FIX for ZoneAlarm & KB951748 issue released

Discussion in 'Windows Update' started by PA Bear [MS MVP], Jul 10, 2008.

  1. PA Bear [MS MVP]

    H.S. Guest

    Totally agree with this.
    Yes, average home users were the most affected. I myself was seeing this
    happen with my friends and relatives. No one knew what was going on.
    Their internet connection was not working (ping worked, DSL worked) but
    internet did not. Moreover, it appears like MS forced this update to its
    customers somehow. Followed all the debugging steps I could but couldn't
    find the problem, till I discovered the relevant threads here.


    I myself follow this rule consistently.

    Totally agree with you here too. ZA is just not a personal firewall it
    used to be till around a couple of years ago. It has become bloated and
    resource hungry. Its uninstallation script is a total crap and leaves
    clutter all over the registry (does not remove itself properly). And if
    you ask this problem it is support forum, the "guru" posters (probably
    on the pay roll) give a convoluted method whose prerequisite is that a
    user should have the history of past versions of ZoneAlarm ever
    installed on that computer! Who in the right mind thinks that an average
    user is going to keep such data!?!? Looks like the ZA company people are
    not in touch with ground reality from an average user's point.

    All in all, ZA is not a professional piece of application. I am now
    looking at Comodo and netdefender (this one is open source).
     
    H.S., Jul 14, 2008
    #61
    1. Advertisements

  2. <snipped>

    Yes.

    Mark it as blocked with your newsreader or better yet - simply ignore it.

    There is nothing compelling you (afaik) to read/respond to this particular
    conversation anymore than the 100's of others in this newsgroup per day. It
    is - most likely - a conscience choice on your part; and thus, completely
    under your control. If so - your asking how to not interact with this
    thread falls to your own will-power and skills - not anyone elses.

    Using Thunderbird 2.0.0.14 (Windows/20080421)? You might look for help
    here:
    http://www.mozilla.org/support/thunderbird/

    However - again - your best bet is to *ignore* what you don't want to read.
    In this case that is fairly simple - the subject has not changed. Don't
    open messages with that subject. Use a filter and don't even download them
    maybe. ;-)
     
    Shenan Stanley, Jul 14, 2008
    #62
    1. Advertisements

  3. I said could have or should have known... and if they didn't test far enough
    to check on a product that is widely used by their customers like ZA, shame
    on them. At best, its negligent laziness.
    And how do you account for it being in my cache, if it never existed? Have
    you ever seen a bug in Firfox that one single time only, clips a paragraph
    from a web page, and never does it again? ... Neither have I. At some point
    when they were diddling with that ZA update, clearly, someone let a version
    of the page, called a workaround, on line that did not include the update.
    After others insisted it was there, I did a hard refresh, then it turned up.
    So it was as I said it was there, in the form I described, at one time, at
    least for long enough for me to download it and get it into my browser
    cache.... case closed.

    ---%<----
    I tried to make the point that I was commenting as an everyday user. Realize
    that many everyday users trust MS implicitly, and those home users are the
    vast majority of MS OS customers, and not to consider their everyday usage
    likelihoods was a failure by MS. Realize that the average person either
    trusts MS to do the right thing, or does not trust themselves to know more
    than MS, and therefore would never consider trying to control the updates
    themselves. Personally, I just did it as convenience, since an MS update has
    never caused me a problem in all these years. But nevermore.
    Its all up to date. I'm using 2000P on one computer so there's no XP
    firewall. That's the computer that was bitten. But I am not going to change
    the OS on a perfectly functional computer just for a firewall, that's like
    jumping out of a perfectly good airplane. So I am probably going to Comodo
    2.4 unless someone can suggest something better.
    I would agree with you had not an older computer running the XP firewall
    plus AV and other malware protection still been infected with unacceptable
    trash, to the point that it ended up in the recycle bin, after being
    cannibalized for parts.

    For the record, my W2000P computer running ZA (now temporarily), SpyBot, and
    AVG antivirus, and Firefox browser, has not been infected with anything
    since I put it on line over a year ago. The only problem it's had is the MS
    update for July.

    I'm again speaking as a consumer, something I think deserves more attention
    from MS when they make changes that are over the head of the average user.
    It wasn't over my head, but then it wasn't just no problem either. From a PR
    point of view, MS and ZA both *should* and *could* have known about this in
    advance, and both *could* have put out a notice to that effect.

    And note again from the average consumer point of view that most would not
    know what to do once the browser was shut down, since they couldn't get to
    the ZA update page, even if the ZA software's *check for update* feature had
    actually found the update instead of saying there was none available.

    Please give the average person a break. This whole MS/ZA/update hassle was
    totally unnecessary and avoidable with just a little extra conscientious
    effort.

    MartyB in KC
     
    Nunya Bidnits, Jul 14, 2008
    #63
  4. Well said.

    MBKC
     
    Nunya Bidnits, Jul 14, 2008
    #64
  5. Older versions of ZA also would not have had up to date protection profiles
    installed. Not keeping security software up to date is operator error, IMO.
    So being saved from a mistake by a mistake is a marginal victory at best,
    eh?

