How safe is Windows during login?

[Dragonsi]

Hi all,

I have recently had aDSL installed via a Zoom X4 modem that is always connected to the net. Since then, a burning question has been on my mind -

During boot-up and while waiting at the login screen on Windows, is my system protected from attacks?

As far as I can establish, my Firewall/AV is not fully loaded and functioning at this stage, so can my system be unprotected from hacking attacks?

[ADAM Web Design]

This is where it gets tricky.

Your system itself, for the most part, yes. Most (I won't say all because I'm not sure) attempts to gain access to one's computer require said computer to be on and logged in (since various programs and registry keys depend on the current user at the time).

Having said all of that, your connection, as long as it's on, is susceptible to DoS (Denial of Service) attacks from anyone that knows your IP address. Many of these attacks can be run regardless of your machine being on or not, since they attack the modems themselves.

One of the advantages to ADSL in Canada (I'm not sure about Wales, though) is that, by power cycling the modem, a user can obtain a different IP address, which is what the hackers are targeting with their DoS attacks anyway.

If you ever get attacked that way, it's usually pretty obvious: the send/receive lights (or TX/RX lights, depending on your modem) will stay solid, you won't be able to do much online, your computer will eventually lock up. But again, turn the modem off, and back on. If necessary, you might need to replace your network card just to obtain a different IP address (I forget why exactly this works, but it has something to do with the combintation of modem and network card when the iP is assigned.)

So...if you're all that worried, keep the modem off when you're not using it. It will save energy and you may well end up being able to take advantage of a new IP every time you reconnect.

But this all leads to my big question: what exactly are you doing where the threat of a hack attempt is that severe that you need to worry about things like this? If you're just looking at web pages, then there's very little you will find (unless you're going somewhere you're not supposed to be going) that will in any way compromise your machine.

Most of the hack attempts and things like that are not random things. Usually, someone has gone onto IRC (aka script kiddie haven) and upset the wrong people, or has gone onto AOLIM and given confidential information away without realizing it, or something like that. It's like gang violence in the sense that the odd innocent bystander gets shot, but usually the body with the tag on its toe was doing something somewhere that he/she wasn't supposed to be doing.

[Dragonsi]

Thanks Adam for your reply,

To help clear a few things, I will explain a little more about my concerns.

I recently posted a thread in the IT discusion forum..

http://www.webproworld.com/viewtopic.php?t=50379

that explains I was recently attacked by a worm/virus that placed infections on my system in one of my windows shared folders while my firewall was down. This attack was while I still had dial-up and now that my network is connected to the net all the time (or at least while powered up - I do switch off at night), this kind of attack could be more regular.

With regards to IP address, I have a fixed IP from my ISP (at some point in the near future, I want to establish remote connections to my network), the modem/router is using DCHP via a preset IP range for the 3 pc's on my network. I have done the basics of changing the default username and password for the modems admin area and the modem itself comes with a built in firewall which includes a DOS firewall.

I know for a fact that even while waiting at the logi n screen, other units on my network can see and use the shared folders on that pc - so this is why I am concerned that it might be possible for the web to see these shared folders too. I have done the 'Sheilds Up' test at www.grc.com which give the result that all ports are closed but only a few are in stealth mode.

With regards to my activity on the web, I can assure you that it is only the normal for a web developer, losts of 'normal' website's and FTP connectivity with my web servers, or and of course email. I am also starting to blacklist many common spyware locations/address on my modem to reduce the amount of junk that comes in. I am just scared that if I leave my office, is it safe to log-out and leave my pc in the windows login state.

BTW - I am using:

WinXP Home SP2 (with windows firewall switch off)
Zone Alarm Pro Security Suite

[netace]

You are doing the important things:
1. router with firewall, with certain sites banned
2. ZoneAlarm firewall on the PC
3. Windows useless firewall disabled
The next thing to do is upgrade to XP Pro SP2.

In no event should you leave your system connected to a broadband connection without the above 3 items set up.
Be sure that ZA has any sites you distrust banned also, especially block all cookies, ads and mobile code.

If you are going to be away from your PC for a while, disable internet access in ZA and preferably disconnect from your intranet. I do not like to frequently turn my computers on and off, but if I'll be gone for several hours, I power down.

[Deliguy]

The answer to your question is a resounding maybe.

Your computer's security is typically controled through windows services. This means two things. Your connected to the internet while your at the windows logon screen. Your firewall and antivirus services are running while your at the logon screen.

There are two exceptions to this. You have pc protection that doesn't use windows services(highly unlikely), or your account in which you installed the protection was a guest account or an account that lacks the privilage to create a windows service. In which case it should reinstalled anyways.

[ccole1968]

You should get a stand alone firewall (a dedicated box) and place it between your computers and the DSL modem. If you don't already have a hardware firewall in place, then you should get one. You are even more at risk because you have a static IP address. If someone wants to target you specifically, they will know where to find you on the internet. To answer the question about windows being vulnerable while not logged on, it is just as vulnerable as if you were logged on. Your computer services all start up when the computer is turned on. The only thing that differs is the fact that you are not logged on to see it. Your computer has to be "open for business" without logging yourself on. It is the basis upon which servers (yes, even home computers run server services) operate. Nobody logs onto a server in a corporate environment, but yet people can still store files on it, delete files from it, print to shared printers on it, etc. Your Windows computer is no different. If you have a home network setup, and, for example, a shared folder and shared printer on that computer, you could use the shared folder and printer without logging onto that computer. If you can do that across your local network, then someone else could attempt to hack your local network. The best solution is to get yourself a hardware firewall and then you really don't have to worry about outside hack attempts trying to get in. You would still have to worry about distributed denial of service (DDOS) types of attacks, but there is not much you can do about those. The good thing with DDOS attacks is that they target a specific computer and take a lot of work to try to setup. Unless you've really ticked someone off, they are more likely to try a DDOS on a more public target. If you are still worried about it, come by the first website in my signature and join the forum. Your questions can be answered there. For now, I would highly suggest getting that hardware firewall. They are relatively inexpensive and better than ANY software firewall. You will get a lot of piece of mind for not a lot of $$$$.