Microsoft 'fix' cripples ZoneAlarm users.
Results 1 to 9 of 9

Thread: Microsoft 'fix' cripples ZoneAlarm users.

  1. #1
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Cool Microsoft 'fix' cripples ZoneAlarm users.

    http://www.vnunet.com/vnunet/news/22...-fix-kills-web

    Hundreds of thousands of ZoneAlarm firewall users have been locked out of the internet by Microsoft's latest round of software updates.

    Microsoft released four 'important' fixes as part of its regular Patch Tuesday update, one of which left ZoneAlarm users with out web access.

    The MS08-037 fix is designed to plug a vulnerability in Windows' implementations of the Domain Name System protocol, but has been responsible for "compatibility issues " with ZoneAlarm.

    A spokesman for ZoneLabs, the Check Point subsidiary which manufacturers ZoneAlarm, told vnunet.com that the company became aware of the problem late last night when US users began downloading the Microsoft code.

    ZoneLabs advises users of ZoneAlarm to remove the Microsoft update as a workaround until it has created a more satisfactory solution to the problem. The company has set up a forum to help keep users informed.

    The forum moderator states: "We are investigating the issue with the Microsoft update KB951748. For the time being we suggest you uninstall KB951748 until the issue has been resolved. We will post when we have more information."

    Some users of the firm's forums have discovered that downgrading the firewall's security from High to Medium for the internet fixes the problem, but this is not advised by ZoneLabs.

    A user by the name of 'PokeyCA' wrote: "By now, everyone who is using ZA, knows that Microsoft's update KB951748 broke ZA.

    "The reason that it broke ZA is that Microsoft had to expand the randomness that the DNS client uses when asking for UDP ports to go to DNS servers.

    "ZA only looks for these requests in a certain range of UDP ports, but with the new DNS client (note that IE has not changed, but some of the base networking programs (svchost.exe)), ZA sees requests outside of this range and blocks them. Therefore, Internet is broken.

    "Unfortunately, Microsoft didn't tell firewall manufacturers (hardware and software) that they were updating this."
    I love this little statement.
    For the time being we suggest you uninstall KB951748 until the issue has been resolved
    Or maybe just un-install winblows and install Debian. lol

  2. #2
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Question Workaround to Sudden Loss of Internet Access Problem.

    http://download.zonealarm.com/bin/fr...cessIssue.html

    Date Last Revised : 9 July 2008

    Overview : Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users on Windows XP/2000. Windows Vista users are not affected.

    Impact : Sudden loss of internet access

    Platforms Affected : ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Anti-Spyware, and ZoneAlarm Security Suite

    Recommended Actions -

    Download and install latest versions here:
    # ZoneAlarm Internet Security Suite
    # Come back here for other product versions to be released soon - or follow the directions below.

    Option 1: Move Internet Zone slider to Medium

    1. Navigate to the "ZoneAlarm Firewall" panel
    2. Click on the "Firewall" tab
    3. Move the "Internet Zone" slider to medium

    Option 2: Uninstall the hotfix

    1. Click the "Start Menu"
    2. Click "Control Panel", or click "Settings" then "Control Panel"
    3. Click on "Add or Remove Programs"
    4. On the top of the add/remove programs dialog box, you should see a checkbox that says "show updates". Select this checkbox
    5. Scroll down until you see "Security update for Windows (KB951748)"
    6. Click "Remove" to uninstall the hotfix

  3. #3
    Quote Originally Posted by t34b4g5
    http://www.vnunet.com/vnunet/news/22...-fix-kills-web



    I love this little statement.


    Or maybe just un-install winblows and install Debian. lol
    Debian had to fix the same hole, smartass

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Smile

    Debian had to fix the same hole, smartass
    Well it hasn't affected my Debian machine, nor my laptop running Debian,
    Nor numerous Debian workstations were i work either.

    And i haven't heard of other Debian user's experiencing the problem either....

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    and you run zone alarm on that debian machine????

    oh thats right...no need

    only winblows is vulnerable to worms, trojans, and malware attacks

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Firstly, if you follow t34b4g5 link above you will find that the page has been updated with fixes for all the other ZA products.

    If you look more closely you will see that the real issue is one of third party vendors interfacing with proprietary closed source operating systems. With Windows 2000 and XP, Microsoft did not encourage third parties to hook to the Windows kernel, so there were no guidelines or documentation.

    Vendors just "did their own thing" and it so happens that ZA's method fell foul of Microsoft's method of fixing the DNS hole. In fact, what happened was that ZA saw Windows doing strange things and blocked the internet connection accordingly. So, it was ZA's product that caused the issue............... you might even describe it as "the mother of all false positives"

    Kernel hooking for Vista is documented, which is why there were no problems with that OS.

    EDIT:

    I have now tested the new ZA version with Microsoft's KB951748 installed on both Windows XP SP3 and 2000 SP4 and everything works just fine

    @ MLF

    Debian is vulnerable, according to CERT:

    http://www.kb.cert.org/vuls/id/MIMG-7ECL6S
    Last edited by nihil; July 10th, 2008 at 04:52 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Let me guess, your VCR wasn't playing dvds correctly... so you decided to install Debian.

  8. #8
    In fact, what happened was that ZA saw Windows doing strange things and blocked the internet connection accordingly.
    Wait, so ZA is marking Windows as untrusted?

    It's been a while since I toyed with ZA (not exactly a fan of it), but couldn't you just go tweak settings to trust connections coming from Windows/that patch/whatever?

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    AK,

    Wait, so ZA is marking Windows as untrusted?
    ZA is working at the kernel (lowest) level here so I don't suppose it even knows, or cares if it is Windows. It spots unauthorised traffic and blocks the internet. I would guess that these rules are effectively hardcoded into the ZA engine.

    but couldn't you just go tweak settings to trust connections coming from Windows/that patch/whatever?
    Not really, you are talking more at the user level there. What the patch did was change the way that Windows worked, from that which ZA had been programmed to expect. This is outside of (below the level of) user control.

    Another problem is that with ZA and similar products, you actually authorise applications. You can authorise internet explorer, but not the operating system that it is running on.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. Using Vim basics
    By gore in forum Other Tutorials Forum
    Replies: 10
    Last Post: March 28th, 2005, 08:38 AM
  2. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 05:31 AM
  3. Heads up re upcoming Sept M$ patches
    By ric-o in forum Microsoft Security Discussions
    Replies: 8
    Last Post: September 15th, 2004, 08:01 AM
  4. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  5. Evolution of a Linux User
    By gore in forum Tech Humor
    Replies: 9
    Last Post: October 1st, 2003, 09:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •