 2006
    #6
  7. aka Bob

    David Guest

    aka Bob wrote:
    > On Fri, 06 Oct 2006 22:13:39 +1300, Lawrence D'Oliveiro
    > <_zealand> magnanimously proffered:
    >
    >> In message <>, aka Bob wrote:
    >>
    >>> What I'd like to see is my
    >>> firewall starting up before anything else, followed by my antivirus.

    >> You mean it doesn't already? Does that mean network services that start
    >> before the firewall are vulnerable until the firewall starts?

    >
    > Looks like it! What's of even greater concern is that (usually, but
    > not always) the first thing to load is my world clock and atomic
    > clock, both of which have access to the net. It's only a matter of
    > seconds, but on broadband a couple of seconds is all it takes.
    > Fortunately, frequent antivirus scans with KAV tell me that my system
    > is still clean.
    >
    >

    Since you're running XP, you probably don't need this 'atomic clock',
    assuming its an application to update your system time over the
    internet. Just make sure the 'Windows Time' service is running, and it
    is configured to update your system time every so often from a suitable
    server (you can set this up on the 'Internet Time' tab of Date/Time
    settings).
    David, Oct 7, 2006
    #7
  8. aka Bob

    TomC Guest


    >>>> What I'd like to see is my
    >>>> firewall starting up before anything else, followed by my antivirus.
    >>> You mean it doesn't already? Does that mean network services that start
    >>> before the firewall are vulnerable until the firewall starts?

    >>
    >> Looks like it! What's of even greater concern is that (usually, but
    >> not always) the first thing to load is my world clock and atomic
    >> clock, both of which have access to the net. It's only a matter of
    >> seconds, but on broadband a couple of seconds is all it takes.
    >> Fortunately, frequent antivirus scans with KAV tell me that my system
    >> is still clean.
    >>
    >>

    > Since you're running XP, you probably don't need this 'atomic clock',
    > assuming its an application to update your system time over the
    > internet. Just make sure the 'Windows Time' service is running, and it
    > is configured to update your system time every so often from a suitable
    > server (you can set this up on the 'Internet Time' tab of Date/Time
    > settings).


    Why worry?
    Software firewalls are poor security anyway. Any
    determined hacker can disable or
    circumvent them. They may stop the odd worm trying
    to gain access, but really! if you
    want a real hardware firewall, my partner compiles
    Linux Firewalls.
    Hackers have tried to get through & failed.
    Interesting to see just many pings from
    strange IP addresses take place every day.
    If you have sensitive valuable data, you should
    have a serious firewall.

    Cheers Tom

    * Thankfully this message was not scanned by AVG
    Free *
    TomC, Oct 7, 2006
    #8
  9. In message <eg7nhm$cg6$>, TomC wrote:

    > Why worry? Software firewalls are poor security anyway. Any
    > determined hacker can disable or circumvent them.


    I've never heard of anybody circumventing netfilter/iptables. Care to offer
    an instance?
    Lawrence D'Oliveiro, Oct 7, 2006
    #9
  10. aka Bob

    David Guest

    TomC wrote:
    >
    >>>>> What I'd like to see is my
    >>>>> firewall starting up before anything else, followed by my antivirus.
    >>>> You mean it doesn't already? Does that mean network services that start
    >>>> before the firewall are vulnerable until the firewall starts?
    >>>
    >>> Looks like it! What's of even greater concern is that (usually, but
    >>> not always) the first thing to load is my world clock and atomic
    >>> clock, both of which have access to the net. It's only a matter of
    >>> seconds, but on broadband a couple of seconds is all it takes.
    >>> Fortunately, frequent antivirus scans with KAV tell me that my system
    >>> is still clean.
    >>>
    >>>

    >> Since you're running XP, you probably don't need this 'atomic clock',
    >> assuming its an application to update your system time over the
    >> internet. Just make sure the 'Windows Time' service is running, and it
    >> is configured to update your system time every so often from a
    >> suitable server (you can set this up on the 'Internet Time' tab of
    >> Date/Time settings).

