Autostarting Firewall as early as possible?

[Oliver]

Does someone of my fellow JREF computer geeks know how to get a program to be the very, very first [third-party] software to autostart during the boot sequence in Windows [XP]?

I want my Software-Firewall to be the first software to be active before any other software is being loaded - to protect my system from the earliest possible point on, but I don't know where to add my firewall among all the different autostart places and their different - and to me unknown - priorities during startup:

• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
• HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
• HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
• WIN.INI
• System.ini
• Autostart Folder [Start > Programs > Startup ]
• ...

 

[Oliver]

And I just found another problem: I can't delete or manipulate the Autorun-Registry-Entry of my Firewall.

 

[DallasDad]

A firewall should be a service rather than a foreground application. Services run even when no one is logged on, and can be configured to start in a controlled order.

 

[Oliver]

A firewall should be a service rather than a foreground application. Services run even when no one is logged on, and can be configured to start in a controlled order.

Thank you for your reply, DallasDad. After your hint I realized that my Firewall starts as a service as well, so the autostart entries merely refer to the Firewalls GUI while the Firewall itself starts before the log on ...
​

 

[Soapy Sam]

So long as your security is active before you go online, or load anything, does it really matter if it's the first thing running?

 

[grmcdorman]

It does if the network you're connected to is untrusted. This can happen if, say, your Internet connection is through a direct connection, or a poorly firewalled device.

PPPOE, if your computer is managing it, and it starts before you log on, is also a potential issue. However, virtually all consumer-grade routers support PPPOE now; and even when the PPPOE client was on your computer, it typically didn't connect until you signed on anway.

Bottom line: for most people it's a moot point. However, for a few people it is important.

 

[theprestige]

Make the services that provide or use network connectivity, dependencies of the firewall service. That way, there's no network connection available or in use until after the firewall starts.

Also, are you talking about a firewall proper, with rules about source and destination IPs, permitted protocols, ports opened and closed, etc.?

If so, there's some other things to focus on.

First, inbound traffic. It's not like you connect to a network and all of a sudden, teh haxxorz! Traffic has to come in on specific ports, and there has to be something listening on those ports.

If you're worried about somebody exploiting SQL server, then simply don't run SQL server. If it's not listening on port 1433, then that untrusted network could hammer away at port 1433 all day long without risk, and you need no firewall at all.

If you must run SQL server, run it on a non-standard port.

If you're worried about attacks against SQL server on nonstandard ports, then you turn on a firewall, make a rule about which specific IPs are allowed to send you traffic on those ports, and don't fire up SQL server until after the firewall is started (that's where the service dependency comes in).

If you're worried that the computers on your trusted IP list will be exploited and used to attack your SQL server, you're past the point where a firewall can help you (since its rules specifically allow the attack traffic). At that point, you'll want to look to the other layers of computer security: Up-to-date patches, the security best practices for configuring SQL server, a good anti-virus system, and (if you're really serious) a good intrusion detection system.

But really, the bottom line is, don't run anything that listens for inbound traffic. If you do, put rules in your firewall to only accept inbound traffic from trusted hosts, and don't start those apps until after your firewall starts.