FIX for ZoneAlarm & KB951748 issue released
![PA Bear [MS MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXsf05hH-R8XChS3fXPPzfoO8FYYxAKhT86KfPnIELr3QJ9tQ=s40-c)
PA Bear [MS MVP]
Security Home Users newsgroups]
Resolution [was Workaround] for Sudden Loss of Internet Access Problem
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
(revised multiple times since release on 08 July 2008)
NB: Do NOT use Option #2 if at all possible! The vulnerability addressed by
KB951748 *is* a big deal! See
http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
Want to consider other, more highly-rated firewalls?
http://www.matousec.com/projects/firewall-challenge/results.php
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Charles Lee
update... all releases covered, from basic to the full suite
Follow the link below, download new update version of ZA 70.483.000, and
then download the security update KB 951748 afterwards.
I have done all pc's on my home network... all back to normal....
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:uexAfNp4...@TK2MSFTNGP03.phx.gbl...
PA Bear [MS MVP]
Pat
PA Bear [MS MVP]
Nunya Bidnits
---- Original Message ----
From: Charles Lee
Newsgroups:
microsoft.public.internetexplorer.general,microsoft.public.security,microsof
t.public.security.homeusers,microsoft.public.windowsupdate,microsoft.public.
windowsxp.general
Sent: Thursday, July 10, 2008 9:09 AM Subject: Re: FIX for ZoneAlarm &
KB951748 issue released
> problems are now fixed with security update & ZA in ZoneAlarms latest
> update... all releases covered, from basic to the full suite
>
> Follow the link below, download new update version of ZA 70.483.000,
> and
> then download the security update KB 951748 afterwards.
> I have done all pc's on my home network... all back to normal....
>
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
There's no new version of ZA on that page. ZA update does not find a new
version either. All that says on that ZA page is to lower your Internet
security. I have free ZA version 7.0.470.000, supposedly the most recent.
I use Firefox. It does not offer a security "slider". In any case its rather
silly to reduce your internet security so that your MS "security" update
won't prevent use of a browser. So far my only success has been with
uninstalling the security update. But I understand its an important update.
I run W2000 pro / Firefox 3.
So does this mean the options are, do without an important security update,
or reduce your security to an unacceptable (to me and many others) level so
that the update won't shut down browsing, but due to the lowered security,
browsing will now be less secure?
This is nuts.
MartyB in KC
Big_Al
> Charles Lee wrote:
> ---- Original Message ----
> From: Charles Lee
> Newsgroups:
> microsoft.public.internetexplorer.general,microsoft.public.security,microsof
> t.public.security.homeusers,microsoft.public.windowsupdate,microsoft.public.
> windowsxp.general
> Sent: Thursday, July 10, 2008 9:09 AM Subject: Re: FIX for ZoneAlarm &
> KB951748 issue released
>
>> problems are now fixed with security update & ZA in ZoneAlarms latest
>> update... all releases covered, from basic to the full suite
>>
>> Follow the link below, download new update version of ZA 70.483.000,
>> and
>> then download the security update KB 951748 afterwards.
>> I have done all pc's on my home network... all back to normal....
>>
> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
>
> There's no new version of ZA on that page. ZA update does not find a new
> version either. All that says on that ZA page is to lower your Internet
> security. I have free ZA version 7.0.470.000, supposedly the most recent.
>
> MartyB in KC
>
There is! Just look in "recommended actions", This is the link to the
free version. But if you use something else, just click the version
you have and download it.
http://download.zonealarm.com/bin/free/1025_zl/zlsSetup_70_483_000_en.exe
It works great for me. I loaded the KB patch and screwed my system,
loaded the new ZA that had been downloaded before the KB update. And
bingo all is well, ZA and MS working together.
MowGreen [MVP]
the links to the various products go to V. 70.483.000.
Here's the links:
ZoneAlarm Internet Security Suite
http://download.zonealarm.com/bin/free/1043_zl/zaSuiteSetup_70_483_000_en.exe
ZoneAlarm Pro
http://download.zonealarm.com/bin/free/1043_zl/zapSetup_70_483_000_en.exe
ZoneAlarm Antivirus
http://download.zonealarm.com/bin/free/1043_zl/zaAvSetup_70_483_000_en.exe
ZoneAlarm Anti-Spyware
http://download.zonealarm.com/bin/free/1043_zl/zaasSetup_70_483_000_en.exe
ZoneAlarm Basic Firewall
http://download.zonealarm.com/bin/free/1025_zl/zlsSetup_70_483_000_en.exe
Frankly speaking, uninstalling ZA and obtaining a firewall that will
protect the system and not cause updating issues is possible:
Firewall Challenge
http://www.matousec.com/projects/firewall-challenge/results.php
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
PA Bear [MS MVP]
> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
>
> There's no new version of ZA on that page.
Look again.
Nunya Bidnits
I have looked over and over again. The link was pasted in from the newsgroup
posts.
Here is exactly, and only, what I see when I go to that page, cut and
pasted...
Severity: High
Workaround to Sudden Loss of Internet Access Problem
Date Published : 8 July 2008
Date Last Revised : 9 July 2008
Overview : Microsoft Update KB951748 is known to cause loss of
internet access for ZoneAlarm users
Impact : Sudden loss of internet access
Platforms Affected : ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm
AntiVirus, ZoneAlarm Anti-Spyware, and ZoneAlarm Security Suite
Recommended Actions -
Option 1: Move Internet Zone slider to Medium
1.. Navigate to the "ZoneAlarm Firewall" panel
2.. Click on the "Overview" tab
3.. Move the "Internet Zone" slider to medium
Option 2: Uninstall the hotfix
1.. Click the "Start Menu"
2.. Click "Control Panel", or click "Settings" then "Control
Panel"
3.. Click on "Add or Remove Programs"
4.. On the top of the add/remove programs dialog box, you
should see a checkbox that says "show updates". Select this checkbox
5.. Scroll down until you see "Security update for Windows
(KB951748)"
6.. Click "Remove" to uninstall the hotfix
Contact : Check Point customers who are concerned about
information contained in this advisory or have additional technical
questions may reach our Technical Support team at:
http://www.zonealarm.com/store/content/support/support.jsp. To report
security issues with Check Point products contact
securit...@checkpoint.com.
Disclaimer : The information in the advisory is believed to be
accurate at the time of publishing based on currently available information.
Use of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the author
nor the publisher accepts any liability for any direct, indirect, or
consequential loss or damage arising from use of, or reliance on, this
information. Check Point and Check Point products, are registered trademarks
of Check Point Incorporated and/or affiliated companies in the United States
and other countries. All other registered and unregistered trademarks
represented in this document are the sole property of their respective
companies/owners.
Copyright : Check Point Software Technologies Ltd.
www.checkpoint.com, is a leader in securing the Internet. The company is a
market leader in the worldwide enterprise firewall, personal firewall, data
security and VPN markets. Check PointÂ's PURE focus is on IT security with
its extensive portfolio of network security, data security and security
management solutions. Through its NGX platform, Check Point delivers a
unified security architecture for a broad range of security solutions to
protect business communications and resources for corporate networks and
applications, remote employees, branch offices and partner extranets. The
company also offers market leading data security solutions through the
Pointsec product line, protecting and encrypting sensitive corporate
information stored on PCs and other mobile computing devices. Check Point's
award-winning ZoneAlarm Internet Security Suite and additional consumer
security solutions protect millions of consumer PCs from hackers, spyware
and data theft. Extending the power of the Check Point solution is its Open
Platform for Security (OPSEC), the industry's framework and alliance for
integration and interoperability with "best-of-breed" solutions from
hundreds of leading companies. Check Point solutions are sold, integrated
and serviced by a network of Check Point partners around the world and its
customers include 100 percent of Fortune 100 companies and tens of thousands
of businesses and organizations of all sizes. ©2003Â-2007 Check Point
Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor,
Application Intelligence, Check Point Express, Check Point Express CI, the
Check Point logo, Check Point Pointsec Protector, ClusterXL, Confidence
Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative
Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Dynamic
Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia
Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1,
Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL,
Integrity, Integrity Clientless Security, Integrity SecureClient,
InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension,
OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Policy Lifecycle Management,
Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile,
SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote,
SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Sentivist,
SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power,
SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard,
SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap,
SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter,
SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful
Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address
Mapping, UTM-1, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express,
VPN-1 Express CI, VPN-1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1
SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM
Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware,
ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro,
ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are
trademarks or registered trademarks of Check Point Software Technologies
Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies,
Inc. Company. All other product names mentioned herein are trademarks or
registered trademarks of their respective owners. The products described in
this document are protected by U.S. Patent No. 5,606,668, 5,835,726,
5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be
protected by other U.S. Patents, foreign patents, or pending applications.
Any reproduction of this alert other than as an unmodified copy of this file
requires authorization from Check Point. Permission to electronically
redistribute this alert in its unmodified form is granted. All other rights,
including the use of other media, are reserved by Check Point Software
Technologies Inc.
Partners | Site Map | Privacy Policy | Terms of Use | Contact Us
©2003-2008 Check Point Software Technologies Ltd. All rights reserved.
The TRUSTe program covers only information that is collected through
this Web site, and does not cover information that may be collected through
software downloaded from the site. Use of the Circuit City name and/or logo
is by permission of Circuit City Stores, Inc. Circuit City is not a sponsor
of this program or offer.
Galen Somerville
Galen
Nunya Bidnits
> Sorry, but there ARE links to the latest Version on that page. All of
> the links to the various products go to V. 70.483.000.
> Here's the links:
> ZoneAlarm Internet Security Suite
>
http://download.zonealarm.com/bin/free/1043_zl/zaSuiteSetup_70_483_000_en.exe
> ZoneAlarm Pro
> http://download.zonealarm.com/bin/free/1043_zl/zapSetup_70_483_000_en.exe
> ZoneAlarm Antivirus
> http://download.zonealarm.com/bin/free/1043_zl/zaAvSetup_70_483_000_en.exe
> ZoneAlarm Anti-Spyware
> http://download.zonealarm.com/bin/free/1043_zl/zaasSetup_70_483_000_en.exe
> ZoneAlarm Basic Firewall
> http://download.zonealarm.com/bin/free/1025_zl/zlsSetup_70_483_000_en.exe
>
> Frankly speaking, uninstalling ZA and obtaining a firewall that will
> protect the system and not cause updating issues is possible:
>
> Firewall Challenge
> http://www.matousec.com/projects/firewall-challenge/results.php
Thanks for that link, I will check it out. Obviously nobody believes me that
there was no link to an update on the ZA page, so I cut and pasted the
entire page and posted it in another thread here on the same subject. You'll
see that there is no link for the 483 update. I'm gonna give it a try with
the link you provided..... thanks.
