2

Normally I switch off wireless on my laptop before I shut it down but I forgot to do this last night. So this morning, after I booted up the laptop, I saw the wireless notification on the bottom right was active long before the antivirus and antimalware notifications.

I am aware that having no notifications pop up does not mean the software is not running but I was wondering if at any point my computer is vulnerable, even if it's for a second or two?

I am using Windows 8.1 64-bit on a TOSHIBA Satellite L50-C-22L laptop.

XaolingBao
  • 897
  • 2
  • 9
  • 21
Joseph
  • 137
  • 6
  • 1
    Well, if we're busy talking about theoretical vulnerabilities, how about considering whether your laptop is vulnerable at firmware level ? – Little Code Jun 14 '16 at 11:03
  • 1
    @LittleCode - I will happily admit I'm not particularly IT savvy but was asking in general if my computer is in any way vulnerable. – Joseph Jun 14 '16 at 11:24
  • 1
    @Joseph, and that's exactly my answer. ;-) In *theory* yes. Your computer runs software (both firmware and OS), software, as we know, is written by humans and rarely represents the panacea of security. Thus *in theory*, yes your computer is vulnerable. Whether *in practice* your computer is vulnerable is impossible for anyone here to say, there are far too many variables (for a start, there are could be different laptop hardware versions, and different patch levels on software). Basically, to put it bluntly, I'm saying your question is unanswerable. – Little Code Jun 14 '16 at 12:04
  • @LittleCode - Well that certainly does sound like an answer now ;). In which case, feel free to vote to close this question if it is indeed too broad to answer. – Joseph Jun 14 '16 at 12:09
  • 2
    I don't think this is too broad at all. You are asking whether the fact that your antivirus does not appear to be running at first is introducing vulnerabilities. I think it can be answered just fine by someone who have the right knowledge. – GdD Jun 14 '16 at 12:36
  • @GdD, nonsense. It is an unanswerable question for the very reason I gave. There are FAR TOO MANY variables to give any sort of sensible answer, and that's before we start thinking about firmware level vulnerabilities. – Little Code Jun 14 '16 at 14:38
  • 1
    I hate when people answer with "well it can be vulnerable..." Yes, it can be vulnerable, even with your anti-virus protecting you as well, but that's not the OP's question. – XaolingBao Jun 21 '16 at 13:00

4 Answers4

2

You do not need to be concerned by this. Windows 8 in particular introduced many new security features and technologies which take direct aim at early boot malware. You can read about these in some depth here: https://technet.microsoft.com/en-us/library/dn283963(v=ws.11).aspx

One introduction for example is ELAM - Early Launch Anti-Malware, which gives antivirus vendors the chance to load a low level protection driver at an extremely early stage during the bootup process. You can read more about that here (https://msdn.microsoft.com/en-us/library/windows/desktop/hh848061(v=vs.85).aspx)

What you should take away from this is that anti-malware software starts up in stages. At each phase of the boot Windows gives AV software the chance to load the next set of protection drivers, firewalls, signature based detection modules, ...

The very last and final piece is the user interface component. Just because your AV software is not yet visible immediately after boot does not mean it is not running - it's been running silently in the background for a long time already. Also, Windows 8 has an extremely well designed and almost impenetrable boot procedure. You need not be concerned - there is no significant risk posed by leaving your wireless enabled over boot, and far less of a risk than navigating to a few websites in your favourite browser. Don't worry about it.

niemiro
  • 162
  • 4
  • 1
    You are focusing on OS level vulns, as I said, there are far too many parameters. You also make the assumption that Windows security features work 100% of the time, in which case, why would Microsoft ever bother to issue security patches ?? – Little Code Jun 14 '16 at 14:39
  • 1
    @LittleCode I was focusing on whether Windows based anti-malware tools are able to start up before their user interface is fully loaded. They are, and I tried to provide some evidence to back up this claim by providing one very specific example of where we know they do - ELAM. – niemiro Jun 14 '16 at 14:56
  • 1
    @niemiro - Thanks, even at a general level this makes a lot of sense ;) – Joseph Jun 16 '16 at 09:20
  • 1
    Note that UEFI is needed for secure boot. This can be checked by running msinfo32. Look for BIOS Mode and Secure Boot State. Detailed steps here: https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2013/09/18/enabling-secure-boot-in-windows-8/ – user2320464 Jun 17 '16 at 17:33
1

In some cases it could be risky to have wireless on even for a second, particularly for those instances when you are connected to a public network.Most guys prefer their laptops to connect to wireless connections automatically which they have ever used, due to which they are in great danger of security breach.Talking about security over wireless networks its not only about your system or the security standards of your system, but its also about the network you are connected to.Security breaches on wireless networks generally occurs on public connections and the risks for the users is very high.If you use a private connection such as the one at your home or office the risk is very less but still it exists, because you never know where the intruder is.So some good security measures should be adapted such as -

(i) Installing a good Antivirus, Internet Security, Anti-Malware and Anti-Spyware software.

