FIX for ZoneAlarm & KB951748 issue released

Discussion in 'Windows Update' started by PA Bear [MS MVP], Jul 10, 2008.

  1. I have been experiencing problems with my internet
    "All week" meaning since you installed KB951748, KB951978, and the Malicious
    Software Removal Tool on or shortly after 08 July 2008?

    When did you install WinXP SP3? Was AVG running in the background when you
    installed SP3? Do you only experience such issues after resuming from
    Standby or Hibernation?

    You've told us that ZoneAlarm isn't installed. Is another third-party
    firewall installed or are you using the Windows Firewall?

    Has a Norton or McAfee application ever been installed on the machine?

    Lastly, if you uninstall "Security Update for Windows XP (KB951748)" via
    Add/Remove Programs & reboot, does the behavior persist?

    PS: Please tell me which newsgroup you're using to view and reply to this
    thread. I'd prefer that we discontinue the unnecessary crossposting.
     
    PA Bear [MS MVP], Jul 12, 2008
    #41
    1. Advertisements

  2. <snipped>
    I am going respond because you decided to literally side-step the question
    and just dis-like some specific company instead of making a logical argument
    based in reality.

    If you do not answer - that is your choice. However - if you don't
    respond - my thought is you could not come up with a logical, non-biased
    argument *not* based on anything specific and/or you will respond with
    another seemingly personal attack.

    This is nothing personal - this has nothing to do with you or your business
    practices. You have somehow decided to attack me personally and what you
    feel is my personal belief system instead of what I presented as the reality
    of the situation from almost all situations like this.

    If you were to buy a chevrolet vehicle and modify some part with a third
    party product and chevrolet did a recall and the recall/replacement part
    made your modification either not work or caused you to be unable to do
    something else (like close the hood, etc) - whose responsibility is it to
    fix it?

    If you had a whirlpool dishwasher and you bought a third party utensil
    basket that was larger but still fit the door and then they
    recalled/replaced the door on the unit for some reason and their replacement
    was larger and thus you could no longer close the door and latch it with
    your third party utensil basket in it - whose responsibility is it to fix
    it?


    So please - if you can - present your case in a generalized form. Be
    realistic. See the examples I gave above and tell me if I am not correct in
    my assumptions on who would be responsible in those cases.

    Please - don't take this as some personal attack - it is not. Please do not
    make it into a personal attack, as it seems to me you have already somewhat
    by assuming my presentation is anything more than the way things usually
    work - and how it makes sense to me.

    This is supposed to be a discussion on why you believe if someone buys
    something, modifies it, gets a replacement/upgrade/fixed part from the
    original manufacturer of the original item that makes their third party part
    fail/invalid - that the original manufacturer of the original part should
    have known/tested for that and/or have been the one to remedy the
    situation... And not the way I presented where the third party part
    manufacturer and/or the end-user themselves have to take responsibility for
    the fact their old part (the way it is at that point) has issues that need
    to be resolved to work with the now-fixed original part. I

    f you believe the way you have presented - that is fine - but *why* - what
    is the actual basis beyond a 'good feeling' - or is that it?

    If - however - you do not consider the entirety of the posting (as you seem
    to have done previously) - please consider at least the following
    question(s).

    Please explain - quite simply - why it is the original manufacturer's place
    to make sure every third-party change possible (including personal
    modifications not published to the public, perhaps) will work with every
    modification they deem as critical to their original product - which is the
    only thing they are actually responsible for?

    Are you saying that if you sell something (whatever you sell) and the person
    modifies it before bringing it back and they bring it back to fix something
    that would not have occurred if they had not modified it - you will take
    responsibility for what they did (what they added/modified) and fix the
    problem the third party modification caused for them at no charge?
     
    Shenan Stanley, Jul 12, 2008
    #42
    1. Advertisements

  3. PA Bear [MS MVP]

    Phyllis Guest

    I am using microsoft.public.security in my Outlook Express to view/reply.

    Problem started first part of the week after Windows Updates and AVG update.

    Don't remember date of SP3 install, was right after it became available and
    I got update notification from Automatic Updates. Usually when I first open
    Internet Explorer I get this box that says "no internet connection
    available, do you want to work offline or retry." When I click retry it
    connects right up. My wireless connection doesn't connect at startup and if
    I do manage to get it connected it drops during standby.

    I use Windows Firewall, but have recently had Zone Alarms but didn't like
    some things about it and uninstalled via Add/Remove programs. I have run a
    search and did not find any files associated with Zone Alarms on my
    computer. I have also had Norton Internet Security during 2006 and 2007.

    I did a system restore yesterday and told Automatic Updates to not show me
    KB951748 and KB951978 again. I did install the Malicious Software Tool.
    Problem remains. I am wondering if maybe my internet provider may have been
    messing with it trying to resolve this problem themselves. I believe it was
    on Zone Alarms forum that I read where internet providers were having to
    make corrections to their servers too. Don't know if that is correct or
    not. I have read so much today, I can hardly remember my name at this
    point. I have it all connected right now and has been working fine for the
    last couple of hours. Don't know what is going on.
     
    Phyllis, Jul 12, 2008
    #43
  4. PA Bear [MS MVP]

    V Green Guest

    Shenan:

    After reading links to the info regarding
    ZA's "slow on the uptake" response to an issue that
    they were supposedly notified of (I did not have this
    info until recently) I realize that I may have been in
    error to bash MS specifically on this issue. My bad
    for that.

    If ZA didn't code around an impending update that they
    knew about, that's a whole different thing.
    That's it. That's all. 50 years of good feelings. Works
    for me. You should try it. You might like it.
     
    V Green, Jul 13, 2008
    #44
  5. I've noticed a slower virus scan with the new ZA. I'm heading over
    to the Zone Alarm User Forum, and suggest you do the same.
    It isn't connected to the OS AFAIK. Before we take this offtopic
    discussion out of here, though, I'd suggest scheduling your scan
    for something like 01:00, as I do. Unless of course that's when
    you do your work.
     
    Anthony Buckland, Jul 13, 2008
    #45
  6. I have more good feelings than most and have plenty of people (because of
    those good feelings) who would come to me before anyone else for many
    things - but that doesn't address the question at all really - you didn't
    answer the main question...

    ---
    Are you saying that if you sell something (whatever you sell) and the person
    modifies it before bringing it back and they bring it back to fix something
    that would not have occurred if they had not modified it - you will take
    responsibility for what they did (what they added/modified) and fix the
    problem the third party modification caused for them at no charge?
     
    Shenan Stanley, Jul 13, 2008
    #46
  7. PA Bear [MS MVP]

    V Green Guest

    Yes.

    Your analogy doesn't apply to the kind of business
    I am in, but I would do that. Take responsibility, no, but
    that's not necessary to fix the problem and make the customer
    happy.

    Chide them about it, yes, probably.

    And I would only do it once for that individual.

    And as part of the "repair" process, I would inform them that
    if they did it again (same customer, same "modification")
    I would probably charge them.

    Ya gotta have limits.
     
    V Green, Jul 13, 2008
    #47
  8. PA Bear [MS MVP]

    Kayman Guest

    You're such a Pisser, V Green!
     
    Kayman, Jul 13, 2008
    #48
  9. <snipped>
    Conversation in entirety:
    http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af



    I appreciate the answer.

    If you fix a problem that the customer obviously could not fix (if they
    could, they would not have come to you) and the cause is obviously something
    they did with some modification - you have taken responsibility from them,
    taken on the problem, accepted what caused it was not you, etc.

    You can say it's not your "fault" - but by actually putting effort into it
    and fixing it - you have taken on the _responsibility_ to 'make it right'.
    By not charging for said service - are saying that, "although the _fault_ is
    not mine - I am doing this for you" --> which is taking on the
    responsibility. (Not the *fault* mind you - but the responsibility has been
    transferred.)

    You don't have to take the 'blame' to take the 'responsibility'. It's like
    bailing someone out of prison in a way. You take responsibility by handing
    over your money, but not the blame for the crime.

    *shrug*

    Thanks again for answering.
     
    Shenan Stanley, Jul 13, 2008
    #49
  10. PA Bear [MS MVP]

    Leonard Grey Guest

    I am so glad I didn't get involved with this thread!
     
    Leonard Grey, Jul 13, 2008
    #50
  11. For some reason the older ZoneAlarm like the classic 4.5.594 is not
    affected. Why is that? The 4.5 is smaller and less resource hog too.
     
    Lars-Erik Østerud, Jul 14, 2008
    #51
  12. Hi, everyone,

    This thread has seen a very "active" discusssion about the mutual
    responsibilities of MS and ZA for the "loss of Internet access" disaster
    linked to the issue of KB951748.

    For sure, the DNS issue was known by the main software manufacturerers much
    before July 8th, and ZA could have been more proactive.

    However, the argument that MS can change its software "ex abrubto" and put
    the culprit on 3d party software in case of problems (because, for ZA, the 3d
    party has modified a core component of its system) needs to be re-examined.
    Indeed,

    - the main reason why people adopted ZA firewall (or other 3d party
    firewalls) is because neither Win95/98/ME or WinXP (before SP2) had any
    protection in this context (more about that on
    http://en.wikipedia.org/wiki/Windows_Firewall). The firewall introduced with
    WinXP SP2 was only directed against attacks from outside but did not block
    anything from inside (this was considered as unecessary, and claimed as such
    on this forum, ... untill, eventually, Vista introduced it, which
    demonstrates its usefulness...)

    - as a result, mots of us had to use 3d party firewalls to prortect our
    computers (I did so after seeing my unprotected WinXP computers so easily
    attacked ...).

    I submit that MS should recognize that, because it introduced a decent
    firewall only recently, it has to respect those users who installed a 3d
    party firewal ... and have remained faithful to it.

    Although, stricto sensu, MS is not obliged to take into consideration all 3d
    party sofware when thay make chnages that may affect the users of such
    software, they could have been more prudent in this case.

    In a broader context, MS built its success (vs. Apple) by making an OS on
    which 3d parties could buid their own applications. Ignoring this now (and
    stating that they have "nothing to do with 3d party software") may well cause
    important problems, and the demise of MS in the future. In ancient Rome,
    people said "Jupiter blinds those who he will kill" and "The Tarpeian rock is
    close to the Capitol". In this particular case, I'm afraid that MS was
    blind... even if it was technically and legally right, and has forgotten
    that falling from the Capitol hill is easier than climbing it.
     
    Paul (Bornival), Jul 14, 2008
    #52
  13. PA Bear [MS MVP]

    Rick Guest

    Actually the DNS hole was newly discovered to say that software
    developers knew about this "much before July 8" is not accurate. What
    is of much more concern is ISP's have that same hole. It has been
    suggested that Open DNS offers protection but I would be much more
    concerned about the ISP hole that the one on the pc.
    --

    Rick
    Fargo, ND
    N 46°53'251"
    W 096°48'279"

    Remember the USS Liberty
    http://www.ussliberty.org/
     
    Rick, Jul 14, 2008
    #53
  14. Just because Vista has something does not 'demonstrate its usefulness' - it
    merely demonstrates good marketing... If the people want it - throw it in
    there... Even if most of those people do not understand what it really
    does/doesn't do. (AERO is far from 'useful' - and it is in Vista.)
    Some people do/did not (even without any SP, SP1, SP1a) run a third party
    firewall. Many of those ran/run fine.

    SP2 was released in 2004. It is 2008 and SP3 has since bveen released.
    Four years is a long time not to reflect on your security options if someone
    was concerned at one time enough to get a free firewall solution in the
    past - in my opinion. (Some people still run some pretty old versions of
    whatever free software they may have chosen - some may even run software
    from manufacturers that do not exist any longer...)
    Respect it - okay - agreed.

    Research every one of them to see if they will cause problems - even those
    that have since disappeared into the ether and are still ran by people
    because they never bothered to get anything else, etc?

    Zone Alarm is popular - but it is not (by far) the only option around (or
    that was around in many cases) and not everyone is running it as their
    third-party solution - which means there will be MANY different ones they
    would have to 'test' - and which versions (of each one) do you test? What
    are the limitation on how far back you test? After all - people are
    reporting in this very conversation that some older versions of Zone Alarm
    itself do not exhibit the issues of the version right before the patch to
    remedy this problem - which tells me that Zone Alarm didn't have this issue,
    did have this issue, doesn't have this issue again (if you just pretend the
    patch could have been released some time ago.)
    How? In what way? See my above query...

    What limitations do you put on testing other people's software to make sure
    when you patch yours it doesn't cause some particular version of some
    particular software to break something overall?
    Interesting. I did enjoy reading that. Maybe Microsoft will cause its own
    downfall - and maybe that is not a bad thing.

    However - I am still unsure what you are expecting someone in a position
    such as this one to have done differently.