MartyB in KC
Nunya Bidnits
Nunya Bidnits wrote:
> PA Bear [MS MVP] wrote:
>> Nunya Bidnits wrote:
>>>
>
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
>>>
>>> There's no new version of ZA on that page.
>>
>> Look again.
>
> I have looked over and over again. The link was pasted in from the
> newsgroup posts.
>
> Here is exactly, and only, what I see when I go to that page, cut and
> pasted...
OK, I just refreshed the page and now its there. But you can see from the
cut and paste it wasn't there, at least not for a while. The "date last
revised" on that page has not changed, July 9. I may be crazy but I ain't
stupid, when everyone said it was there I tried that page several times, and
have never navigated to it before today, so it was not in my cache.
There's something scwewy awound hea...
Elmer Fudd
MartyB in KC
Joan Archer
--
Joan Archer
http://www.freewebs.com/crossstitcher
http://lachsoft.com/photogallery
"MowGreen [MVP]" <mowg...@nowandzen.com> wrote in message
news:udORZYs...@TK2MSFTNGP04.phx.gbl...
> snip>
PA Bear [MS MVP]
<snip>
> OK, I just refreshed the page and now its there. But you can see from the
> cut and paste it wasn't there, at least not for a while. The "date last
> revised" on that page has not changed, July 9. I may be crazy but I ain't
> stupid, when everyone said it was there I tried that page several times,
> and
> have never navigated to it before today, so it was not in my cache.
That page has been revised at least four (4) times since it was first
published on 08 July 2008.
Nunya Bidnits
Well, some dimbulb revised it at least once without the update links....
sheesh.
MartyB in KC
Unknown
"Joan Archer" <arche...@nospam.com> wrote in message
news:u2Apvms4...@TK2MSFTNGP02.phx.gbl...
Phyllis
problems with both my cable and wireless router on a computer that does not
have Zone Alarms installed. I am using Windows Firewall and AVG anti-virus.
All the responses I have read have been like the only ones that are having a
problem with internet connection after the updates are the ones running
Zonelabs products. My fix was to do a system restore back to before the
updates and marked them not to install again. I'm going to leave it that
way until Microsoft comes up with a fix for their fix.
"Unknown" <unk...@unknown.kom> wrote in message
news:1rQdk.32149$ZE5....@nlpi061.nbdc.sbc.com...
PA Bear [MS MVP]
Resolution [was Workaround] for Sudden Loss of Internet Access Problem
(revised multiple times since release on 08 July 2008)
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
NB: Do NOT use Option #2 if at all possible! The vulnerability addressed by
KB951748 *is* a big deal! See
http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
Want to consider other, more highly-rated firewalls?
http://www.matousec.com/projects/firewall-challenge/results.php
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Phyllis
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:ezKj7394...@TK2MSFTNGP04.phx.gbl...
Charles Lee
me thinks PA Bear didn't read your previous post properly before
respnoding....
"Phyllis" <som...@microsoft.com> wrote in message
news:Or9ZBKC5...@TK2MSFTNGP04.phx.gbl...
Phyllis
"Charles Lee" <No_...@for.me> wrote in message
news:%23E$4N8C5I...@TK2MSFTNGP04.phx.gbl...
Unknown
to you. Are you sure you are configured to use WINDOWS firewall?
PA Bear [MS MVP]
Then again, you did post in a thread about ZoneAlarm and KB951748 instead of
beginning your own thread.
What's your Windows version (e.g., WinXP SP3) and IE version, Phyllis? What
other updates did you install this week besides KB951748?
--
~PA Bear
Phyllis wrote:
> So this fix works even if you are not running Zone Alarms?
>
> "PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
> news:ezKj7394...@TK2MSFTNGP04.phx.gbl...
>> ZA's had the fix for several days now:
>>
>> Resolution [was Workaround] for Sudden Loss of Internet Access Problem
>> (revised multiple times since release on 08 July 2008)
>> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
>>
>> NB: Do NOT use Option #2 if at all possible! The vulnerability addressed
>> by KB951748 *is* a big deal! See
>> http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
>>
>> Want to consider other, more highly-rated firewalls?
>> http://www.matousec.com/projects/firewall-challenge/results.php
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
<snip>
flpat4747
and I hope then people will see my call for help. I would like to pose a
question but everytime I try to use new
it doesn't work; it turns red and the drop down list appears. I chose
question but after that nothing happens. I'm trapped. Help I put this message
in one other place in the hopes someone would see it.
"PA Bear [MS MVP]" wrote:
Big_Al
> Hi Folks, Help please. Have picked this question only because it is recent
> and I hope then people will see my call for help. I would like to pose a
> question but everytime I try to use new
> it doesn't work; it turns red and the drop down list appears. I chose
> question but after that nothing happens. I'm trapped. Help I put this message
> in one other place in the hopes someone would see it.
>
If you used a reader like Outlook Express or Thunderbird etc, you would
have a much easier time using newsgroups. Web Sevices is a horrible
interface.
PA Bear [MS MVP]
http://www.microsoft.com/windowsxp/expertzone/newsgroupsetup.mspx
Setting up Outlook Express to access Microsoft newsgroups
http://www.michaelstevenstech.com/outlookexpressnewreader.htm
Setting up Windows Mail (Vista) to access Microsoft newsgroups
http://www.winhelponline.com/blog/microsoft-newsgroup-setup-instructions-for-windows-mail/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
xxexbushpig
wasn't as big a dimbulb as the Microsoft person who issued the KB951748
update that screwed up millions of people!
PA Bear [MS MVP]
not the other way around?
Get real.
V Green
> So Windows must be compatible with ZA and any other third-party application,
> not the other way around?
Why not?
ZA WORKED before the update. The update BROKE it.
So it's ZA's problem?
Get real.
Shenan Stanley
PA Bear [MS MVP] wrote:
> So Windows must be compatible with ZA and any other third-party
> application, not the other way around?
V Green wrote:
> Why not?
>
> ZA WORKED before the update. The update BROKE it.
> So it's ZA's problem?
>
> Get real.
Yes.
Stay general and tell me how you can logically and reasonably say
otherwise... Leave out any specific names.
The original manufacturer of an original product released a patch/upgrade
for their original product. The original product had been modified in this
case by a third party product. The original manufacturer has no
responsibility to test all the possible third party add-ons/changes you can
perform on their product - because they simply would not have the resources
or time to do so - nor is it probably logistically possible/plausible.
Therefore - if a change (critical) is made to the original product and the
third party product no longer functions as the third party vendor said it
would - it is their responsibility to decide whether or not to make it
right.
I responded like this in another location already - if you have someway to
legitimately change that logic around - I would be glad to read. This is
what I wrote earlier - it's repetative in many ways to what I wrote above -
but perhaps seeing it described in a couple of ways will allow more people
to understand the point... And if there is another side to it - perhaps be
able to explain that point of view.
( begin repost )
No offense meant below - honest question...
You have a (potential) problem with an update for the original product you
purchased because you have modified the original product with the addition
of a third party product that has no relation with the manufacturer of the
original product other than the fact they made their product to fit 'on top
of' that original product - and your complaint is with the original product
manufacturer?
Wouldn't your complaint be better received if made to those who made the
third party product you chose to replace the parts of the original product
when you decided you wanted to modify it?
P.S. - I couldn't care less that the specific complaint is about Microsoft,
Chevrolet, Whirlpool or whomever - that is why I left out names in my actual
query completely.
It doesn't matter who made the original product in question - if you chose
to modify it with some third party product and then some
recall/update/upgrade comes out for the original product - do you honestly
believe the manufacturer of the original product should find out every
modification you *could have made* to their product is and make sure their
upgrade/update for their product works with all of those possibilities? Or
would it be more logical to place the responsibility of maintaining the
third party modification to the makers of said modification?
( end repost )
In the end - I believe one could more easily argue the point that it is the
end-users responsibility more than anyone's - as they are the one who made
the conscience choice to change the original product for 'supposed' more
protection with a third party add-ons; and then, when the original product
is changed in some way (by the original manufacturer) and that makes the
original product fail unless the add-on is removed... well - who made the
choice to utilize that product?
But that's a completely different point of view than the one I originally
presented - but one I could see someone taking and being able to defend.
Please - present your point of view and back it up - I would actually like
to hear it because I am finding it difficult to fathom it right now.
Perhaps you have a generalized way of explaining it where I can see your
point of view.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
Phyllis
fact that there were others with what seemed like the same problem that did
not have ZA.
XP SP3, IE 7, and my AVG did an update this week that required restart of my
computer which has never happened before, so it is possible they made some
changes as well. Has anyone complained about that freebie screwing things
up? Seems like everything I have on my computer has been wanting to update
today and I'm getting a little gun shy. Thanks
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:OmgVyZD5...@TK2MSFTNGP05.phx.gbl...
Freddy
"Scanningprocess.exe" for over 2 hours. I can't do anything but shutoff my
machine and reboot in Safe mode. Any other solutions?
PA Bear [MS MVP]
Freddy. Thanks.
PA Bear [MS MVP]
problems are you experiencing since installing the July 2008 updates?
Did you upgrade from AVG v7.5 to v8.0, and are you now running v8.1.135?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Phyllis wrote:
> Sorry about posting in the wrong place, but I was mainly commenting on the
> fact that there were others with what seemed like the same problem that
> did
> not have ZA.
>
> XP SP3, IE 7, and my AVG did an update this week that required restart of
> my
> computer which has never happened before, so it is possible they made some
> changes as well. Has anyone complained about that freebie screwing things
> up? Seems like everything I have on my computer has been wanting to
> update
> today and I'm getting a little gun shy. Thanks
>
>> No, sorry. It's been a very long week...
>>
>> Then again, you did post in a thread about ZoneAlarm and KB951748 instead
>> of beginning your own thread.
>>
>> What's your Windows version (e.g., WinXP SP3) and IE version, Phyllis?
>> What other updates did you install this week besides KB951748?
>> --
>> Phyllis wrote:
>>> So this fix works even if you are not running Zone Alarms?
>>>
>>>> ZA's had the fix for several days now:
<snip>
mae
Alliance forms to fix DNS flaw
http://www.securityfocus.com/news/11526
mae
"xxexbushpig" <xxexb...@discussions.microsoft.com> wrote in message
news:A3F3FADE-1D54-48E4...@microsoft.com...
| Well it might have been a "dimbulb" (which is a great new word BTW), but
it
| wasn't as big a dimbulb as the Microsoft person who issued the KB951748
| update that screwed up millions of people!
|
| "Nunya Bidnits" wrote:
|
-snip-
Phyllis
KB951978 (Update for Windows XP), KB890830 (Windows Malicious Software
Removal Tool). I have been experiencing problems with my internet
connection all week. Sometimes I can't get it to connect at all, or a
window will come up and say "there is no internet connection available, do I
want to work offline or retry." If I click retry it will connect right up.
