When a computer boots up and gets to the network password screen if it is left like that is it vunerable to being hacked as the antivirus and firewall have not loaded or is it safe as nothing has loaded yet?

Anyone can punch the on button and get it to that screen so why would it be any less safe if you already did it for them?
Don't worry about that, worry about downloaded attachments!

I am not sure you have understood me or I have not understood you. I have a few computers one of which is suffering from random reboots but thats another story. But as I sit here on my comp the family comp has partly rebooted and is waiting at the screen that says "enter network password" and you can enter password or click cancel. When it is at this stage the computer is on and conected to internet via broadband cable but the firewall and antivirus is not loaded as the computer is not fully booted is it technically able to be hacked at this point?

im not a expert or anything but I think it is loaded in the login screen. Press CTRL-ALT-DEL and see whats running. I have AVG running on a win 95 machine and I had NIS on a ME before and they both ran in the login screen.

Sorry my error I was thinking more of like in an office environment , someone with physical access to your computer.

But I still think you are safe because computer hasn't loaded any programs till it gets password. No browser running etc. This is just conjecture though ,hopefully someone with more knowledge will shed some light on it.

that is a good question, i have often wondered it myself...
i always assume it is safe because there aren't really any processes running... so i assumed that network connections aren't made at that point..
i could be wrong though.

On a XP Pro box, nothings loaded yet, so it is "safe" if I understand you correctly.

HTH

TwoRails

Thanks all that is what I thought now all I have to do is save some cash to upgrade the pile of junk and hope it takes lots of parts to solve the reboot problem:D:D:D

Don't you have to be logged into your network before your computer is connected to the internet?

Came upon this thread a tad late, but hopefully you will check back into it. My answer differs from most of the others out here: If you are worried about a vulnerability such as being hacked or getting a virus, while not being logged in, well the difference in security between a logged in user (and inactive) and a booted up system without a user is pretty much the same.
When your computer boots up and waits for you to login, pretty much EVERY process & service has been loaded up. It's just the final few processes that need to be loaded up between the time you type in your password and login, and when you have your desktop. Most of what is then loaded up is largely environment specific information (your wallpaper, your personal startup programs like Windows Messenger service etc etc).
Want proof? Start up a windows computer, that is networked on a LAN (with drive sharing etc etc) - dont bother logging in - now go to your other networked computer, you will be able to see your networked and shared drives etc. You can ping the idle system.

Which is not to say that your computer is now wholly vulnerable either. It has pretty much the same level of protection as when you are logged in - provided you are using a decent antivirus program/software firewall etc etc (in some instances its safer, without the user because then you dont get into user related faux pas'). Most self-respecting antivirus manufacturers have their scanning engines working as a service, which means that it is part of the boot sequence and is loaded up BEFORE you log in.

Want further proof? Go to CONTROL PANEL > Administrative Tools > Event Viewer :: Go to the System Logs area Check out the services and activities that have been performed even before you have logged in.

Of course there are certain activities that are restricted when you arent logged in, like email attachments or rogue scripting from websites - but it doesnt mean you should have a sense of security about your system when you havent logged in unless you have taken PROPER measures to secure it.

Thanks for that Statica thats very interesting and useful to know.

I thought that when your not logged on your computer is completly locked down.

It is kind of a moot point. If you have the option to click Cancel, that means that you are either running Windows 95/98/ME which means security is non-existant anyway.

Originally posted by CrazyMike
I thought that when your not logged on your computer is completly locked down.

No, as Statica pointed out Windows services run regardless of whether a user is logged on. This makes sense: if you have a file server, you want to be able to access the files stored on it without having a person actually log onto that physical machine.

Originally posted by doctorgonzo
No, as Statica pointed out Windows services run regardless of whether a user is logged on. This makes sense: if you have a file server, you want to be able to access the files stored on it without having a person actually log onto that physical machine.
It is also particularly helpful if you need to push patches out, do virus scans, defrag, etc.

Sorry for the delay... Thanks for the info, Statica. For giggles I fired up my Host box but didn't go past the log on screen. I then fired up the Client box, and sure enough, I was able to get email and surf on the client box!

TwoRails