    There are obviously still people running much older versions of the software
    that is mentioned in the subject of this posting and those people are not
    having issues (according to their responses in this very conversation and
    elsewhere.) There are people running other third party software that does
    similar/the same thing as the software mentioned in the subject of this
    posting and they are not having trouble. I have seen sporadic postings
    lately (one to three) of people running brand-new similar software from
    another (large) manufacturer supposedly having similar issues.

    What would have been the 'thing to do' with all these variables in place, in
    your opinion?
     
    Shenan Stanley, Jul 14, 2008
    #54
  15. PA Bear [MS MVP]

    Kayman Guest

    Quite right! And this really should be the end of the story!
    ZA had sufficient time to address this issue.
    It was essential to utilize a 3rd party firewall application prior
    WindowsNT (which incidentally applies also to Registry Cleaners). After the
    introduction of NT the in-build firewall made 3rd party applications
    superfluous, which obviously wasn't well received by the makers of these
    software.
    A 3rd party apps. wouldn't have saved you; Especially ZA!
    The decent firewall was introduced by MSFT with the introduction of NT. It
    is, compared to the existing 3rd party apps., a "more honest" and superior
    and product. The reason for most users chosing 3rd party applications is
    the relentless hype and scare mongering tactics created by the makers of
    these software. In terms of security 'outbound control' is utter nonsense!
    Again, ZA had sufficient time to act accordingly. Others did, didn't they?
    <snipped irrelevant analogy>

    Educational reading re outbound control:
    PFW Criticism.
    http://en.wikipedia.org/wiki/Personal_firewall#Criticisms

    Why your firewall sucks.
    http://tooleaky.zensoft.com/
    "But I quickly realized the truth: The added protection provided by
    outbound filtering is entirely illusory."

    At Least This Snake Oil Is Free.
    http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx

    Deconstructing Common Security Myths.
    http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
    Scroll down to:
    "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

    Exploring the windows Firewall.
    http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
    "Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the
    impression of improving your security without doing anything that actually
    does improve your security."

    Read in its entirety:
    Managing the Windows Vista Firewall
    http://technet.microsoft.com/en-us/magazine/cc510323.aspx

    Apropos hype:
    Go to...
    http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

    ....and follow all the hype created by Sunbelt's *Marketing Department*.

    Then read in...
    Windows Personal Firewall Analysis

    http://www.matousec.com/projects/wi...ysis/leak-tests-results.php#firewalls-ratings

    ....a more realistic view which obviously was drafted by the head of
    Sunbelt's *Operations department*.

    Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall

    2007-08-07: Here is the response we have received from this vendor:

    This is pretty eye-opening as well:

    Firewall LeakTesting.
    Excerpts:
    Leo Laporte: "So the leaktest is kind of pointless."
    Steve Gibson: "Well,yes,...
    Leo: "So are you saying that there's no point in doing a leaktest anymore?"
    Steve: "Well, it's why I have not taken the trouble to update mine, because
    you..."
    Leo: "You can't test enough".
    Steve: "Well, yeah.
    Leo: "Right. Very interesting stuff. I guess that - my sense is, if you
    can't test for leaks, a software-based firewall is kind of essentially
    worthless."

    Read and/or listen to the entire conversation here:
    http://www.grc.com/sn/SN-105.htm
     
    Kayman, Jul 14, 2008
    #55
  16. PA Bear [MS MVP]

    Root Kit Guest

    Not quite. Learn to distinguish between useful and practically doable.
    The outbound control of Vista is very different from the "application
    outbound control" introduced by 3rd party FW's.

    Vistas outbound control makes sense because it builds on the general
    security enhancements of Vista. Outbound control on an XP platform as
    a security measure against malware is still utter nonsense.
    You didn't have to. But you were tricked into believing so by FW
    vendors and "security" hyper's.
    This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.
    Pre SP2, all you needed to do was turn the FW on, or even better -
    shut down unnecessary network services, which MS unfortunately has a
    bad habit of having running by default.
    You think MS should support security hype? You think MS should support
    something they know is nonsense because they are well aware of the
    shortcomings of its own OS?
     
    Root Kit, Jul 14, 2008
    #56
  17. PA Bear [MS MVP]

    H.S. Guest

    I am not sure I understand the above statement. I am curious what it
    really means. Could you please explain and give an example or two.

    Thanks.
     
    H.S., Jul 14, 2008
    #57
  18. As a rank and file home user with above average skills (but not an expert),
    and as a person with marketing and PR experience, here's my impression:

    MS and ZA both screwed up.