Then at other times it will connect to the cable connection with no problem,
but then my wireless connection will not connect, it doesn't even show a
network available. After fooling with it (disable, re-enable, repair) it
will just finally connect up.
I had already upgraded to AVG 8.0 several weeks ago. The update this week
was just a part of daily updates, but required restart of my computer which
it never did before. It says 8.0.138.
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:e30nuxF5...@TK2MSFTNGP04.phx.gbl...
Sam
> Well it might have been a "dimbulb" (which is a great new word BTW), but it
> wasn't as big a dimbulb as the Microsoft person who issued the KB951748
> update that screwed up millions of people!
Look, I understand where you are coming from. I have been bitten by this
"bug" too (well, not me personally, but couple of relatives I help with
computer stuff).
Also note that I am no Windows fan boy. So I don't get giddy eyed and
swoon at every new Windows release or update and neither do I
*religiously* defend their "secure OS" or their pricing policies (as
some do there ... *ducks*). I just use it as a tool for whatever I have
to do.
So, in my view this particular update, the KB951748, appears to fix some
DNS vulnerability in Windows. Good. But it also messed up Zone Alarm.
But MS has nothing to do with Zone Alarm and ZA people already gave out
an upgraded version of ZA which solves this. It would have been prudent
of ZA people to have seen this coming and taken corrective measures
earlier. As long as MS gave sufficient prior warning to all the vendors
in the field about this update, I don't think they are to blame.
My 2c.
V Green
"Shenan Stanley" <newsh...@gmail.com> wrote in message
news:OoOdedF5...@TK2MSFTNGP06.phx.gbl...
> <snipped>
>
> PA Bear [MS MVP] wrote:
> > So Windows must be compatible with ZA and any other third-party
> > application, not the other way around?
>
> V Green wrote:
> > Why not?
> >
> > ZA WORKED before the update. The update BROKE it.
> > So it's ZA's problem?
> >
> > Get real.
>
> Yes.
>
> Stay general and tell me how you can logically and reasonably say
> otherwise... Leave out any specific names.
>
> The original manufacturer of an original product released a patch/upgrade
> for their original product. The original product had been modified in this
> case by a third party product. The original manufacturer has no
> responsibility to test all the possible third party add-ons/changes you can
> perform on their product - because they simply would not have the resources
> or time to do so - nor is it probably logistically possible/plausible.
> Therefore - if a change (critical) is made to the original product and the
> third party product no longer functions as the third party vendor said it
> would - it is their responsibility to decide whether or not to make it
> right.
Sorry, but no. I don't screw over MY customer base that way.
If you choose to live life doing that sort of stuff, then
we must just agree to disagree.
And good luck with customer loyalty...wait a sec, Windows
is a monopoly. Happy Customers, what are those??? They don't
have a choice (go ahead and argue that if you wish, you KNOW
it's true and I won't respond to it) so what do we care about their "user
experience"?
Sam
> Security Home Users newsgroups]
>
> (revised multiple times since release on 08 July 2008)
>
> addressed by KB951748 *is* a big deal! See
> http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
>
>
> Want to consider other, more highly-rated firewalls?
> http://www.matousec.com/projects/firewall-challenge/results.php
* Uninstalled the KB951748 update. This got internet working again.
* Upgraded Zone Alarm (was using free version) by downloading the new
version: zlsSetup_70_483_000_en.exe(from the Check Update option of ZA).
* Reinstalled the KB951748 update.
* Got everything working.
All is well again.
Thanks to all the people who suggested this solution.
--
---
Please remove underscores, if any, from my email address to obtain the
correct one. Sorry for the trouble but this is to reduce SPAM.
Big_Al
Sam, Read this article:
The DNS bug was found & should have been a co-operative update July 8.
http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/
The article does not say who was notified, but the bug was *not* found
by MS and MS has no responsibility to tell others, as this was all
supposed to be done July 8.
IMHO, ZA missed the boat or was just slow.
H. S.
>
> IMHO, ZA missed the boat or was just slow.
>
Yup, I agree.
PA Bear [MS MVP]
> connection all week.
"All week" meaning since you installed KB951748, KB951978, and the Malicious
Software Removal Tool on or shortly after 08 July 2008?
When did you install WinXP SP3? Was AVG running in the background when you
installed SP3? Do you only experience such issues after resuming from
Standby or Hibernation?
You've told us that ZoneAlarm isn't installed. Is another third-party
firewall installed or are you using the Windows Firewall?
Has a Norton or McAfee application ever been installed on the machine?
Lastly, if you uninstall "Security Update for Windows XP (KB951748)" via
Add/Remove Programs & reboot, does the behavior persist?
PS: Please tell me which newsgroup you're using to view and reply to this
thread. I'd prefer that we discontinue the unnecessary crossposting.
--
~PA Bear
Shenan Stanley
PA Bear [MS MVP] wrote:
> So Windows must be compatible with ZA and any other third-party
> application, not the other way around?
V Green wrote:
> Why not?
>
> ZA WORKED before the update. The update BROKE it.
> So it's ZA's problem?
>
> Get real.
Shenan Stanley wrote:
> Yes.
>
> Stay general and tell me how you can logically and reasonably say
> otherwise... Leave out any specific names.
>
> The original manufacturer of an original product released a
> patch/upgrade for their original product. The original product had
> been modified in this case by a third party product. The original
> manufacturer has no responsibility to test all the possible third
> party add-ons/changes you can perform on their product - because
> they simply would not have the resources or time to do so - nor is
> it probably logistically possible/plausible. Therefore - if a
> change (critical) is made to the original product and the third
> party product no longer functions as the third party vendor said it
> would - it is their responsibility to decide whether or not to make
> it right.
>
V Green wrote:
> Sorry, but no. I don't screw over MY customer base that way.
> If you choose to live life doing that sort of stuff, then
> we must just agree to disagree.
>
> And good luck with customer loyalty...wait a sec, Windows
> is a monopoly. Happy Customers, what are those??? They don't
> have a choice (go ahead and argue that if you wish, you KNOW
> it's true and I won't respond to it) so what do we care about their
> "user experience"?
I am going respond because you decided to literally side-step the question
and just dis-like some specific company instead of making a logical argument
based in reality.
If you do not answer - that is your choice. However - if you don't
respond - my thought is you could not come up with a logical, non-biased
argument *not* based on anything specific and/or you will respond with
another seemingly personal attack.
This is nothing personal - this has nothing to do with you or your business
practices. You have somehow decided to attack me personally and what you
feel is my personal belief system instead of what I presented as the reality
of the situation from almost all situations like this.
If you were to buy a chevrolet vehicle and modify some part with a third
party product and chevrolet did a recall and the recall/replacement part
made your modification either not work or caused you to be unable to do
something else (like close the hood, etc) - whose responsibility is it to
fix it?
If you had a whirlpool dishwasher and you bought a third party utensil
basket that was larger but still fit the door and then they
recalled/replaced the door on the unit for some reason and their replacement
was larger and thus you could no longer close the door and latch it with
your third party utensil basket in it - whose responsibility is it to fix
it?
So please - if you can - present your case in a generalized form. Be
realistic. See the examples I gave above and tell me if I am not correct in
my assumptions on who would be responsible in those cases.
Please - don't take this as some personal attack - it is not. Please do not
make it into a personal attack, as it seems to me you have already somewhat
by assuming my presentation is anything more than the way things usually
work - and how it makes sense to me.
This is supposed to be a discussion on why you believe if someone buys
something, modifies it, gets a replacement/upgrade/fixed part from the
original manufacturer of the original item that makes their third party part
fail/invalid - that the original manufacturer of the original part should
have known/tested for that and/or have been the one to remedy the
situation... And not the way I presented where the third party part
manufacturer and/or the end-user themselves have to take responsibility for
the fact their old part (the way it is at that point) has issues that need
to be resolved to work with the now-fixed original part. I
f you believe the way you have presented - that is fine - but *why* - what
is the actual basis beyond a 'good feeling' - or is that it?
If - however - you do not consider the entirety of the posting (as you seem
to have done previously) - please consider at least the following
question(s).
Please explain - quite simply - why it is the original manufacturer's place
to make sure every third-party change possible (including personal
modifications not published to the public, perhaps) will work with every
modification they deem as critical to their original product - which is the
only thing they are actually responsible for?
Are you saying that if you sell something (whatever you sell) and the person
modifies it before bringing it back and they bring it back to fix something
that would not have occurred if they had not modified it - you will take
responsibility for what they did (what they added/modified) and fix the
problem the third party modification caused for them at no charge?
Phyllis
Problem started first part of the week after Windows Updates and AVG update.
Don't remember date of SP3 install, was right after it became available and
I got update notification from Automatic Updates. Usually when I first open
Internet Explorer I get this box that says "no internet connection
available, do you want to work offline or retry." When I click retry it
connects right up. My wireless connection doesn't connect at startup and if
I do manage to get it connected it drops during standby.
I use Windows Firewall, but have recently had Zone Alarms but didn't like
some things about it and uninstalled via Add/Remove programs. I have run a
search and did not find any files associated with Zone Alarms on my
computer. I have also had Norton Internet Security during 2006 and 2007.
I did a system restore yesterday and told Automatic Updates to not show me
KB951748 and KB951978 again. I did install the Malicious Software Tool.
Problem remains. I am wondering if maybe my internet provider may have been
messing with it trying to resolve this problem themselves. I believe it was
on Zone Alarms forum that I read where internet providers were having to
make corrections to their servers too. Don't know if that is correct or
not. I have read so much today, I can hardly remember my name at this
point. I have it all connected right now and has been working fine for the
last couple of hours. Don't know what is going on.
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:%23bqaawG...@TK2MSFTNGP05.phx.gbl...
V Green
Shenan:
After reading links to the info regarding
ZA's "slow on the uptake" response to an issue that
they were supposedly notified of (I did not have this
info until recently) I realize that I may have been in
error to bash MS specifically on this issue. My bad
for that.
If ZA didn't code around an impending update that they
knew about, that's a whole different thing.
> f you believe the way you have presented - that is fine - but *why* - what
> is the actual basis beyond a 'good feeling' - or is that it?
That's it. That's all. 50 years of good feelings. Works
for me. You should try it. You might like it.
Anthony Buckland
"Freddy" <Fre...@discussions.microsoft.com> wrote in message
news:09D81099-DD86-490F...@microsoft.com...
I've noticed a slower virus scan with the new ZA. I'm heading over
to the Zone Alarm User Forum, and suggest you do the same.
It isn't connected to the OS AFAIK. Before we take this offtopic
discussion out of here, though, I'd suggest scheduling your scan
for something like 01:00, as I do. Unless of course that's when
you do your work.
