When I’m not using the internet, I put the Comodo Firewall on Block All Mode. Sometimes I forget to enable it when I shut down at night and when I start up in the morning, I have to unblock it and repair the network connection or unblock and restart.
This morning when turned on the computer, the firewall was in blocked mode, a few seconds later, Avast came up saying there was a new program available. Now how did that happen if the computer was in Block All Mode? Avast apparently had time to phone home before Comodo loaded.
The only thing I can figure is that programs load at start up in the order they were installed. Avast was installed immediately after the OS, and then Comodo.
My question is, is there anyway to alter the queue and indicate what you want to start first? I’d like Comodo to be loaded first then Avast and then everything else.
I would also be very surprised if installation order meant any change, or at least the intended change. It’s Windows who starts the processes and decides any order; I don’t know why or how though.
There’s nothing wrong about the robustness of the Windows firewall as far as I know, although I’m not sure what “robust” would mean in this context. I never saw it crashing or otherwise causing trouble, that’s for sure. The only thing about the Windows firewall is that it doesn’t protect against leaks from malware, but if you want inbound filtering only, then it’s OK, and it will do that job well all the times.
The reason I believe that at start up, programs load in the order they are installed on the computer is because of the registry. Once you have the OS up and running and start installing other programs, their parms are written in the registry which it would seem would be in the order of which they were written to the registry. When you boot up a computer, there is obviously something that tells the computer what to load next once the OS is up and running in an orderly fashion. Otherwise you’d have programs duking it out to be first.
I also can see a graphic representation of it on the task bar. The first icon I see come up is Avast, then Comodo, then Acronis, etc. etc. All in the order of which they were installed.
Somewhere there must be a registry key or keys that tells the OS what to load next at boot. It also got me thinking that if there is a lag time for Comodo load and run, that it could be an exploitable loophole. Maybe that’s how some viruses are able to drop firewalls and antivirus. They use that lag time by jumping ahead of everything else when a computer boots up. Perhaps the next generation will be a firewall at the BIOS level.
And Japo is right … windows firewall stops things from coming in, but lets anyone and anything go out.
So where is the registry key or file that tells the OS what to load at boot up?
I have installed Avast after Comodo and it loads before Comodo.
Yes, boot virii can get around a firewall or AV that hasn’t initiated yet. Or if some malicious attack happens to hit you at just the right time (as you are booting) you can be at risk. The odds of just happening to get the timing right are quite high though.
As far as I’m aware, there is no reliable way to ensure which applications boot first. There are however, applications that basically start your apps by a script. You basically tell the applications not to start when Windows starts, then the loader program manually starts each application in the order you specify. Some can even specify a delay to ensure the previous application is fully loaded before starting the other. A google search should turn some of these up.
Edit: Also be aware that the time the icon shows up in the taskbar doesn’t really give an indication of when the actual service was started. The service may have started a second or two prior to the icon popping up.
You can’t judge a firewall by the lag time between when the PC boots up and when its tray icon is loaded. The CIS drivers (cmdagent.exe) start up way back in the kernel level and the tray icon loads later, which is the GUI (cfp.exe).
As far as I know you can’t control Windows related stuff and services but you can use a tool like freeware Start Up Delayer to delay exe’s to start as desired: Available Products for download | r2 Studios . Not sure it may help TS but it is a nice tool.