    >
    > Why worry?
    > Software firewalls are poor security anyway. Any determined hacker can
    > disable or
    > circumvent them. They may stop the odd worm trying to gain access, but
    > really! if you
    > want a real hardware firewall, my partner compiles Linux Firewalls.


    Uh, linux firewall? How is this not a 'software' firewall?

    > Hackers have tried to get through & failed. Interesting to see just many
    > pings from
    > strange IP addresses take place every day.
    > If you have sensitive valuable data, you should have a serious firewall.
    >
    > Cheers Tom
    >
    > * Thankfully this message was not scanned by AVG Free *
    >
    David, Oct 8, 2006
    #10
  11. aka Bob

    Dave Doe Guest

    In article <eg7nhm$cg6$>, says...
    >
    > >>>> What I'd like to see is my
    > >>>> firewall starting up before anything else, followed by my antivirus.
    > >>> You mean it doesn't already? Does that mean network services that start
    > >>> before the firewall are vulnerable until the firewall starts?
    > >>
    > >> Looks like it! What's of even greater concern is that (usually, but
    > >> not always) the first thing to load is my world clock and atomic
    > >> clock, both of which have access to the net. It's only a matter of
    > >> seconds, but on broadband a couple of seconds is all it takes.
    > >> Fortunately, frequent antivirus scans with KAV tell me that my system
    > >> is still clean.
    > >>
    > >>

    > > Since you're running XP, you probably don't need this 'atomic clock',
    > > assuming its an application to update your system time over the
    > > internet. Just make sure the 'Windows Time' service is running, and it
    > > is configured to update your system time every so often from a suitable
    > > server (you can set this up on the 'Internet Time' tab of Date/Time
    > > settings).

    >
    > Why worry?
    > Software firewalls are poor security anyway. Any
    > determined hacker can disable or
    > circumvent them. They may stop the odd worm trying
    > to gain access, but really! if you
    > want a real hardware firewall, my partner compiles
    > Linux Firewalls.
    > Hackers have tried to get through & failed.
    > Interesting to see just many pings from
    > strange IP addresses take place every day.
    > If you have sensitive valuable data, you should
    > have a serious firewall.
    >
    > Cheers Tom
    >
    > * Thankfully this message was not scanned by AVG
    > Free *


    User added to bozo bin.

    --
    Duncan
    Dave Doe, Oct 8, 2006
    #11
  12. aka Bob

    Dave Doe Guest

    In article <>, says...
    > David wrote:
    > > TomC wrote:
    > >>
    > >>>>>> What I'd like to see is my
    > >>>>>> firewall starting up before anything else, followed by my antivirus.
    > >>>>> You mean it doesn't already? Does that mean network services that
    > >>>>> start
    > >>>>> before the firewall are vulnerable until the firewall starts?
    > >>>>
    > >>>> Looks like it! What's of even greater concern is that (usually, but
    > >>>> not always) the first thing to load is my world clock and atomic
    > >>>> clock, both of which have access to the net. It's only a matter of
    > >>>> seconds, but on broadband a couple of seconds is all it takes.
    > >>>> Fortunately, frequent antivirus scans with KAV tell me that my system
    > >>>> is still clean.
    > >>>>
    > >>>>
    > >>> Since you're running XP, you probably don't need this 'atomic clock',
    > >>> assuming its an application to update your system time over the
    > >>> internet. Just make sure the 'Windows Time' service is running, and
    > >>> it is configured to update your system time every so often from a
    > >>> suitable server (you can set this up on the 'Internet Time' tab of
    > >>> Date/Time settings).
    > >>
    > >> Why worry?
    > >> Software firewalls are poor security anyway. Any determined hacker can
    > >> disable or
    > >> circumvent them. They may stop the odd worm trying to gain access, but
    > >> really! if you
    > >> want a real hardware firewall, my partner compiles Linux Firewalls.

    > >
    > > Uh, linux firewall? How is this not a 'software' firewall?

    > Because it is compiled to run on a seperate machine to the rest and is
    > the only entry to the local network for the internet.


    So? How is that different (albiet one less PC and the money saved), if
    you have two NIC's on a machine, firewall the internet one, and localise
    the other? (There are firewalls around that handle that).