Shenan Stanley
> That's it. That's all. 50 years of good feelings. Works
> for me. You should try it. You might like it.
I have more good feelings than most and have plenty of people (because of
those good feelings) who would come to me before anyone else for many
things - but that doesn't address the question at all really - you didn't
answer the main question...
---
Are you saying that if you sell something (whatever you sell) and the person
modifies it before bringing it back and they bring it back to fix something
that would not have occurred if they had not modified it - you will take
responsibility for what they did (what they added/modified) and fix the
problem the third party modification caused for them at no charge?
---
(And assume this is not family, not friend, a pure customer that you have no
interest in making more than a loyal customer - and think about their other
choices, etc.)
V Green
> V Green wrote:
> > That's it. That's all. 50 years of good feelings. Works
> > for me. You should try it. You might like it.
>
> I have more good feelings than most and have plenty of people (because of
> those good feelings) who would come to me before anyone else for many
> things - but that doesn't address the question at all really - you didn't
> answer the main question...
>
> ---
> Are you saying that if you sell something (whatever you sell) and the person
> modifies it before bringing it back and they bring it back to fix something
> that would not have occurred if they had not modified it - you will take
> responsibility for what they did (what they added/modified) and fix the
> problem the third party modification caused for them at no charge?
Yes.
Your analogy doesn't apply to the kind of business
I am in, but I would do that. Take responsibility, no, but
that's not necessary to fix the problem and make the customer
happy.
Chide them about it, yes, probably.
And I would only do it once for that individual.
And as part of the "repair" process, I would inform them that
if they did it again (same customer, same "modification")
I would probably charge them.
Ya gotta have limits.
PA Bear [MS MVP]
Did you or did you not install WinXP SP3 on or after 08 July 2008?
You explained your connection problems before. I need to know if you *only*
have such problems after resuming the machine from Standby or Hibernate? If
not, please say so.
Do any of your other applications (e.g., Outlook Express) exhibit these
connection problems or is it just IE7?
=========================
> ...I have also had Norton Internet Security during 2006 and 2007.
1. If anything named Norton or if LiveUpdate is listed in Add/Remove
Programs, please uninstall it/them.
2. Now download/run this removal tool and reboot:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
3. Any improvement in the connectivity department?
=========================
> I did a system restore yesterday and told Automatic Updates to not show me
> KB951748 and KB951978 again.
Please do NOT use System Restore to "undo" updates. Uninstall them via
Add/Remove Programs instead.
I would STRONGLY recommend that you get KB951748 and KB951978 installed
again ASAP! You've proven that neither of them caused your problem, and
KB951748 especially *is* a big deal! =>
http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
And I can assure you that all responsible ISPs consider it a big deal, too,
and are scrambling to make changes to protect against these vulnerabilities.
>> Phyllis wrote:
>>> Microsoft Windows Updates this week were KB951748 (Security Update for
>>> XP),
>>> KB951978 (Update for Windows XP), KB890830 (Windows Malicious Software
>>> Removal Tool). I have been experiencing problems with my internet
>>> connection all week. Sometimes I can't get it to connect at all, or a
>>> window will come up and say "there is no internet connection available,
>>> do I
>>> want to work offline or retry." If I click retry it will connect right
>>> up.
>>> Then at other times it will connect to the cable connection with no
>>> problem,
>>> but then my wireless connection will not connect, it doesn't even show a
>>> network available. After fooling with it (disable, re-enable, repair)
>>> it
>>> will just finally connect up.
>>>
>>> I had already upgraded to AVG 8.0 several weeks ago. The update this
>>> week
>>> was just a part of daily updates, but required restart of my computer
>>> which
>>> it never did before. It says 8.0.138.
>>>
>>>> What other *Windows* updates did you install this week? Exactly what
>>>> problems are you experiencing since installing the July 2008 updates?
>>>>
>>>> Did you upgrade from AVG v7.5 to v8.0, and are you now running
>>>> v8.1.135?
>>>> --
Kayman
You're such a Pisser, V Green!
Shenan Stanley
Conversation in entirety:
http://groups.google.com/group/microsoft.public.security/browse_frm/thread/f691e0bbe3886038/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
Shenan Stanley wrote:
> If you believe the way you have presented - that is fine - but
> *why* - what is the actual basis beyond a 'good feeling' - or is
> that it?
V Green wrote:
> That's it. That's all. 50 years of good feelings. Works
> for me. You should try it. You might like it.
Shenan Stanley wrote:
> I have more good feelings than most and have plenty of people
> (because of those good feelings) who would come to me before anyone
> else for many things - but that doesn't address the question at all
> really - you didn't answer the main question...
>
> ---
> Are you saying that if you sell something (whatever you sell) and
> the person modifies it before bringing it back and they bring it
> back to fix something that would not have occurred if they had not
> modified it - you will take responsibility for what they did (what
> they added/modified) and fix the problem the third party
> modification caused for them at no charge? ---
>
> (And assume this is not family, not friend, a pure customer that
> you have no interest in making more than a loyal customer - and
> think about their other choices, etc.)
V Green wrote:
> Yes.
>
> Your analogy doesn't apply to the kind of business
> I am in, but I would do that. Take responsibility, no, but
> that's not necessary to fix the problem and make the customer
> happy.
>
> Chide them about it, yes, probably.
>
> And I would only do it once for that individual.
>
> And as part of the "repair" process, I would inform them that
> if they did it again (same customer, same "modification")
> I would probably charge them.
>
> Ya gotta have limits.
I appreciate the answer.
If you fix a problem that the customer obviously could not fix (if they
could, they would not have come to you) and the cause is obviously something
they did with some modification - you have taken responsibility from them,
taken on the problem, accepted what caused it was not you, etc.
You can say it's not your "fault" - but by actually putting effort into it
and fixing it - you have taken on the _responsibility_ to 'make it right'.
By not charging for said service - are saying that, "although the _fault_ is
not mine - I am doing this for you" --> which is taking on the
responsibility. (Not the *fault* mind you - but the responsibility has been
transferred.)
You don't have to take the 'blame' to take the 'responsibility'. It's like
bailing someone out of prison in a way. You take responsibility by handing
over your money, but not the blame for the crime.
*shrug*
Thanks again for answering.
Leonard Grey
---
Leonard Grey
Errare humanum est
Phyllis
8, 2008. I really appreciate all the help, but can do without the
"attitude." I know this problem has been overwhelming to deal with and you
are probably tired of incompetent people owning computers but none the less
we all have them now.
NO, it is not only after standby that it occurs. Also answered in last
post. (Usually when I FIRST open Internet Explorer I get this box that says
"no internet connection available, do you want to work offline or retry."
When I click retry it connects right up. My wireless connection doesn't
connect at startup and if I do manage to get it connected it drops during
standby.) Does this response not answer the question about having the
problem only after standby or hibernation? I have my computer set to never
hibernate.
Outlook Express also exhibits the same problem.
I cleaned my machine of all files/traces of Norton after I uninstalled via
Add/Remove Programs, but will download/run the removal tool that you
provided. I will also install the updates. Thank you very much for your
help.
"PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
news:e3tHLOK5...@TK2MSFTNGP04.phx.gbl...
PA Bear [MS MVP]
Phyllis. If you'd like to get voluntary or paid assistance elsewhere,
please so do.
> ...I believe you should know that SP3 became available before July
> 8, 2008
SP3 was made available via Windows Update website on or about 07 May-08, and
for a very bried period was being offered to *some* users who'd configured
Automatic Updates (AU) to "Download but notify" and "Notify Only."
SP3 was made available to all users, independent of their AU settings, at
17:00 UTC, 10 Jul-08.
> NO, it is not only after standby that it occurs...
Thank you for answering my specific question.
> I cleaned my machine of all files/traces of Norton after I uninstalled via
> Add/Remove Programs, but will download/run the removal tool that you
> provided.
Let me know if running the removal tool helps at all. Norton applications
are notorious for not uninstalling cleanly, Phyllis. The "remainders" left
behind can have an untold number of affects on performance, including
connectivity.
Phyllis, what's the make & model of your wireless router? Do you own it or
do you lease it from your ISP there in Conway?
Also tell me if the connectivity issues only seem to occur at specific times
of the day (e.g., only in the early evening; from 5 PM till bedtime).
--
~PA Bear
Lars-Erik Østerud
> problems are now fixed with security update & ZA in ZoneAlarms latest
> update... all releases covered, from basic to the full suite
For some reason the older ZoneAlarm like the classic 4.5.594 is not
affected. Why is that? The 4.5 is smaller and less resource hog too.
--
Lars-Erik - http://www.osterud.name - ICQ 7297605
Test my Firefox tweaks: http://firefox.osterud.name
Paul (Bornival)
This thread has seen a very "active" discusssion about the mutual
responsibilities of MS and ZA for the "loss of Internet access" disaster
linked to the issue of KB951748.
For sure, the DNS issue was known by the main software manufacturerers much
before July 8th, and ZA could have been more proactive.
However, the argument that MS can change its software "ex abrubto" and put
the culprit on 3d party software in case of problems (because, for ZA, the 3d
party has modified a core component of its system) needs to be re-examined.
Indeed,
- the main reason why people adopted ZA firewall (or other 3d party
firewalls) is because neither Win95/98/ME or WinXP (before SP2) had any
protection in this context (more about that on
http://en.wikipedia.org/wiki/Windows_Firewall). The firewall introduced with
WinXP SP2 was only directed against attacks from outside but did not block
anything from inside (this was considered as unecessary, and claimed as such
on this forum, ... untill, eventually, Vista introduced it, which
demonstrates its usefulness...)
- as a result, mots of us had to use 3d party firewalls to prortect our
computers (I did so after seeing my unprotected WinXP computers so easily
attacked ...).
I submit that MS should recognize that, because it introduced a decent
firewall only recently, it has to respect those users who installed a 3d
party firewal ... and have remained faithful to it.
Although, stricto sensu, MS is not obliged to take into consideration all 3d
party sofware when thay make chnages that may affect the users of such
software, they could have been more prudent in this case.
In a broader context, MS built its success (vs. Apple) by making an OS on
which 3d parties could buid their own applications. Ignoring this now (and
stating that they have "nothing to do with 3d party software") may well cause
important problems, and the demise of MS in the future. In ancient Rome,
people said "Jupiter blinds those who he will kill" and "The Tarpeian rock is
close to the Capitol". In this particular case, I'm afraid that MS was
blind... even if it was technically and legally right, and has forgotten
that falling from the Capitol hill is easier than climbing it.
Rick
Actually the DNS hole was newly discovered to say that software
developers knew about this "much before July 8" is not accurate. What
is of much more concern is ISP's have that same hole. It has been
suggested that Open DNS offers protection but I would be much more
concerned about the ISP hole that the one on the pc.
