David Beder said:
At the time of this article's authoring, the statement might have been
accurate. The software packages which are making use of the boot-time
interfaces with the new Vista tcpip stack might have still been in Beta
stages.
I am not certain that WFP and BEF are bullet proof protection due to the
fact that BEF is a service. I have not tested it, but if that BEF service is
knocked out, and I don't see why malware couldn't knock out that BEF
service, then it's over. I would say the same thing about a 3rd party FW
service interfacing with WFP is if that FW service can be knocked out, it's
over on any type of protection.
I'm not certain the statement was completely true for XP, but there's room
for symantic differences on what's a firewall and what's an IDS. eg, I
think Black Ice was able to protect during boot-time, though not
necessarily at the exact second we'd consider boot-time as beginning.
Well, I can tell you that Black Ice wasn't stopping anything on XP at system
boot when I was using it, which I used Black Ice for many years and knew how
to use it very well.
I tested BI's boot security using Gator at the time. I set all kind of FW
rules to stop Gator on inbound from its site IP(s) and went to BI's
Application Control and set rules to stop Gator. Then I installed Active
Ports and put it in the start-up folder so that I could see connections when
I booted and logged into the machine.
Active Ports showed that connections were established by Gator, and its
subcomponents via Svchost.exe to its sites. Black Ice wasn't stopping
anything at system boot.
Nor were any of the other 3rd party solutions that I tested like ZA,
Sysgate, Norton, McAfee, Outpost etc, etc were stopping Gator at system
boot,
That's when I decided that in order to protect what I needed to protect,
like IIS, SQL Server, etc, etc, I needed put the machines behind a FW
appliance like the Watchgurad that I use. Any host based FW solutions
running on the machine are disabled as they are not needed from my viewpoint
sitting behind the FW appliance.
Don't get me wrong now, when a machine has a direct connection to the modem
and to the Internet when I do that, I need a personal FW running to protect
from the Internet. But I also know that nothing that's running with the O/S
such as a personal host based FW/packet filter is not bullet proof.