    The fact that a machine is physically seperate is meaningless.

    > I suppose technically all firewalls are software, because they all run
    > under and os, but software running a dedicated task on a dedicated
    > appliance will be inherently more secure that a hunk of code running on
    > the machine you are working on.


    True, indeed a software firewall is far more likely to be updated if
    bugs are found, than hardware ROM updates.

    --
    Duncan
    Dave Doe, Oct 8, 2006
    #12
  13. aka Bob

    TomC Guest

    Collector_NZ wrote:
    > David wrote:
    >> TomC wrote:
    >>>
    >>>>>>> What I'd like to see is my
    >>>>>>> firewall starting up before anything else, followed by my antivirus.
    >>>>>> You mean it doesn't already? Does that mean network services that
    >>>>>> start
    >>>>>> before the firewall are vulnerable until the firewall starts?
    >>>>>
    >>>>> Looks like it! What's of even greater concern is that (usually, but
    >>>>> not always) the first thing to load is my world clock and atomic
    >>>>> clock, both of which have access to the net. It's only a matter of
    >>>>> seconds, but on broadband a couple of seconds is all it takes.
    >>>>> Fortunately, frequent antivirus scans with KAV tell me that my system
    >>>>> is still clean.
    >>>>>
    >>>>>
    >>>> Since you're running XP, you probably don't need this 'atomic
    >>>> clock', assuming its an application to update your system time over
    >>>> the internet. Just make sure the 'Windows Time' service is running,
    >>>> and it is configured to update your system time every so often from
    >>>> a suitable server (you can set this up on the 'Internet Time' tab of
    >>>> Date/Time settings).
    >>>
    >>> Why worry?
    >>> Software firewalls are poor security anyway. Any determined hacker
    >>> can disable or
    >>> circumvent them. They may stop the odd worm trying to gain access,
    >>> but really! if you
    >>> want a real hardware firewall, my partner compiles Linux Firewalls.

    >>
    >> Uh, linux firewall? How is this not a 'software' firewall?

    > Because it is compiled to run on a seperate machine to the rest and is
    > the only entry to the local network for the internet.
    >
    > I suppose technically all firewalls are software, because they all run
    > under and os, but software running a dedicated task on a dedicated
    > appliance will be inherently more secure that a hunk of code running on
    > the machine you are working on.
    >

    Good answer! Also there is no graphical interface
    which closes a big security issue.
    Everything is compiled using the minimum of
    modules/drivers & edited using the command line.
    CISCO also use the term "hardware" firewall &
    being on a separate computer really enhances
    security. All "software" firewalls such as
    Zonealarm are sitting on the system which it is
    trying to protect, embedded in the windows
    registry :) Security people have tried to rename
    these "firewalls" because they although they
    close a few ports & "claim" to hide the user, they
    mainly work on the Application layer, trying to
    control access permissions.
    It is a marketing strategy to call them firewalls!
    It is actually better to stop unused services &
    ports....try this tool:
    http://www.ntsvcfg.de/ntsvcfg_eng.html#_pfw

    "Hardware" firewalls use packet filtering to
    examine the header of a packet to determine its
    source and destination. This information is
    compared to a set of predefined or user-created
    rules that determine whether the packet is to be
    forwarded or dropped.
    So your requests pass & hacker requests
    originating from outside your system get rejected.

    A additional feature of a firewall is IP
    masquerading is a form of network address
    translation (NAT) which allows internal computers
    with no known address outside their network, to
    communicate to the outside. It allows one machine
    to act on behalf of other machines.

    So Dave Doe Duncan, when it comes to computers,
    the internet & security.....we are all just
    scratching the surface & I don't mind admitting it!