--
Rick
Fargo, ND
N 46°53'251"
W 096°48'279"
Remember the USS Liberty
http://www.ussliberty.org/
Shenan Stanley
> This thread has seen a very "active" discusssion about the mutual
> responsibilities of MS and ZA for the "loss of Internet access"
> disaster linked to the issue of KB951748.
>
> For sure, the DNS issue was known by the main software
> manufacturerers much before July 8th, and ZA could have been more
> proactive.
>
> However, the argument that MS can change its software "ex abrubto"
> and put the culprit on 3d party software in case of problems
> (because, for ZA, the 3d party has modified a core component of its
> system) needs to be re-examined. Indeed,
>
> - the main reason why people adopted ZA firewall (or other 3d party
> firewalls) is because neither Win95/98/ME or WinXP (before SP2) had
> any protection in this context (more about that on
> http://en.wikipedia.org/wiki/Windows_Firewall). The firewall
> introduced with WinXP SP2 was only directed against attacks from
> outside but did not block anything from inside (this was
> considered as unecessary, and claimed as such on this forum, ...
> untill, eventually, Vista introduced it, which demonstrates its
> usefulness...)
Just because Vista has something does not 'demonstrate its usefulness' - it
merely demonstrates good marketing... If the people want it - throw it in
there... Even if most of those people do not understand what it really
does/doesn't do. (AERO is far from 'useful' - and it is in Vista.)
> - as a result, mots of us had to use 3d party firewalls to prortect
> our computers (I did so after seeing my unprotected WinXP computers
> so easily attacked ...)
Some people do/did not (even without any SP, SP1, SP1a) run a third party
firewall. Many of those ran/run fine.
SP2 was released in 2004. It is 2008 and SP3 has since bveen released.
Four years is a long time not to reflect on your security options if someone
was concerned at one time enough to get a free firewall solution in the
past - in my opinion. (Some people still run some pretty old versions of
whatever free software they may have chosen - some may even run software
from manufacturers that do not exist any longer...)
> I submit that MS should recognize that, because it introduced a
> decent firewall only recently, it has to respect those users who
> installed a 3d party firewal ... and have remained faithful to it.
Respect it - okay - agreed.
Research every one of them to see if they will cause problems - even those
that have since disappeared into the ether and are still ran by people
because they never bothered to get anything else, etc?
Zone Alarm is popular - but it is not (by far) the only option around (or
that was around in many cases) and not everyone is running it as their
third-party solution - which means there will be MANY different ones they
would have to 'test' - and which versions (of each one) do you test? What
are the limitation on how far back you test? After all - people are
reporting in this very conversation that some older versions of Zone Alarm
itself do not exhibit the issues of the version right before the patch to
remedy this problem - which tells me that Zone Alarm didn't have this issue,
did have this issue, doesn't have this issue again (if you just pretend the
patch could have been released some time ago.)
> Although, stricto sensu, MS is not obliged to take into
> consideration all 3d party sofware when thay make chnages that may
> affect the users of such software, they could have been more
> prudent in this case.
How? In what way? See my above query...
What limitations do you put on testing other people's software to make sure
when you patch yours it doesn't cause some particular version of some
particular software to break something overall?
> In a broader context, MS built its success (vs. Apple) by making an
> OS on which 3d parties could buid their own applications. Ignoring
> this now (and stating that they have "nothing to do with 3d party
> software") may well cause important problems, and the demise of MS
> in the future. In ancient Rome, people said "Jupiter blinds those
> who he will kill" and "The Tarpeian rock is close to the Capitol".
> In this particular case, I'm afraid that MS was blind... even if
> it was technically and legally right, and has forgotten that
> falling from the Capitol hill is easier than climbing it.
Interesting. I did enjoy reading that. Maybe Microsoft will cause its own
downfall - and maybe that is not a bad thing.
However - I am still unsure what you are expecting someone in a position
such as this one to have done differently.
There are obviously still people running much older versions of the software
that is mentioned in the subject of this posting and those people are not
having issues (according to their responses in this very conversation and
elsewhere.) There are people running other third party software that does
similar/the same thing as the software mentioned in the subject of this
posting and they are not having trouble. I have seen sporadic postings
lately (one to three) of people running brand-new similar software from
another (large) manufacturer supposedly having similar issues.
What would have been the 'thing to do' with all these variables in place, in
your opinion?
Kayman
> Hi, everyone,
>
> This thread has seen a very "active" discusssion about the mutual
> responsibilities of MS and ZA for the "loss of Internet access" disaster
> linked to the issue of KB951748.
>
> For sure, the DNS issue was known by the main software manufacturerers much
> before July 8th, and ZA could have been more proactive.
Quite right! And this really should be the end of the story!
> However, the argument that MS can change its software "ex abrubto" and put
> the culprit on 3d party software in case of problems (because, for ZA, the 3d
> party has modified a core component of its system) needs to be re-examined.
> Indeed,
ZA had sufficient time to address this issue.
> - the main reason why people adopted ZA firewall (or other 3d party
> firewalls) is because neither Win95/98/ME or WinXP (before SP2) had any
> protection in this context (more about that on
> http://en.wikipedia.org/wiki/Windows_Firewall). The firewall introduced with
> WinXP SP2 was only directed against attacks from outside but did not block
> anything from inside (this was considered as unecessary, and claimed as such
> on this forum, ... untill, eventually, Vista introduced it, which
> demonstrates its usefulness...)
It was essential to utilize a 3rd party firewall application prior
WindowsNT (which incidentally applies also to Registry Cleaners). After the
introduction of NT the in-build firewall made 3rd party applications
superfluous, which obviously wasn't well received by the makers of these
software.
> - as a result, mots of us had to use 3d party firewalls to prortect our
> computers (I did so after seeing my unprotected WinXP computers so easily
> attacked ...).
A 3rd party apps. wouldn't have saved you; Especially ZA!
> I submit that MS should recognize that, because it introduced a decent
> firewall only recently, it has to respect those users who installed a 3d
> party firewal ... and have remained faithful to it.
The decent firewall was introduced by MSFT with the introduction of NT. It
is, compared to the existing 3rd party apps., a "more honest" and superior
and product. The reason for most users chosing 3rd party applications is
the relentless hype and scare mongering tactics created by the makers of
these software. In terms of security 'outbound control' is utter nonsense!
> Although, stricto sensu, MS is not obliged to take into consideration all 3d
> party sofware when thay make chnages that may affect the users of such
> software, they could have been more prudent in this case.
Again, ZA had sufficient time to act accordingly. Others did, didn't they?
> In a broader context,
<snipped irrelevant analogy>
Educational reading re outbound control:
PFW Criticism.
http://en.wikipedia.org/wiki/Personal_firewall#Criticisms
Why your firewall sucks.
http://tooleaky.zensoft.com/
"But I quickly realized the truth: The added protection provided by
outbound filtering is entirely illusory."
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Deconstructing Common Security Myths.
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."
Read in its entirety:
Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/magazine/cc510323.aspx
Apropos hype:
Go to...
http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/
...and follow all the hype created by Sunbelt's *Marketing Department*.
[quote]
Still use the free Windows XP firewall?
Unfortunately, this gives you a false sense of security. It only protects
incoming traffic. But outgoing traffic, with your credit card info, social
security number, bank accounts, passwords and other confidential
information is not protected. The WinXP firewall will let it all go out.
But... SPF will block that data if you buy the FULL version! You absolutely
need a better, commercial-grade firewall.
[/quote]
Then read in...
Windows Personal Firewall Analysis
...a more realistic view which obviously was drafted by the head of
Sunbelt's *Operations department*.
Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
2007-08-07: Here is the response we have received from this vendor:
[quote]
Sunbelt Software is committed to providing the strongest possible security
products to its customers, and we will be working to correct demonstrable
issues in the Sunbelt Personal Firewall. Users can expect these and other
continuing enhancements for the Sunbelt Personal Firewall in the near
future.
However, we have some reservations about personal firewall "leak testing"
in general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.
The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.
Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.
Finally, leak testing typically relies on simulator programs, the use of
which is widely discredited among respected anti-malware researchers -- and
for good reason. Simulators simply cannot approximate the actual behavior
of real malware in real world conditions. Furthermore, when simulators are
used for anti-malware testing, the testing process is almost unavoidably
tailored to fit the limitations of simulator instead of the complexity of
real world conditions. What gets lost is a sense for how the tested
products actually perform against live, kicking malware that exhibits
behavior too complex to be captured in narrowly designed simulators.
[/quote]
This is pretty eye-opening as well:
Firewall LeakTesting.
Excerpts:
Leo Laporte: "So the leaktest is kind of pointless."
Steve Gibson: "Well,yes,...
Leo: "So are you saying that there's no point in doing a leaktest anymore?"
Steve: "Well, it's why I have not taken the trouble to update mine, because
you..."
Leo: "You can't test enough".
Steve: "Well, yeah.
Leo: "Right. Very interesting stuff. I guess that - my sense is, if you
can't test for leaks, a software-based firewall is kind of essentially
worthless."
Read and/or listen to the entire conversation here:
http://www.grc.com/sn/SN-105.htm
Root Kit
>The firewall introduced with WinXP SP2 was only directed against attacks
>from outside but did not block anything from inside (this was considered
>as unecessary,
Not quite. Learn to distinguish between useful and practically doable.
>and claimed as such on this forum, ... untill, eventually,
>Vista introduced it, which demonstrates its usefulness...)
The outbound control of Vista is very different from the "application
outbound control" introduced by 3rd party FW's.
Vistas outbound control makes sense because it builds on the general
security enhancements of Vista. Outbound control on an XP platform as
a security measure against malware is still utter nonsense.
>- as a result, mots of us had to use 3d party firewalls to prortect our
>computers
You didn't have to. But you were tricked into believing so by FW
vendors and "security" hyper's.
> (I did so after seeing my unprotected WinXP computers so easily
>attacked ...).
This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.
Pre SP2, all you needed to do was turn the FW on, or even better -
shut down unnecessary network services, which MS unfortunately has a
bad habit of having running by default.
>I submit that MS should recognize that, because it introduced a decent
>firewall only recently, it has to respect those users who installed a 3d
>party firewal ... and have remained faithful to it.
You think MS should support security hype? You think MS should support
something they know is nonsense because they are well aware of the
shortcomings of its own OS?
Nunya Bidnits
As a rank and file home user with above average skills (but not an expert),
and as a person with marketing and PR experience, here's my impression:
MS and ZA both screwed up.
First, ZA is widely used. Second, MS should have, or could have known that
the July update would therefore have a broad negative impact. Third, *if* ZA
had enough advance warning to issue a corrective fix before the update, and
just knowingly and negligently chose to do so for no particular good reason,
double shame on them. But that does not really seem likely. However its
indisputable that the first two are true.
