software firewalls and xp

using zonealarm and wondering...
is my pc connected to the net and vulnerable (ie: zonealarm not running) if no users are logged on?

 

From my experience, my ISP is disconnected if I switch user, so it will be offline at the welcome screen. Is this what you mean?

 

steev,
yes, this is exactly what I mean...thanks for your reply

can anyone else confirm? Is the pc disconnected from the net when there are no users logged in?

thanks in advance.

 

System services (such as web, ftp, SQL, etc) continue running whether a user is logged on locally or not.

 

yes, and software firewalls don't load until a user logs in.
does this mean that the pc is open to the net and vulnerable when no users are logged on?

 

Do you need to 'dial up' your internet service, or is it on straight away when you start up Windows?
I have to connect to my broadband, and when I switch user, or log off, the internet connection is disconnected - I have to connect again if I switch user or log back on. Thus my computer is safe from the net when at the Welcome screen.

 

Sorry, I guess i should have mentioned this...
I am on cable, and I do not have to do anything to connect, it is "always on".

The modem's send/receive flashes occasionally when at the welcome screen, implying that info is being exchanged and the pc connected. Is that a fair assumption?

I don't know how to check without logging in. It would seem proper to have xp disconnect any net connection when no users are logged in. Does anyone know?

 

Hmm. Not sure.. Good point! - dug this up though - should give you the option of securing the PC.
Lock Computer vs. Welcome Login Screen
Go into Control Panel and open the "User Accounts" applet to change this setting. Click "Change the way users log on or off". For maximum security, uncheck the "Use the Welcome screen" option. This re-enables the use of the "Lock Computer" option from the ALT CTRL DELETE menu, but prevents multiple users from being logged on locally at a single time. This also returns to the Windows 2000 style login screen. If you'd rather have the ability to *not* be able to use "Lock Computer" and would rather allow multiple users to logon to the computer at a single time locally, leave this setting checked and also check "Use Fast User Switching".

 

steeev, thanx for your response.
i already use the classic logon. The locking function only locks out workstation use. I think the net is still connected. Could be wrong though.

Does anyone know whether xp is connected (when using broadband) when no user is logged on (and therefore 3rd party software firewalls inactive)???

sorry to seem obsessed with it, but it seems as though it is, and I have recently become more aware of the sheer number of high level probes lately. My family will often log off but leave the PC running. It seems illogical that xp would maintain a connection when in a vulnerable state but...

 

I have a cable connection, and my computer is connected to the internet regardless if I'm logged in, or if my computer is even on. You can call your ISP and ask them about your service, and they will know for sure what your situation is. Do you have a router, or are you just connected to the modem? I use a router (hardware firewall is best) so that I am always protected.

 

I am not on a router, and your right, the hardware firewall they provide would likely be safest.

I checked with my isp, and they confirm signal and connection at all times. They just couldn't tell me about whether xp, with no users logged on and hence not firewalled, would allow access into the machine if an attacker targeted it.

 

Windows services run from the time the machine is powered up, until it is powered down, irrespective of whether a user is logged in or not. This includes the XP firewall. If you're sitting on a 24x7 connection, you're connected to the 'net 24x7, irrespective of whether a user is logged on locally. Both hardware and software firewalls can permit or deny access to any service, and most are config'd with a high level of "deny" on those ports. Windows firewall is NOT a "serious" firewall: if you want something more reliable, buy something. If your machine is on a 24x7 connection, and you log out, I can still ping your connection, attempt connects to any number of public services not trapped by your router or firewall, IRRESPECTIVE of whether you're logged on locally or not.

User services (bad use of the word "services" here) are running only when a given user is logged on locally.

 

Thank You for the reply solotraveller,

OK, but what if a user is relying on a 3rd party firewall? I'm using zonealarm. So this is a "user service", and doesn't load until a user logs on. Windows XP firewall is shut down when one runs a 3rd party firewall. Or is it active by default when zonealarm is not running...ie, when no user is logged in?

It would seem illogical for the firewall industry, which advertises itself as indispensible to a PC's security, to provide a product that is not active the entire time a PC is connected to the internet. Most users would not consider logged out time as open to the net and vulnerable, but it sounds like that might be the situation.

Can anyone correct or affirm my conclusions?

 

the XP firewall would be no different than Zone Alarm or any other 3rd party firewall. they load when the rest of the services load. it doesn't enable or disable itself based on whether or not you install a 3rd party firewall. its either on (default) or off.

i see what you are saying, but cannot tell whether or not you are vulnerable at the login screen.

 

Would it be possible to have Zone Alarm start up with the boot sequence, i.e. before the login screen is loaded, or does it only work once in the Windows environment?

 

i would doubt it, but can't say for sure.

 

Hi Beef
Zone Alarm basically loads as a 2 part set. It installs the actual firewall first(VSMON.EXE True Vector Service) during the Windows "services" install. After a user logs on or arrives at the "desktop" the gui portion of ZA loads ( along with all the users ZA preferences ). So you have as much protection as the firewall allows. The Windows firewall offers less protection because it fails to stealth the ports. If you are relying on Windows Firewall only - then run GPEDIT.MSC and open:

Local Computer Policy
-->Computer configuration
---->Windows Settings
------->Security Settings
--------->Account Policies
----------->Account Lockout

Choose for editing by double-clicking the "policy"

Policy------------------------------------------------------- Local Setting
-Account lockout duration ------------------------ 30 minutes
-Account lockout threshhold --------------------- 5 invalid logon attempts
-Reset account lockout counter after -------- 30 minutes

Note: Windows XP Home users might not have the policy editor( I'm not sure ).

Anyways, this should slow down those "kiddies" that have nothing to do all night but bang away at your exposed ports (parts?)

 

Wow, thanks prometheos.
So, In summary, I have zonealarm running as soon as the computer boots and the xp services load up...and before a user logs on.

makes more sense.
thanks for clearing that up