    Cheers Tom
    TomC, Oct 8, 2006
    #13
  14. aka Bob

    Shane Guest

    Dave Doe wrote:

    > In article <>, says...
    >> David wrote:
    >> > TomC wrote:
    >> >>
    >> >>>>>> What I'd like to see is my
    >> >>>>>> firewall starting up before anything else, followed by my
    >> >>>>>> antivirus.
    >> >>>>> You mean it doesn't already? Does that mean network services that
    >> >>>>> start
    >> >>>>> before the firewall are vulnerable until the firewall starts?
    >> >>>>
    >> >>>> Looks like it! What's of even greater concern is that (usually, but
    >> >>>> not always) the first thing to load is my world clock and atomic
    >> >>>> clock, both of which have access to the net. It's only a matter of
    >> >>>> seconds, but on broadband a couple of seconds is all it takes.
    >> >>>> Fortunately, frequent antivirus scans with KAV tell me that my
    >> >>>> system is still clean.
    >> >>>>
    >> >>>>
    >> >>> Since you're running XP, you probably don't need this 'atomic clock',
    >> >>> assuming its an application to update your system time over the
    >> >>> internet. Just make sure the 'Windows Time' service is running, and
    >> >>> it is configured to update your system time every so often from a
    >> >>> suitable server (you can set this up on the 'Internet Time' tab of
    >> >>> Date/Time settings).
    >> >>
    >> >> Why worry?
    >> >> Software firewalls are poor security anyway. Any determined hacker can
    >> >> disable or
    >> >> circumvent them. They may stop the odd worm trying to gain access, but
    >> >> really! if you
    >> >> want a real hardware firewall, my partner compiles Linux Firewalls.
    >> >
    >> > Uh, linux firewall? How is this not a 'software' firewall?

    >> Because it is compiled to run on a seperate machine to the rest and is
    >> the only entry to the local network for the internet.

    >
    > So? How is that different (albiet one less PC and the money saved), if
    > you have two NIC's on a machine, firewall the internet one, and localise
    > the other? (There are firewalls around that handle that).
    >
    > The fact that a machine is physically seperate is meaningless.
    >
    >> I suppose technically all firewalls are software, because they all run
    >> under and os, but software running a dedicated task on a dedicated
    >> appliance will be inherently more secure that a hunk of code running on
    >> the machine you are working on.

    >
    > True, indeed a software firewall is far more likely to be updated if
    > bugs are found, than hardware ROM updates.
    >


    One serious issue that you have overlooked with regard to the firewall
    software running on the same machine as your other applications, opposed to
    the dedicated box. The *other* applications can interfere with your
    firewall software
    The other applications can create holes, interfere with permissions, and
    worse, interfere with the firewall software directly (spyware rings a bell)
    Further, theres the users on your machine(s) who (deliberate or otherwise)
    cause even more issues, which they cant when the firewall is separate

    The only advantage of a local firewall, is it *may* be aware of the
    application attempting to connect to the intarweb

    --
    Zapp Brannigan: [laughing] Oh, god, you're killing me.
    [The Amazonians begin beating Zapp with heavy clubs.]
    Zapp Brannigan: Oh, god, you're killing me!

    blog: http://shanes.dyndns.org
    Shane, Oct 8, 2006
    #14
  15. aka Bob

    Dave Doe Guest

    In article <ega08q$fc1$>, -a-geek.net
    says...
    > Dave Doe wrote:
    >
    > > In article <>, says...
    > >> David wrote:
    > >> > TomC wrote:
    > >> >>
    > >> >>>>>> What I'd like to see is my
    > >> >>>>>> firewall starting up before anything else, followed by my
    > >> >>>>>> antivirus.
    > >> >>>>> You mean it doesn't already? Does that mean network services that
    > >> >>>>> start
    > >> >>>>> before the firewall are vulnerable until the firewall starts?
    > >> >>>>
    > >> >>>> Looks like it! What's of even greater concern is that (usually, but
    > >> >>>> not always) the first thing to load is my world clock and atomic
    > >> >>>> clock, both of which have access to the net. It's only a matter of
    > >> >>>> seconds, but on broadband a couple of seconds is all it takes.
    > >> >>>> Fortunately, frequent antivirus scans with KAV tell me that my
    > >> >>>> system is still clean.
    > >> >>>>
    > >> >>>>
    > >> >>> Since you're running XP, you probably don't need this 'atomic clock',
    > >> >>> assuming its an application to update your system time over the
    > >> >>> internet. Just make sure the 'Windows Time' service is running, and
    > >> >>> it is configured to update your system time every so often from a
    > >> >>> suitable server (you can set this up on the 'Internet Time' tab of
    > >> >>> Date/Time settings).
    > >> >>
    > >> >> Why worry?
    > >> >> Software firewalls are poor security anyway. Any determined hacker can
    > >> >> disable or
    > >> >> circumvent them. They may stop the odd worm trying to gain access, but
    > >> >> really! if you
    > >> >> want a real hardware firewall, my partner compiles Linux Firewalls.
    > >> >
    > >> > Uh, linux firewall? How is this not a 'software' firewall?
    > >> Because it is compiled to run on a seperate machine to the rest and is
    > >> the only entry to the local network for the internet.