Both screwed up because:
MS did not make any effort to make the ZA problem known. The issue was not
discussed on the web page for the update, nor was there any other alert
associated with the update. Yet there is no way they were not aware of the
problem before pushing the update, unless they were negligent in their
preparations. Either way, bad on MS. They left average home users, the most
affected single group, completely utterly in the dark. Those users do not
usually know where to look, such as in these newsgroups, to find out about
such problems. And any more, since half of them use the scum-ridden Google
Groups, they could not access them anyway, MS having trashed their WWW
access.
ZA did a very very poor job of responding to the problem. It was a pain in
the neck for me to find out that it was a ZA problem at all. I knew enough
to uninstall the update, something many home users would not necessarily
think to do, or know how to do. Going back to a restore point, as many of
them did, is an excessively destructive solution.
When I tried to find the updates through the click point in the ZA software
"check for updates", repeatedly, N**none** were found. When I went to the
web pages suggested in these NGs for the fix, at the time I checked, the
links to the updates were not there. Several on these groups became
frustrated with me for asking repeatedly, but somehow they did not manage to
keep these links posted as they apparently kept making changes to the page.
Finally on hard refresh I found the links. Bad on ZA.
From now on I will not allow MS to install any updates automatically and
will check for problems for a few days before accepting them.
And due to this and other past avoidable ZA problems, plus information that
indicates their firewall is only marginally effective at best, I will move
on to a better firewall.
MartyB in KC
H.S.
> security enhancements of Vista. Outbound control on an XP platform as
> a security measure against malware is still utter nonsense.
>
I am not sure I understand the above statement. I am curious what it
really means. Could you please explain and give an example or two.
Thanks.
Leonard Grey
you like to see pictures from my last vacation? It was real fun until we
got lost...but that's a l-o-n-g story. It all started one day when the
sky was clear and the sun was bright...
---
Leonard Grey
Errare humanum est
Shenan Stanley
Conversation in entirety:
http://groups.google.com/group/microsoft.public.security/browse_frm/thread/f691e0bbe3886038/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
Comments in-line...
Nunya Bidnits wrote:
> As a rank and file home user with above average skills (but not an
> expert), and as a person with marketing and PR experience, here's
> my impression:
>
> MS and ZA both screwed up.
>
> First, ZA is widely used. Second, MS should have, or could have
> known that the July update would therefore have a broad negative
> impact. Third, *if* ZA had enough advance warning to issue a
> corrective fix before the update, and just knowingly and
> negligently chose to do so for no particular good reason, double
> shame on them. But that does not really seem likely. However its
> indisputable that the first two are true.
>
> Both screwed up because:
>
> MS did not make any effort to make the ZA problem known. The issue
> was not discussed on the web page for the update, nor was there any
> other alert associated with the update. Yet there is no way they
> were not aware of the problem before pushing the update, unless
> they were negligent in their preparations. Either way, bad on MS.
> They left average home users, the most affected single group,
> completely utterly in the dark. Those users do not usually know
> where to look, such as in these newsgroups, to find out about such
> problems. And any more, since half of them use the scum-ridden
> Google Groups, they could not access them anyway, MS having trashed
> their WWW access.
How would MS have known (as you state - before pushing the patch) that
somebody elses firewall application (created and supported by another
company) would have problems with this patch...? What are the limits in
what third-party things a company must test to ensure that fixing their own
product won't cause issues with someone elses product?
Also know that not *all versions* of Zone Alarm exhibit this issue with the
patch MS released. Older versions of ZA have been discussed elsewhere in
this very conversation with the people stating they have *not* experienced
any issues.
Your statement about "MS having thrashed their WWW access" - while it was
the patch that exasperated the issue - it was ZA (that particular version no
less (or so it seems)) that had to be modified to remedy the situation.
> ZA did a very very poor job of responding to the problem. It was a
> pain in the neck for me to find out that it was a ZA problem at
> all. I knew enough to uninstall the update, something many home
> users would not necessarily think to do, or know how to do. Going
> back to a restore point, as many of them did, is an excessively
> destructive solution.
ZA did jump on it fairly quickly - all things considered. They fixed it and
released the patch within two days and had work-arounds *I believe* the same
day that the patch was released.
> When I tried to find the updates through the click point in the ZA
> software "check for updates", repeatedly, N**none** were found.
> When I went to the web pages suggested in these NGs for the fix, at
> the time I checked, the links to the updates were not there.
> Several on these groups became frustrated with me for asking
> repeatedly, but somehow they did not manage to keep these links
> posted as they apparently kept making changes to the page. Finally
> on hard refresh I found the links. Bad on ZA.
Yes. Bad on ZA, but perhaps they were putting things up and realizing other
issues, taking them down, putting things back up, etc.
Then again - I did see that part of your discussion and every time I went to
the web page link during that time - the thing you were being told was
there - was there. Then you would answer that it was not - but I could
still see it. It is possible that something was awry on your computer(s) -
or it was cached, proxy, etc and not refreshed. *shrug*
> From now on I will not allow MS to install any updates
> automatically and will check for problems for a few days before
> accepting them.
For an educated person - that is always the wisest choice. Control your
data/stuff completely - only you know the nuances of it and what is/is not
important to you. Why anyone would do anything else is beyond me. ;-)
> And due to this and other past avoidable ZA problems, plus
> information that indicates their firewall is only marginally
> effective at best, I will move on to a better firewall.
The built-in Windows XP firewall (especially if you are also behind a NAT
router of some sort for any high-speed Internet you might have and keep you
AV/AS updated) is *more* than sufficient.
For _most_ home-users - anything more than what is built into Windows XP and
later (consumer OSes from Microsoft) is usually wasted space and time in
terms of 'firewall protection' - IMHO. Why add the complication(s) and
possible problem(s) (as demonstrated so well in this case) if there is no
logical reason to and especially if the home user probably would not be able
to fix it themselves in case of a problem.
H.S.
>
> ZA did a very very poor job of responding to the problem. It was a pain in
Totally agree with this.
> the neck for me to find out that it was a ZA problem at all. I knew enough
> to uninstall the update, something many home users would not necessarily
Yes, average home users were the most affected. I myself was seeing this
happen with my friends and relatives. No one knew what was going on.
Their internet connection was not working (ping worked, DSL worked) but
internet did not. Moreover, it appears like MS forced this update to its
customers somehow. Followed all the debugging steps I could but couldn't
find the problem, till I discovered the relevant threads here.
>
> From now on I will not allow MS to install any updates automatically and
> will check for problems for a few days before accepting them.
I myself follow this rule consistently.
> And due to this and other past avoidable ZA problems, plus information that
> indicates their firewall is only marginally effective at best, I will move
> on to a better firewall.
Totally agree with you here too. ZA is just not a personal firewall it
used to be till around a couple of years ago. It has become bloated and
resource hungry. Its uninstallation script is a total crap and leaves
clutter all over the registry (does not remove itself properly). And if
you ask this problem it is support forum, the "guru" posters (probably
on the pay roll) give a convoluted method whose prerequisite is that a
user should have the history of past versions of ZoneAlarm ever
installed on that computer! Who in the right mind thinks that an average
user is going to keep such data!?!? Looks like the ZA company people are
not in touch with ground reality from an average user's point.
All in all, ZA is not a professional piece of application. I am now
looking at Comodo and netdefender (this one is open source).
Shenan Stanley
Leonard Grey wrote:
> Is there perhaps something I can do to kill this worthless thread?
> Would you like to see pictures from my last vacation? It was real
> fun until we got lost...but that's a l-o-n-g story. It all started
> one day when the sky was clear and the sun was bright...
Yes.
Mark it as blocked with your newsreader or better yet - simply ignore it.
There is nothing compelling you (afaik) to read/respond to this particular
conversation anymore than the 100's of others in this newsgroup per day. It
is - most likely - a conscience choice on your part; and thus, completely
under your control. If so - your asking how to not interact with this
thread falls to your own will-power and skills - not anyone elses.
Using Thunderbird 2.0.0.14 (Windows/20080421)? You might look for help
here:
http://www.mozilla.org/support/thunderbird/
However - again - your best bet is to *ignore* what you don't want to read.
In this case that is fairly simple - the subject has not changed. Don't
open messages with that subject. Use a filter and don't even download them
maybe. ;-)
Nunya Bidnits
> <snipped>
> Conversation in entirety:
>
http://groups.google.com/group/microsoft.public.security/browse_frm/thread/f691e0bbe3886038/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
>
>
>
> Comments in-line...
>
> somebody elses firewall application (created and supported by another
> company) would have problems with this patch...? What are the limits
> in what third-party things a company must test to ensure that fixing
> their own product won't cause issues with someone elses product?
I said could have or should have known... and if they didn't test far enough
to check on a product that is widely used by their customers like ZA, shame
on them. At best, its negligent laziness.
>
--%<----
> Then again - I did see that part of your discussion and every time I
> went to the web page link during that time - the thing you were being
> told was there - was there. Then you would answer that it was not -
> but I could still see it. It is possible that something was awry on
> your computer(s) - or it was cached, proxy, etc and not refreshed.
> *shrug*
And how do you account for it being in my cache, if it never existed? Have
you ever seen a bug in Firfox that one single time only, clips a paragraph
from a web page, and never does it again? ... Neither have I. At some point
when they were diddling with that ZA update, clearly, someone let a version
of the page, called a workaround, on line that did not include the update.
After others insisted it was there, I did a hard refresh, then it turned up.
So it was as I said it was there, in the form I described, at one time, at
least for long enough for me to download it and get it into my browser
cache.... case closed.
---%<----
> For an educated person - that is always the wisest choice. Control
> your data/stuff completely - only you know the nuances of it and what
> is/is not important to you. Why anyone would do anything else is
> beyond me. ;-)
I tried to make the point that I was commenting as an everyday user. Realize
that many everyday users trust MS implicitly, and those home users are the
vast majority of MS OS customers, and not to consider their everyday usage
likelihoods was a failure by MS. Realize that the average person either
trusts MS to do the right thing, or does not trust themselves to know more
than MS, and therefore would never consider trying to control the updates
themselves. Personally, I just did it as convenience, since an MS update has
never caused me a problem in all these years. But nevermore.
>> And due to this and other past avoidable ZA problems, plus
>> information that indicates their firewall is only marginally
>> effective at best, I will move on to a better firewall.
>
> The built-in Windows XP firewall (especially if you are also behind a
> NAT router of some sort for any high-speed Internet you might have
> and keep you AV/AS updated) is *more* than sufficient.
Its all up to date. I'm using 2000P on one computer so there's no XP
firewall. That's the computer that was bitten. But I am not going to change
the OS on a perfectly functional computer just for a firewall, that's like
jumping out of a perfectly good airplane. So I am probably going to Comodo
2.4 unless someone can suggest something better.
