July 10th, 2008, 02:49 AM
Microsoft 'fix' cripples ZoneAlarm users.
I love this little statement.
Hundreds of thousands of ZoneAlarm firewall users have been locked out of the internet by Microsoft's latest round of software updates.
Microsoft released four 'important' fixes as part of its regular Patch Tuesday update, one of which left ZoneAlarm users with out web access.
The MS08-037 fix is designed to plug a vulnerability in Windows' implementations of the Domain Name System protocol, but has been responsible for "compatibility issues " with ZoneAlarm.
A spokesman for ZoneLabs, the Check Point subsidiary which manufacturers ZoneAlarm, told vnunet.com that the company became aware of the problem late last night when US users began downloading the Microsoft code.
ZoneLabs advises users of ZoneAlarm to remove the Microsoft update as a workaround until it has created a more satisfactory solution to the problem. The company has set up a forum to help keep users informed.
The forum moderator states: "We are investigating the issue with the Microsoft update KB951748. For the time being we suggest you uninstall KB951748 until the issue has been resolved. We will post when we have more information."
Some users of the firm's forums have discovered that downgrading the firewall's security from High to Medium for the internet fixes the problem, but this is not advised by ZoneLabs.
A user by the name of 'PokeyCA' wrote: "By now, everyone who is using ZA, knows that Microsoft's update KB951748 broke ZA.
"The reason that it broke ZA is that Microsoft had to expand the randomness that the DNS client uses when asking for UDP ports to go to DNS servers.
"ZA only looks for these requests in a certain range of UDP ports, but with the new DNS client (note that IE has not changed, but some of the base networking programs (svchost.exe)), ZA sees requests outside of this range and blocks them. Therefore, Internet is broken.
"Unfortunately, Microsoft didn't tell firewall manufacturers (hardware and software) that they were updating this."
Or maybe just un-install winblows and install Debian. lol
For the time being we suggest you uninstall KB951748 until the issue has been resolved
July 10th, 2008, 02:52 AM
Workaround to Sudden Loss of Internet Access Problem.
Date Last Revised : 9 July 2008
Overview : Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users on Windows XP/2000. Windows Vista users are not affected.
Impact : Sudden loss of internet access
Platforms Affected : ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Anti-Spyware, and ZoneAlarm Security Suite
Recommended Actions -
Download and install latest versions here:
# ZoneAlarm Internet Security Suite
# Come back here for other product versions to be released soon - or follow the directions below.
Option 1: Move Internet Zone slider to Medium
1. Navigate to the "ZoneAlarm Firewall" panel
2. Click on the "Firewall" tab
3. Move the "Internet Zone" slider to medium
Option 2: Uninstall the hotfix
1. Click the "Start Menu"
2. Click "Control Panel", or click "Settings" then "Control Panel"
3. Click on "Add or Remove Programs"
4. On the top of the add/remove programs dialog box, you should see a checkbox that says "show updates". Select this checkbox
5. Scroll down until you see "Security update for Windows (KB951748)"
6. Click "Remove" to uninstall the hotfix
July 10th, 2008, 05:36 AM
Debian had to fix the same hole, smartass
Originally Posted by t34b4g5
July 10th, 2008, 09:03 AM
Well it hasn't affected my Debian machine, nor my laptop running Debian,
Debian had to fix the same hole, smartass
Nor numerous Debian workstations were i work either.
And i haven't heard of other Debian user's experiencing the problem either....
July 10th, 2008, 02:17 PM
and you run zone alarm on that debian machine????
oh thats right...no need
only winblows is vulnerable to worms, trojans, and malware attacks
How people treat you is their karma- how you react is yours-Wayne Dyer
July 10th, 2008, 03:01 PM
July 10th, 2008, 03:47 PM
Let me guess, your VCR wasn't playing dvds correctly... so you decided to install Debian.
July 10th, 2008, 03:49 PM
Wait, so ZA is marking Windows as untrusted?
In fact, what happened was that ZA saw Windows doing strange things and blocked the internet connection accordingly.
It's been a while since I toyed with ZA (not exactly a fan of it), but couldn't you just go tweak settings to trust connections coming from Windows/that patch/whatever?
July 10th, 2008, 04:17 PM
ZA is working at the kernel (lowest) level here so I don't suppose it even knows, or cares if it is Windows. It spots unauthorised traffic and blocks the internet. I would guess that these rules are effectively hardcoded into the ZA engine.
Wait, so ZA is marking Windows
Not really, you are talking more at the user level there. What the patch did was change the way that Windows worked, from that which ZA had been programmed to expect. This is outside of (below the level of) user control.
but couldn't you just go tweak settings to trust connections coming from Windows/that patch/whatever?
Another problem is that with ZA and similar products, you actually authorise applications. You can authorise internet explorer, but not the operating system that it is running on.
By gore in forum Other Tutorials Forum
Last Post: March 28th, 2005, 07:38 AM
By mohaughn in forum Microsoft Security Discussions
Last Post: October 13th, 2004, 04:31 AM
By ric-o in forum Microsoft Security Discussions
Last Post: September 15th, 2004, 07:01 AM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM
By gore in forum Tech Humor
Last Post: October 1st, 2003, 08:53 PM