    > >
    > > So? How is that different (albiet one less PC and the money saved), if
    > > you have two NIC's on a machine, firewall the internet one, and localise
    > > the other? (There are firewalls around that handle that).
    > >
    > > The fact that a machine is physically seperate is meaningless.
    > >
    > >> I suppose technically all firewalls are software, because they all run
    > >> under and os, but software running a dedicated task on a dedicated
    > >> appliance will be inherently more secure that a hunk of code running on
    > >> the machine you are working on.

    > >
    > > True, indeed a software firewall is far more likely to be updated if
    > > bugs are found, than hardware ROM updates.
    > >

    >
    > One serious issue that you have overlooked with regard to the firewall
    > software running on the same machine as your other applications, opposed to
    > the dedicated box. The *other* applications can interfere with your
    > firewall software
    > The other applications can create holes, interfere with permissions, and
    > worse, interfere with the firewall software directly (spyware rings a bell)
    > Further, theres the users on your machine(s) who (deliberate or otherwise)
    > cause even more issues, which they cant when the firewall is separate
    >
    > The only advantage of a local firewall, is it *may* be aware of the
    > application attempting to connect to the intarweb


    Absolutely, however are we talking about such a system? - separate boxes
    for everything; server, email, firewall, web ... etc - or a home network
    / home PC's?

    'cos I don't think home users need two computers to connect to the
    internet.

    --
    Duncan
    Dave Doe, Oct 8, 2006
    #15
  16. aka Bob

    Shane Guest

    Dave Doe wrote:

    > In article <ega08q$fc1$>, -a-geek.net
    > says...
    >> Dave Doe wrote:
    >>
    >> > In article <>, says...
    >> >> David wrote:
    >> >> > TomC wrote:
    >> >> >>
    >> >> >>>>>> What I'd like to see is my
    >> >> >>>>>> firewall starting up before anything else, followed by my
    >> >> >>>>>> antivirus.
    >> >> >>>>> You mean it doesn't already? Does that mean network services
    >> >> >>>>> that start
    >> >> >>>>> before the firewall are vulnerable until the firewall starts?
    >> >> >>>>
    >> >> >>>> Looks like it! What's of even greater concern is that (usually,
    >> >> >>>> but not always) the first thing to load is my world clock and
    >> >> >>>> atomic clock, both of which have access to the net. It's only a
    >> >> >>>> matter of seconds, but on broadband a couple of seconds is all it
    >> >> >>>> takes. Fortunately, frequent antivirus scans with KAV tell me
    >> >> >>>> that my system is still clean.
    >> >> >>>>
    >> >> >>>>
    >> >> >>> Since you're running XP, you probably don't need this 'atomic
    >> >> >>> clock', assuming its an application to update your system time
    >> >> >>> over the internet. Just make sure the 'Windows Time' service is
    >> >> >>> running, and it is configured to update your system time every so
    >> >> >>> often from a suitable server (you can set this up on the 'Internet
    >> >> >>> Time' tab of Date/Time settings).
    >> >> >>
    >> >> >> Why worry?
    >> >> >> Software firewalls are poor security anyway. Any determined hacker
    >> >> >> can disable or
    >> >> >> circumvent them. They may stop the odd worm trying to gain access,
    >> >> >> but really! if you
    >> >> >> want a real hardware firewall, my partner compiles Linux Firewalls.
    >> >> >
    >> >> > Uh, linux firewall? How is this not a 'software' firewall?
    >> >> Because it is compiled to run on a seperate machine to the rest and is
    >> >> the only entry to the local network for the internet.
    >> >
    >> > So? How is that different (albiet one less PC and the money saved), if
    >> > you have two NIC's on a machine, firewall the internet one, and
    >> > localise
    >> > the other? (There are firewalls around that handle that).
    >> >
    >> > The fact that a machine is physically seperate is meaningless.
    >> >
    >> >> I suppose technically all firewalls are software, because they all run
    >> >> under and os, but software running a dedicated task on a dedicated
    >> >> appliance will be inherently more secure that a hunk of code running
    >> >> on the machine you are working on.
    >> >
    >> > True, indeed a software firewall is far more likely to be updated if
    >> > bugs are found, than hardware ROM updates.
    >> >