>
> For _most_ home-users - anything more than what is built into Windows
> XP and later (consumer OSes from Microsoft) is usually wasted space
> and time in terms of 'firewall protection' - IMHO. Why add the
> complication(s) and possible problem(s) (as demonstrated so well in
> this case) if there is no logical reason to and especially if the
> home user probably would not be able to fix it themselves in case of
> a problem.
I would agree with you had not an older computer running the XP firewall
plus AV and other malware protection still been infected with unacceptable
trash, to the point that it ended up in the recycle bin, after being
cannibalized for parts.
For the record, my W2000P computer running ZA (now temporarily), SpyBot, and
AVG antivirus, and Firefox browser, has not been infected with anything
since I put it on line over a year ago. The only problem it's had is the MS
update for July.
I'm again speaking as a consumer, something I think deserves more attention
from MS when they make changes that are over the head of the average user.
It wasn't over my head, but then it wasn't just no problem either. From a PR
point of view, MS and ZA both *should* and *could* have known about this in
advance, and both *could* have put out a notice to that effect.
And note again from the average consumer point of view that most would not
know what to do once the browser was shut down, since they couldn't get to
the ZA update page, even if the ZA software's *check for update* feature had
actually found the update instead of saying there was none available.
Please give the average person a break. This whole MS/ZA/update hassle was
totally unnecessary and avoidable with just a little extra conscientious
effort.
MartyB in KC
Nunya Bidnits
Well said.
MBKC
Nunya Bidnits
> Zone Alarm is popular - but it is not (by far) the only option around
> (or that was around in many cases) and not everyone is running it as
> their third-party solution - which means there will be MANY different
> ones they would have to 'test' - and which versions (of each one) do
> you test? What are the limitation on how far back you test? After
> all - people are reporting in this very conversation that some older
> versions of Zone Alarm itself do not exhibit the issues of the
> version right before the patch to remedy this problem - which tells
> me that Zone Alarm didn't have this issue, did have this issue,
> doesn't have this issue again (if you just pretend the patch could
> have been released some time ago.)
Older versions of ZA also would not have had up to date protection profiles
installed. Not keeping security software up to date is operator error, IMO.
So being saved from a mistake by a mistake is a marginal victory at best,
eh?
MartyB in KC
ANONYMOUS
Joan Archer wrote:
> <lol> I just got rid of ZA <g>
>
> --
> Joan Archer
> http://www.freewebs.com/crossstitcher
> http://lachsoft.com/photogallery
>
You are a wise woman. To tell you the truth, I don't think there is any
need for third party firewall especially when you have got Windows XP's
firewall enabled (OR Vista's) and your Modem/Router has its own firewall.
From time to time, you will always have third party software conflict with
MS patches but this is all part and parcel of the game to protect you in
the long run.
Hope this helps.
ANONYMOUS
"PA Bear [MS MVP]" wrote:
> No, sorry. It's been a very long week...
>
your week would have been shorter had you not bothered to provide links to unnecessary third
party products which are an added extra to resources when one already has state of the art
FIREWALL provided by Microsoft and most brodband modems and routers have their own firewall
enabled by default.
I don't know why people bother with any other firewall which may or may not consume scarce
resource!
Kayman
> ...To tell you the truth, I don't think there is any
> need for third party firewall especially when you have got Windows XP's
> firewall enabled (OR Vista's) and your Modem/Router has its own firewall.
In addition I'd recommend disabling any unnecessary and potentially
dangerous Services.
Configure and adjust Services to suit your computing needs
Windows XP Service Pack 3 Service Configurations
http://www.blackviper.com/WinXP/servicecfg.htm
> From time to time, you will always have third party software conflict with
> MS patches but this is all part and parcel of the game to protect you in
> the long run.
Quite right!
Rick
Labs or Microsoft. It is the whole Internet--the problem does not go
away if you have KB951748 installed. The ISP's of the world have to fix
the problem too. Open DNS helps but, it is not the final solution either.
HEMI-Powered
some interesting thoughts expressed in this thread
--
HP, aka Jerry
"If it waddles like a duck and quacks like a duck, it must be a duck"
Raskewz
--
Stay Focused & Have Faith,Have Fun!
"Charles Lee" wrote:
> problems are now fixed with security update & ZA in ZoneAlarms latest
> update... all releases covered, from basic to the full suite
>
> Follow the link below, download new update version of ZA 70.483.000, and
> then download the security update KB 951748 afterwards.
> I have done all pc's on my home network... all back to normal....
> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
>
>
> "PA Bear [MS MVP]" <PABe...@gmail.com> wrote in message
> news:uexAfNp4...@TK2MSFTNGP03.phx.gbl...
> > [Crossposted to Windows Update, WinXP General, IE General, Security,
> > Security Home Users newsgroups]
> >
> > Resolution [was Workaround] for Sudden Loss of Internet Access Problem
> > http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
> > (revised multiple times since release on 08 July 2008)
> >
> > NB: Do NOT use Option #2 if at all possible! The vulnerability addressed
> > by KB951748 *is* a big deal! See
> > http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
> >
> > Want to consider other, more highly-rated firewalls?
> > http://www.matousec.com/projects/firewall-challenge/results.php
Root Kit
The windows platform was designed with usability in mind providing all
kinds of possibilities for e.g. inter-process communication. This
together with the very high probability that the user is running with
unrestricted rights makes it impossible to prevent malware allowed to
run and determined to by-pass any outbound "control" (which, of course
modern malware is) from doing so. It's simply too unreliable to
qualify as a security measure.
Malware must be stopped at the front door and *not* allowed to run
believing that its behavior can be somehow "controlled". In a
multi-purpose OS like windows with all programs running with
unrestricted rights, if program A can control program B, what prevents
program B from controlling program A (or C which A has already granted
permission for that matter)?
H.S.
Hence the rule that one should not be logged in with administrative
rights for day to day usage of Windows unless doing computer maintenance
tasks. Your reasoning above just proves that this makes perfect sense.
The users who are logged in with admin privileges and not *extremely*
careful about their browsing habits get what they ask for when their
computer is hosed due to malware.
On the other hand, if Windows demands that it be always run with admin
rights, it is just not designed properly then. But to be fair, I don't
think any sane person even at Redmond will suggest using Windows with
full admin rights always in today's internet world.
Root Kit
<hs.samRE...@google.com> wrote:
>Hence the rule that one should not be logged in with administrative
>rights for day to day usage of Windows unless doing computer maintenance
>tasks. Your reasoning above just proves that this makes perfect sense.
>The users who are logged in with admin privileges and not *extremely*
>careful about their browsing habits get what they ask for when their
>computer is hosed due to malware.
I'd like to clarify that there are tricks that still work perfectly
well for a malware running with restricted rights. It just rules out
some of the options.
Paul (Bornival)
> What would have been the 'thing to do' with all these variables in place, in
> your opinion?
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
I think that the obvious things that MS could have been doing, given the
known disruptive effect KB951748 could have had on Internet connections, are:
- making KB951748 NOTinstalling automatically and without warning (as it
occured to all of the computers I look after ... and which were all blocked
in succession until we discovered what was going on ...);
- to clealy state, during the installation procedure, that the user had to
check for potential incompatibilities with some firewals ... and to see
her/his administrator in case of doubt.
In our case, this would have prevented us from loosing several hours to
determine the cause of the problem...
Note: as result of this situation, all our computers are now set to no
longer automatically install Microsoft updates until these are tested on one
computer ... To some extent, MS killed it-self the process of automatic
updating...
Paul
>
>
>
Paul (Bornival)
"Root Kit" wrote:
I'll give a simple example where outbound control would have prevented what
was nearly a disaster. One of our computer was inadvertently infected by a
malware that used the Outlook address book of the user and start sending
e-mails to all addressees... If ZA would have been installed, this would not
have happened because it can be configured to block the sending of mass
e-mails. Outbound protection may not catch everythig and is not perfect, but
why not using it if you can ?
>
Paul (Bornival)
"Root Kit" wrote:
> On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival)
> <PaulBo...@discussions.microsoft.com> wrote:
> > (I did so after seeing my unprotected WinXP computers so easily
> >attacked ...).
>
> This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.
> Pre SP2, all you needed to do was turn the FW on, or even better -
> shut down unnecessary network services, which MS unfortunately has a
> bad habit of having running by default.
The sucessfull attacks on WinXP computers I was were before the introduction
of SP2. This was completely and effectively avoided after installing ZA.
When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
ZA was eventually easier to adjust to our needs. This is why I remained
faithfl to ZA (and I'm not the only one...). Note that turning off WinXP
network services was not possible (or largely unpractical) given our needs of
communication between computers.
Root Kit
<PaulBo...@discussions.microsoft.com> wrote:
>The sucessfull attacks on WinXP computers I was were before the introduction
>of SP2. This was completely and effectively avoided after installing ZA.
True - but could easily have been avoided by shutting down unnecessary
services, adding a simple packet filter or activating the build-in
one.
>When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
>ZA was eventually easier to adjust to our needs. This is why I remained
>faithfl to ZA (and I'm not the only one...).
I wonder what your needs are.
>Note that turning off WinXP network services was not possible (or largely
>unpractical) given our needs of communication between computers.
How do you expect ZA to protect services you need to make available?
Root Kit
<PaulBo...@discussions.microsoft.com> wrote:
>I'll give a simple example where outbound control would have prevented what
>was nearly a disaster.
Would have? - So it was a disaster?
>One of our computer was inadvertently infected by a
>malware that used the Outlook address book of the user and start sending
>e-mails to all addressees...
The key issue here is:
How did this malware get in? - and why was it allowed to run in the
first place? Because that part is security related. The rest is just
damage control based on blind luck.
> If ZA would have been installed, this would not
>have happened because it can be configured to block the sending of mass
>e-mails.
Sure. Unfortunately, it can be configured to do a lot of nonsense.
>Outbound protection may not catch everythig and is not perfect, but
>why not using it if you can ?
For the same reason you don't constantly wear a helmet just in case
someone drops something from an aero plane.
Outbound protection (host based) is not for free. It comes at a cost
which can be hard for layman to asses. The added system complexity of
installing a bunch of potentially vulnerable code of questionable
quality and functionality and the cons that follow from that, must be
weighed against the possible pros.
You make a computer secure by removing unnecessary stuff and fixing
what is broken - not by adding further potentially vulnerable code to
an already insecure code base.
Kayman
Educational reading (not only for Vista users).
CharlieG
computers affected. The FIRST PROBLEM is to FIX THAT. Without internet
connection I can't download any patches in any order. The ZoneAlarm fixes
don't work to reconnect to the internet.
This problem seems to affect MORE than they are admitting. I don't have the
KB951748 update installed and I'm still having trouble. Uninstalling
ZoneAlarm doesn't solve the problem either.
