M
marx404
This is old news, but as I have been comparing ICF (Internet Connection
Firewall in XP) to ZoneAlarm, I came across this in Technet:
Internet Connection Firewall Does Not Filter or Provide Firewall Services
During Startup and Shutdown
http://support.microsoft.com/default.aspx?scid=kb;EN-US;323009
This article was previously published under Q323009
SYMPTOMS
When you start or shut down your Windows XP-based computer, the Internet
Connection Firewall (ICF) does not filter or provide firewall services.
During the startup or shutdown process, users can connect to your computer
or to any program or service that may be available. Note that other than
these two times, ICF works correctly.
CAUSE
This issue occurs because during startup and shutdown, the user-mode service
is not available. Because of this, the filter driver does not know which
policy to enforce, and does not filter anything.
So, assuming that you are shutting down or booting up and your IP is being
bombarded with a trojan attack, there is a chance of the attack being
sucessful if ICF drivers haven't loaded yet. I see this as a probable
scenario for ppl who are on a broadband connection and using auto-logins
(ie: via Powertoys).
I went back to ZA immediately upon seeing this bug in ICF. Or does ZA work
in the same manner? Is an open network connection created before ZA drivers
load?
Firewall in XP) to ZoneAlarm, I came across this in Technet:
Internet Connection Firewall Does Not Filter or Provide Firewall Services
During Startup and Shutdown
http://support.microsoft.com/default.aspx?scid=kb;EN-US;323009
This article was previously published under Q323009
SYMPTOMS
When you start or shut down your Windows XP-based computer, the Internet
Connection Firewall (ICF) does not filter or provide firewall services.
During the startup or shutdown process, users can connect to your computer
or to any program or service that may be available. Note that other than
these two times, ICF works correctly.
CAUSE
This issue occurs because during startup and shutdown, the user-mode service
is not available. Because of this, the filter driver does not know which
policy to enforce, and does not filter anything.
So, assuming that you are shutting down or booting up and your IP is being
bombarded with a trojan attack, there is a chance of the attack being
sucessful if ICF drivers haven't loaded yet. I see this as a probable
scenario for ppl who are on a broadband connection and using auto-logins
(ie: via Powertoys).
I went back to ZA immediately upon seeing this bug in ICF. Or does ZA work
in the same manner? Is an open network connection created before ZA drivers
load?