    >>
    >> One serious issue that you have overlooked with regard to the firewall
    >> software running on the same machine as your other applications, opposed
    >> to
    >> the dedicated box. The *other* applications can interfere with your
    >> firewall software
    >> The other applications can create holes, interfere with permissions, and
    >> worse, interfere with the firewall software directly (spyware rings a
    >> bell) Further, theres the users on your machine(s) who (deliberate or
    >> otherwise) cause even more issues, which they cant when the firewall is
    >> separate
    >>
    >> The only advantage of a local firewall, is it *may* be aware of the
    >> application attempting to connect to the intarweb

    >
    > Absolutely, however are we talking about such a system? - separate boxes
    > for everything; server, email, firewall, web ... etc - or a home network
    > / home PC's?
    >
    > 'cos I don't think home users need two computers to connect to the
    > internet.
    >



    That would be the first time that distinction has been made
    It *could* be argued that if the home user has an adsl connection then two
    computers is mandatory (The modem/router counts as a computer/firewall)

    --
    Lord Mayor of Colon: You've damaged your brain, universe! But no more than a
    week of binge drinking or five minutes on a cellphone!

    blog: http://shanes.dyndns.org
    Shane, Oct 8, 2006
    #16
  17. In message <ega08q$fc1$>, Shane wrote:

    > One serious issue that you have overlooked with regard to the firewall
    > software running on the same machine as your other applications, opposed
    > to the dedicated box. The *other* applications can interfere with your
    > firewall software
    > The other applications can create holes, interfere with permissions, and
    > worse, interfere with the firewall software directly (spyware rings a
    > bell) Further, theres the users on your machine(s) who (deliberate or
    > otherwise) cause even more issues, which they cant when the firewall is
    > separate


    Such interference is a bit harder to commit if the OS provides proper
    separation of permissions. So without the right privileges, no user or
    application can change the firewall settings.
    Lawrence D'Oliveiro, Oct 8, 2006
    #17
  18. aka Bob

    Shane Guest

    Lawrence D'Oliveiro wrote:

    > In message <ega08q$fc1$>, Shane wrote:
    >
    >> One serious issue that you have overlooked with regard to the firewall
    >> software running on the same machine as your other applications, opposed
    >> to the dedicated box. The *other* applications can interfere with your
    >> firewall software
    >> The other applications can create holes, interfere with permissions, and
    >> worse, interfere with the firewall software directly (spyware rings a
    >> bell) Further, theres the users on your machine(s) who (deliberate or
    >> otherwise) cause even more issues, which they cant when the firewall is
    >> separate

    >
    > Such interference is a bit harder to commit if the OS provides proper
    > separation of permissions. So without the right privileges, no user or
    > application can change the firewall settings.