"PA Bear [MS MVP]" wrote:
H.S.
Using a computer with admin rights by an average Joe user is, well, not
a smart thing to do (being very polite here).
If an OS demands that its users run as admins all the time, the OS is
poorly designed.
ANONYMOUS
CharlieG wrote:
>Do these people not understand that we have NO internet access on the
>computers affected. The FIRST PROBLEM is to FIX THAT. Without internet
>connection I can't download any patches in any order. The ZoneAlarm fixes
>don't work to reconnect to the internet.
>
>This problem seems to affect MORE than they are admitting. I don't have the
>KB951748 update installed and I'm still having trouble. Uninstalling
>ZoneAlarm doesn't solve the problem either.
>
>
>
>
>>
>>
Get rid of ZoneAlarm completely because you don't need it for two reasons:
1) MS has already given you a free software based FIREWALL;
2) If you are using a broadband to connect to the net, then you must be
using a modem or a router which already has its own, harware based,
FIREWALL;
Now you don't need another firewall for the sake of it being given away
for free. There is no such thing as free lunch. What they have given
you is a software that is not capable of cohabiting with MS OS. You
have to decide whether you want to use another OS which works with
ZONEALARM or you simply stay with MS OS. The choice is yours.
Hope this helps.
Shenan Stanley
> Do these people not understand that we have NO internet access on
> the computers affected. The FIRST PROBLEM is to FIX THAT.
> Without internet connection I can't download any patches in any
> order. The ZoneAlarm fixes don't work to reconnect to the internet.
>
> This problem seems to affect MORE than they are admitting. I don't
> have the KB951748 update installed and I'm still having trouble.
> Uninstalling ZoneAlarm doesn't solve the problem either.
If you do not have the Microsoft patch (KB951748 ) installed nor do you have
Zone Alarm installed and you still cannot connect to the Internet - your
problem is certainly different and probably unrelated other than by
coincidental timing...?
Ron Badour
It appears there may be varying degrees of the connection problem since some
people (me included) could get internet access merely by changing the
settings on ZA and thus could download the fix which totally cured the
problem.
--
Regards
Ron Badour
MS MVP
Windows Desktop Experience
"CharlieG" <Char...@discussions.microsoft.com> wrote in message
news:5BBF7DB9-ADE2-4836...@microsoft.com...
Stinger
application is reviewed by the IT industry time and time again as a much
better product than Windows version of a firewall.
Meanwhile users of the Windows operating system suffer because of a decision
made by Microsoft to make this a update. Anyone else think they (MS) knew
this was going to happen besides myself?
Meanwhile, I sure do have a lot of new work on computers these days thanks
to this little gem.
"PA Bear [MS MVP]" wrote:
> So Windows must be compatible with ZA and any other third-party application,
> not the other way around?
>
> Get real.
>
>
> xxexbushpig wrote:
> > Well it might have been a "dimbulb" (which is a great new word BTW), but
> > it
> > wasn't as big a dimbulb as the Microsoft person who issued the KB951748
> > update that screwed up millions of people!
>
>
CharlieG
I think you are right. I have been able to disable ZoneAlarm on two
machines and when I uninstalled 748 internet connection was restored. But on
a third machine I don't have 748 installed, but I do have 749 and even
UNINSTALLING ZoneAlarm I am still not able to get internet reestablished.
There were 5 MS updates installed at the same time on this machine:
0749, 1698, 823-v3, 760 1376-v2, and 0762 Should I uninstall ALL of those?
If I should try one at a time what is the order of the ones to be removed?
In response to another post here if two computers go out at the same time it
might be coincidence, but if both of those have a software problem and both
have the same software installed that is creating the problem ..........
Thanks
Shenan Stanley
> Do these people not understand that we have NO internet access on
> the computers affected. The FIRST PROBLEM is to FIX THAT.
> Without internet connection I can't download any patches in any
> order. The ZoneAlarm fixes don't work to reconnect to the internet.
>
> This problem seems to affect MORE than they are admitting. I don't
> have the KB951748 update installed and I'm still having trouble.
> Uninstalling ZoneAlarm doesn't solve the problem either.
Ron Badour wrote:
> It appears there may be varying degrees of the connection problem
> since some people (me included) could get internet access merely by
> changing the settings on ZA and thus could download the fix which
> totally cured the problem.
CharlieG wrote:
> I think you are right. I have been able to disable ZoneAlarm on two
> machines and when I uninstalled 748 internet connection was
> restored. But on a third machine I don't have 748 installed, but I
> do have 749 and even UNINSTALLING ZoneAlarm I am still not able to
> get internet reestablished. There were 5 MS updates installed at
> the same time on this machine:
>
> 0749, 1698, 823-v3, 760 1376-v2, and 0762 Should I uninstall ALL of
> those? If I should try one at a time what is the order of the ones
> to be removed?
>
> In response to another post here if two computers go out at the
> same time it might be coincidence, but if both of those have a
> software problem and both have the same software installed that is
> creating the problem ..........
However - you inferred only a single machine in your original posting. You
made no explicit mention of multiple machines in your case. I pretty much
would ignore coincidence if two computers get the same changes and both have
the same problem. Especially if I can test a third system without the
changes and everything is fine.
Yes - general troubleshooting always seem to start the same way...
1) List things that changed between 'things working as expected' and 'things
not working as expected'.
2) Remove the changes and revert to pre-change state.
** If the problem disappears - continue this line of troubleshooting...
** If the problem does not disappear - either you missed a change or the
removal did not complete OR the problem is unrelated to the changes.
3) Perform the changes you just undid one at a time - checking for the
problem you are trying to resolve after each trial. (In the case of a
computer - reboot a couple of times to ensure the change is complete.)
* Do not rush into it - perform ONE change at a time and reboot - be
consistent and diligent.
Ken Blake, MVP
<Char...@discussions.microsoft.com> wrote:
> Do these people not understand that we have NO internet access on the
> computers affected. The FIRST PROBLEM is to FIX THAT. Without internet
> connection I can't download any patches in any order.
You can fix that easily in any of three ways:
1. Lower the settings in ZA temporarily (not a great idea, in my view,
but it works. I prefer the other choices)
2. Turn off ZA temporarily (long enough to download the new version)
and use the Windows firewall instead.
3. Download the new version of ZA on a friend's computer and bring it
to yours on a CD.
> The ZoneAlarm fixes
> don't work to reconnect to the internet.
>
> This problem seems to affect MORE than they are admitting. I don't have the
> KB951748 update installed and I'm still having trouble. Uninstalling
> ZoneAlarm doesn't solve the problem either.
>
>
>
>
> "PA Bear [MS MVP]" wrote:
>
> > [Crossposted to Windows Update, WinXP General, IE General, Security,
> > Security Home Users newsgroups]
> >
> > Resolution [was Workaround] for Sudden Loss of Internet Access Problem
> > http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
> > (revised multiple times since release on 08 July 2008)
> >
> > NB: Do NOT use Option #2 if at all possible! The vulnerability addressed by
> > KB951748 *is* a big deal! See
> > http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
> >
> > Want to consider other, more highly-rated firewalls?
> > http://www.matousec.com/projects/firewall-challenge/results.php
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > AumHa VSOP & Admin http://aumha.net
> > DTS-L http://dts-l.net/
> >
> >
--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup
CharlieG
the answer.
Another poster seems concerned about me turning off ZoneAlarm. But on this
FINAL machine with problems I uninstalled ZoneAlarm completely so that is NOT
a consideration.
Shenan Stanley
Shenan Stanley wrote:
> However - you inferred only a single machine in your original
> posting. You made no explicit mention of multiple machines in your
> case. I pretty much would ignore coincidence if two computers get
> the same changes and both have the same problem. Especially if I
> can test a third system without the changes and everything is fine.
>
> Yes - general troubleshooting always seem to start the same way...
>
> 1) List things that changed between 'things working as expected'
> and 'things not working as expected'.
> 2) Remove the changes and revert to pre-change state.
>
> ** If the problem disappears - continue this line of
> troubleshooting...
> ** If the problem does not disappear - either you missed a change
> or the removal did not complete OR the problem is unrelated to the
> changes.
>
> 3) Perform the changes you just undid one at a time - checking for
> the problem you are trying to resolve after each trial. (In the
> case of a computer - reboot a couple of times to ensure the change
> is complete.) * Do not rush into it - perform ONE change at a time
> and reboot - be consistent and diligent.
CharlieG wrote:
> I see how you could reach that assumption. I was afraid that this
> would be the answer.
>
> Another poster seems concerned about me turning off ZoneAlarm. But
> on this FINAL machine with problems I uninstalled ZoneAlarm
> completely so that is NOT a consideration.
So Zone Alarm is *uninstalled* and all the patches released/installed this
month are uninstalled on this Windows XP (Professional, Home, Media Center,
Tablet PC or x64?) with Service Pack (2 or 3?) machine and you are not
getting any network traffic?
Tried...?
Start button --> RUN --> type in...
CMD /K NETSH FIREWALL RESET
--> Click on OK.
Also...
Start button --> RUN --> type in...
NETSH DIAG GUI
--> Click on OK. --> Scan your system.
You may also want to uninstall your network card hardware device driver and
reboot (allowing it to reinstall.)
Root Kit
Agreed.
>If an OS demands that its users run as admins all the time, the OS is
>poorly designed.
Indeed. Windows doesn't demand that. Anyway, due to the installation
defaults prior to Vista, many *programs* are badly designed - assuming
the user has admin rights.
Kayman
> No offense PA Bear, but that's a pretty arrogate attitude if that 3rd party
> application is reviewed by the IT industry time and time again as a much
> better product than Windows version of a firewall.
>
> Meanwhile users of the Windows operating system suffer because of a decision
> made by Microsoft to make this a update. Anyone else think they (MS) knew
> this was going to happen besides myself?
>
You're very poorly informed. Can't you read threads in its entirety or do
you have a problem relating to comprehension abilities? It seems you're
just another pisser.
Kayman
> I see how you could reach that assumption. I was afraid that this would be
> the answer.
>
> Another poster seems concerned about me turning off ZoneAlarm. But on this
> FINAL machine with problems I uninstalled ZoneAlarm completely so that is NOT
> a consideration.
For a complete removal try this:
http://zonealarm.donhoover.net/uninstall.html
PA Bear [MS MVP]
WinXP) is a one-way (incoming) firewall.
Does the average SOHO user need an outgoing firewall? Maybe, maybe not.
But since you brought up reviews of "better products," take a look at
http://www.matousec.com/projects/firewall-challenge/results.php. Your
opinion of ZA may not be the same after you do so.
Stinger wrote:
> No offense PA Bear, but that's a pretty arrogate attitude if that 3rd
> party
> application is reviewed by the IT industry time and time again as a much
> better product than Windows version of a firewall...