(ii) Installing a good firewall software and configuring it properly.

(iii) Avoiding using cracked software, as they pose a great risk of malware injection into your systems.

(iv) Avoiding using public networks as they have a high risk factor.

(v) Using a Virtual Private Network and Anonymizers.

(vi) Updating your System as well as Applications softwares regularly as to have the latest bugs and security fixes.

With these steps, we should also be attentive towards our security and our systems security.

Kavish Baghel
  • 11
  • 2
1

The question should be along the lines of

Is my computer more vulnerable if I leave wireless on while shutting down/booting.

I would say it's "possible," but most likely you are completely fine, if we assume you are up to date with patches and all that good stuff.

I've seen AV Programs that have an option if you want to wait to disable the firewall until the computer shuts down (why you wouldn't wait I don't know), and the Firewall will most likely load before you boot up completely, and possibly have loaded some other protections as well. Your computer's speed will also play a factor in this, as I've seen computers load protection right away, and some it takes a few seconds.

I've also seen an AV where it's Splash Screen will tell you that you are protected(or not), before the GUI is set up. The priority of the AV/Protection applications is to make sure you are protected, then it will load the scanners, the parental control, and all of the other "lesser important" stuff.

I've even seen in some instances where the network wont connect until the GUI, of the AV, is loaded up.

In playing Devil's Advocate, lets say you weren't protected for 5 seconds which is a very generous number IMO. What are the odds someone has found you, and started penetration tests to see if you have an open port to attack, installed malware, or tried to hack you, before your AV actually gets it's protection up?

This is also assuming Windows Firewall/Defender are disabled as well, because those probably are enabled early on.

I would say you are fine, I'm not sure how many people do what you do, but I understand your precautions.

XaolingBao
  • 897
  • 2
  • 9
  • 21
0

"I was wondering if at any point my computer is vulnerable, even if it's for a second or two" Step away from the questions/reasoning of wireless being turned off, or on. You're running Windows 8.1, what is your system (Windows 8.1), and the software running on your laptop vulnerable to. Are your patches up to date, this includes patches for non-MS software.

Wireless (networking) is just a connection mechanism for networking. Remove the wireless, you'd still have ethernet, IrDA, bluetooth. Would you approach this question in the same fashion? "My laptop is running IrDA... Am I vulnerable?!?" The question is so broad. So let's focus on tackling/isolating vulnerabilities:

  • Patch your system (Windows update
  • Patch your software (Adobe, Firefox, etc)
  • Principle of least privilege (avoid using admin roles/privilege)
  • Sanitize (antimalware, antivirus)
  • Isolate (firewalls, blacklist, HIPS)

Nessus Personal use is free. Run it against your system, find the issues, fix. Rinse and repeat. Running wireless is not a vulnerability, unless of course you're running WEP, but even then, the AP is vulnerable, and can be leveraged to find OTHER vulnerabilities on your laptop.

munkeyoto
  • 8,682
  • 16
  • 31
  • 2
    You are making more out of this than needs to be @munkeyoto. The question is actually pretty focused, asking whether your computer is more vulnerable to attacks before antivirus appears in the notification icons. – GdD Jun 14 '16 at 12:39
  • @GdD it is a question that can never be answered unless vulnerabilities are explained. If the system is locked down (updated, firewalled, patched) neither having AV start before or after wireless impacts/affects the state of security. "Am I more or less vulnerable at this state?" ... "Vulnerable to what?" What is there to attack. – munkeyoto Jun 14 '16 at 12:45
  • Sure it can be answered, very simply in fact @munkeyoto. Is antivirus running before the icon shows up or not? That's the question, not "what is a vulnerability" – GdD Jun 14 '16 at 12:48
  • Apologies I misread: "I was wondering if at any point my computer is vulnerable" I answered based on that interpretation which is very straight forward – munkeyoto Jun 14 '16 at 12:50
  • @munkeyoto your answer completely ignores other vulnerabilities such as firmware level. The question is far too broad to give a sensible answer. – Little Code Jun 14 '16 at 14:40
  • @LittleCode you didn't read the part where I mentioned: "This question is so broad" nor did you take distinct notes: "running Windows 8.1..." "disk tray icon" there is absolutely no mention of anything to the tune: "What outside of Windows should I be aware of." But let's follow your logic, since he is talking about turning wireless off and on... So be boots up, where does he turn wireless off or on on the bootsequence? What will handle that stack? – munkeyoto Jun 14 '16 at 16:08