    Harder... but not impossible
    --
    Elzar: Here you go, big spender. Fois Gras and caviar.
    Dr. Zoidberg: Goose liver? Fish eggs? Where's the goose? Where's the fish?
    Elzar: Hey, that's what rich people eat. The garbage parts of the food.
    Dr. Zoidberg: I ate garbage yesterday, and it didn't cost me $300!

    blog: http://shanes.dyndns.org
    Shane, Oct 8, 2006
    #18
  19. In message <egbelc$3t7$>, Shane wrote:

    > Lawrence D'Oliveiro wrote:
    >
    >> In message <ega08q$fc1$>, Shane wrote:
    >>
    >>> One serious issue that you have overlooked with regard to the firewall
    >>> software running on the same machine as your other applications, opposed
    >>> to the dedicated box. The *other* applications can interfere with your
    >>> firewall software
    >>> The other applications can create holes, interfere with permissions, and
    >>> worse, interfere with the firewall software directly (spyware rings a
    >>> bell) Further, theres the users on your machine(s) who (deliberate or
    >>> otherwise) cause even more issues, which they cant when the firewall is
    >>> separate

    >>
    >> Such interference is a bit harder to commit if the OS provides proper
    >> separation of permissions. So without the right privileges, no user or
    >> application can change the firewall settings.

    >
    > Harder... but not impossible


    Knocking over physically separate firewalls is not impossible, either
    <http://www.freedom-to-tinker.com/?p=876>. So the idea that a firewall
    implemented in software, running on the same OS, is somehow "inferior",
    seems hard to countenance, particularly when that OS (Linux) implements
    rigorous privilege separations, and indeed that same firewall software/OS
    combination is regularly used to protect more vulnerable platforms.
    Lawrence D'Oliveiro, Oct 8, 2006
    #19
  20. aka Bob

    Shane Guest

    Lawrence D'Oliveiro wrote:

    > In message <egbelc$3t7$>, Shane wrote:
    >
    >> Lawrence D'Oliveiro wrote:
    >>
    >>> In message <ega08q$fc1$>, Shane wrote:
    >>>
    >>>> One serious issue that you have overlooked with regard to the firewall
    >>>> software running on the same machine as your other applications,
    >>>> opposed
    >>>> to the dedicated box. The *other* applications can interfere with your
    >>>> firewall software
    >>>> The other applications can create holes, interfere with permissions,
    >>>> and worse, interfere with the firewall software directly (spyware rings
    >>>> a bell) Further, theres the users on your machine(s) who (deliberate or
    >>>> otherwise) cause even more issues, which they cant when the firewall is
    >>>> separate
    >>>
    >>> Such interference is a bit harder to commit if the OS provides proper
    >>> separation of permissions. So without the right privileges, no user or
    >>> application can change the firewall settings.

    >>
    >> Harder... but not impossible

    >
    > Knocking over physically separate firewalls is not impossible, either
    > <http://www.freedom-to-tinker.com/?p=876>. So the idea that a firewall
    > implemented in software, running on the same OS, is somehow "inferior",
    > seems hard to countenance, particularly when that OS (Linux) implements
    > rigorous privilege separations, and indeed that same firewall software/OS
    > combination is regularly used to protect more vulnerable platforms.



    Privilege escalation is infinitely more trivial than knocking over the
    dedicated firewall

    Oh and I point you at www.openbsd.org, *ONE* remote hole found over more
    than 10 years

    --
    Fry: My fellow fish monsters, far be it for me to question your stupid
    culture and its idiotic customs, but will using a giant nutcracker to
    squeeze each other's brains out solve anything?

    blog: http://shanes.dyndns.org
    Shane, Oct 9, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?ZnJlZA==?=

    Driver intialization sequence

    =?Utf-8?B?ZnJlZA==?=, Dec 17, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    574
    =?Utf-8?B?ZnJlZA==?=
    Dec 17, 2004
  2. Dovelet

    Problem in the Wireless LAN domain login sequence

    Dovelet, Dec 8, 2005, in forum: Wireless Networking
    Replies:
    4
    Views:
    24,503
    Dovelet
    Jan 5, 2006
  3. filip
    Replies:
    2
    Views:
    395
    filip
    Jan 18, 2004
  4. bird

    BOOT SEQUENCE (how to change boot sequence)

    bird, Dec 23, 2003, in forum: Computer Support
    Replies:
    13
    Views:
    42,129
    gangle
    Dec 24, 2003
  5. John Smith

    PC Boot sequence question

    John Smith, Feb 26, 2009, in forum: Computer Support
    Replies:
    25
    Views:
    2,173
    John Smith
    Mar 4, 2009
Loading...

Share This Page