    First, ZA is widely used. Second, MS should have, or could have known that
    the July update would therefore have a broad negative impact. Third, *if* ZA
    had enough advance warning to issue a corrective fix before the update, and
    just knowingly and negligently chose to do so for no particular good reason,
    double shame on them. But that does not really seem likely. However its
    indisputable that the first two are true.

    Both screwed up because:

    MS did not make any effort to make the ZA problem known. The issue was not
    discussed on the web page for the update, nor was there any other alert
    associated with the update. Yet there is no way they were not aware of the
    problem before pushing the update, unless they were negligent in their
    preparations. Either way, bad on MS. They left average home users, the most
    affected single group, completely utterly in the dark. Those users do not
    usually know where to look, such as in these newsgroups, to find out about
    such problems. And any more, since half of them use the scum-ridden Google
    Groups, they could not access them anyway, MS having trashed their WWW
    access.

    ZA did a very very poor job of responding to the problem. It was a pain in
    the neck for me to find out that it was a ZA problem at all. I knew enough
    to uninstall the update, something many home users would not necessarily
    think to do, or know how to do. Going back to a restore point, as many of
    them did, is an excessively destructive solution.

    When I tried to find the updates through the click point in the ZA software
    "check for updates", repeatedly, N**none** were found. When I went to the
    web pages suggested in these NGs for the fix, at the time I checked, the
    links to the updates were not there. Several on these groups became
    frustrated with me for asking repeatedly, but somehow they did not manage to
    keep these links posted as they apparently kept making changes to the page.
    Finally on hard refresh I found the links. Bad on ZA.

    From now on I will not allow MS to install any updates automatically and
    will check for problems for a few days before accepting them.

    And due to this and other past avoidable ZA problems, plus information that
    indicates their firewall is only marginally effective at best, I will move
    on to a better firewall.

    MartyB in KC
     
    Nunya Bidnits, Jul 14, 2008
    #58
  19. PA Bear [MS MVP]

    Leonard Grey Guest

    Is there perhaps something I can do to kill this worthless thread? Would
    you like to see pictures from my last vacation? It was real fun until we
    got lost...but that's a l-o-n-g story. It all started one day when the
    sky was clear and the sun was bright...
     
    Leonard Grey, Jul 14, 2008
    #59
  20. <snipped>
    Conversation in entirety:
    http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af



    Comments in-line...

    How would MS have known (as you state - before pushing the patch) that
    somebody elses firewall application (created and supported by another
    company) would have problems with this patch...? What are the limits in
    what third-party things a company must test to ensure that fixing their own
    product won't cause issues with someone elses product?

    Also know that not *all versions* of Zone Alarm exhibit this issue with the
    patch MS released. Older versions of ZA have been discussed elsewhere in
    this very conversation with the people stating they have *not* experienced
    any issues.

    Your statement about "MS having thrashed their WWW access" - while it was
    the patch that exasperated the issue - it was ZA (that particular version no
    less (or so it seems)) that had to be modified to remedy the situation.
    ZA did jump on it fairly quickly - all things considered. They fixed it and
    released the patch within two days and had work-arounds *I believe* the same
    day that the patch was released.
    Yes. Bad on ZA, but perhaps they were putting things up and realizing other
    issues, taking them down, putting things back up, etc.

    Then again - I did see that part of your discussion and every time I went to
    the web page link during that time - the thing you were being told was
    there - was there. Then you would answer that it was not - but I could
    still see it. It is possible that something was awry on your computer(s) -
    or it was cached, proxy, etc and not refreshed. *shrug*
    For an educated person - that is always the wisest choice. Control your
    data/stuff completely - only you know the nuances of it and what is/is not
    important to you. Why anyone would do anything else is beyond me. ;-)
    The built-in Windows XP firewall (especially if you are also behind a NAT
    router of some sort for any high-speed Internet you might have and keep you
    AV/AS updated) is *more* than sufficient.

    For _most_ home-users - anything more than what is built into Windows XP and
    later (consumer OSes from Microsoft) is usually wasted space and time in
    terms of 'firewall protection' - IMHO. Why add the complication(s) and
    possible problem(s) (as demonstrated so well in this case) if there is no
    logical reason to and especially if the home user probably would not be able
    to fix it themselves in case of a problem.
     
    Shenan Stanley, Jul 14, 2008
    #60
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.