FIX for ZoneAlarm & KB951748 issue released

Discussion in 'Windows Update' started by PA Bear [MS MVP], Jul 10, 2008.

  1. PA Bear [MS MVP]

    Root Kit Guest

    The quickest way to regain Internet access, said the company, is to
    uninstall the security update tagged as KB951748 using Windows' Add or
    Remove Programs utility. Alternately, users could tweak ZoneAlarm's
    firewall settings or reduce the security level of the machine.

    How responsible.....

    "We filter network traffic at the kernel, where malware can't avoid
    us," said James Grant, a ZoneAlarm team lead. "If you filter traffic
    in user mode, malware can see what we're doing."

    Yearh, right. As if malware wouldn't compromise the kernel as well....

    The problem notwithstanding, she defended kernel hooking. "It's
    undocumented, but it's in widespread use. Every major security vendor
    makes use of it," said Yecies.

    So does any serious malware writer....

    "This isn't about finger-pointing," said Yecies, when asked which
    company was responsible for the snafu, ZoneAlarm or Microsoft. When
    pressed, however, she acknowledged that Microsoft should have caught
    the problem before issuing its security update.

    Yearh, right. "Don't make changes to your kernel without making sure
    we didn't mess with it.".....
    Root Kit, Jul 22, 2008
    1. Advertisements

  2. PA Bear [MS MVP]

    Kerry Brown Guest

    At this point some versions of Zone Alarm barfed. I don't use Zone Alarm

    It looks like this may not be quite the whole story. There are conflicting
    reports about exactly what caused Zone Alarm to barf. Some stories say it
    was Zone Alarm's heuristics causing the problem. Others say the update broke
    the way Zone Alarm uses unsupported methods to hack the kernel. Zone Alarm
    hasn't commented officially that I can find. It doesn't really change
    anything. It's merely a technical point of interest. The fault lays with
    Zone Alarm if either reason is the cause.
    Kerry Brown, Jul 22, 2008
    1. Advertisements

  3. Well ... if the user isn't an administrator, it won't. But what it *can* do is
    hook itself into a program that's already allowed access, like your web browser.

    Harry Johnston [MVP], Jul 23, 2008
  4. PA Bear [MS MVP]

    Root Kit Guest

    That's correct. Unless the firewall is so badly designed it allows the
    malware to exploit it to gain SYSTEM credentials, that is.

    But unfortunately running as administrator is what the vast majority
    of windows users do.
    Root Kit, Jul 23, 2008
  5. PA Bear [MS MVP]

    Kayman Guest

    That is sadly true!
    A timely reminder and friendly advice for all the lurkers out there running
    on WinXP, please take notice :)
    The most dependable defenses are:
    1. Do not work as Administrator; For day-to-day work routinely use a
    Limited User Account (LUA).
    2. Secure (Harden) your operating system.
    3. Don't expose services to public networks.
    4. Keep your operating (OS) system (and all software on it)updated/patched.
    (Got SP3 yet?).
    5. Reconsider the usage of IE and OE.
    5a.Secure (Harden) Internet Explorer.
    6. Review your installed 3rd party software applications/utilities; Remove
    clutter, *including* 3rd party software personal (so-called) firewall
    application (PFW) - the one which claims: "It can stop/control malicious
    outbound traffic".
    7. If on dial-up Internet connection, activate the build-in firewall and
    configure Windows not to use TCP/IP as transport protocol for NetBIOS,
    SMB and RPC, thus leaving TCP/UDP ports 135,137-139 and 445 (the most
    exploited Windows networking weak point) closed.
    7a.If on high-speed Internet connection use a router.
    For the average homeuser it is suggested blocking both TCP and UDP ports
    135 ~ 139 and 445 on the router and implement countermeasures against
    8. Routinely practice Safe-Hex.

    Also, ensure you do:
    a. Regularly back-up data/files.
    b. Familiarize yourself with crash recovery tools and re-installing your
    operating system (OS).
    b. Utilize a good-quality real-time anti-virus application and some vital
    system monitoring utilities/applications.
    c. Keep abreast of the latest developments.

    And finally:
    Most computer magazines and/or (computer) specialized websites are *biased*
    i.e. heavely weighted towards the (advertisement) dollar almighty!
    a. Don't fall for software applications touted in publications relying on
    advertisement revenue.
    b. Do take their *test-results* of various software with a *considerable*
    amount of salt...!
    c. ...Which also applies to their *investigative* test reports related to
    any software applications.
    d. Investigate claims made by software manufacturer *prior* downloading
    their software; Specialized Newsgroups and/or Fora are a great way to
    find out the 'nitty-gritties'.

    Wanna know details? Go ahead and ask :)
    Kayman, Jul 23, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.