    MartyB in KC
     
    Nunya Bidnits, Jul 14, 2008
    #65
  6. PA Bear [MS MVP]

    ANONYMOUS Guest

    You are a wise woman. To tell you the truth, I don't think there is any
    need for third party firewall especially when you have got Windows XP's
    firewall enabled (OR Vista's) and your Modem/Router has its own firewall.

    From time to time, you will always have third party software conflict with
    MS patches but this is all part and parcel of the game to protect you in
    the long run.

    Hope this helps.
     
    ANONYMOUS, Jul 14, 2008
    #66
  7. PA Bear [MS MVP]

    ANONYMOUS Guest

    your week would have been shorter had you not bothered to provide links to unnecessary third
    party products which are an added extra to resources when one already has state of the art
    FIREWALL provided by Microsoft and most brodband modems and routers have their own firewall
    enabled by default.

    I don't know why people bother with any other firewall which may or may not consume scarce
    resource!
     
    ANONYMOUS, Jul 14, 2008
    #67
  8. PA Bear [MS MVP]

    Kayman Guest

    In addition I'd recommend disabling any unnecessary and potentially
    dangerous Services.
    Configure and adjust Services to suit your computing needs
    Windows XP Service Pack 3 Service Configurations
    http://www.blackviper.com/WinXP/servicecfg.htm
    Quite right!
     
    Kayman, Jul 15, 2008
    #68
  9. PA Bear [MS MVP]

    Rick Guest

    I do not think that you have grasped the problem here it is not Zone
    Labs or Microsoft. It is the whole Internet--the problem does not go
    away if you have KB951748 installed. The ISP's of the world have to fix
    the problem too. Open DNS helps but, it is not the final solution either.

    --

    Rick
    Fargo, ND
    N 46°53'251"
    W 096°48'279"

    Remember the USS Liberty
    http://www.ussliberty.org/
     
    Rick, Jul 15, 2008
    #69
  10. PA Bear [MS MVP]

    Raskewz Guest

    --
    Stay Focused & Have Faith,Have Fun!


     
    Raskewz, Jul 15, 2008
    #70
  11. PA Bear [MS MVP]

    Root Kit Guest

    The windows platform was designed with usability in mind providing all
    kinds of possibilities for e.g. inter-process communication. This
    together with the very high probability that the user is running with
    unrestricted rights makes it impossible to prevent malware allowed to
    run and determined to by-pass any outbound "control" (which, of course
    modern malware is) from doing so. It's simply too unreliable to
    qualify as a security measure.

    Malware must be stopped at the front door and *not* allowed to run
    believing that its behavior can be somehow "controlled". In a
    multi-purpose OS like windows with all programs running with
    unrestricted rights, if program A can control program B, what prevents
    program B from controlling program A (or C which A has already granted
    permission for that matter)?
     
    Root Kit, Jul 15, 2008
    #71
  12. PA Bear [MS MVP]

    H.S. Guest

    Hence the rule that one should not be logged in with administrative
    rights for day to day usage of Windows unless doing computer maintenance
    tasks. Your reasoning above just proves that this makes perfect sense.
    The users who are logged in with admin privileges and not *extremely*
    careful about their browsing habits get what they ask for when their
    computer is hosed due to malware.

    On the other hand, if Windows demands that it be always run with admin
    rights, it is just not designed properly then. But to be fair, I don't
    think any sane person even at Redmond will suggest using Windows with
    full admin rights always in today's internet world.
     
    H.S., Jul 15, 2008
    #72
  13. PA Bear [MS MVP]

    Root Kit Guest

    I'd like to clarify that there are tricks that still work perfectly
    well for a malware running with restricted rights. It just rules out
    some of the options.
     
    Root Kit, Jul 16, 2008
    #73
  14. :

    I think that the obvious things that MS could have been doing, given the
    known disruptive effect KB951748 could have had on Internet connections, are:
    - making KB951748 NOTinstalling automatically and without warning (as it
    occured to all of the computers I look after ... and which were all blocked
    in succession until we discovered what was going on ...);
    - to clealy state, during the installation procedure, that the user had to
    check for potential incompatibilities with some firewals ... and to see
    her/his administrator in case of doubt.

    In our case, this would have prevented us from loosing several hours to
    determine the cause of the problem...

    Note: as result of this situation, all our computers are now set to no
    longer automatically install Microsoft updates until these are tested on one
    computer ... To some extent, MS killed it-self the process of automatic
    updating...

    Paul
     
    Paul (Bornival), Jul 16, 2008
    #74
  15. I'll give a simple example where outbound control would have prevented what
    was nearly a disaster. One of our computer was inadvertently infected by a
    malware that used the Outlook address book of the user and start sending
    e-mails to all addressees... If ZA would have been installed, this would not
    have happened because it can be configured to block the sending of mass
    e-mails. Outbound protection may not catch everythig and is not perfect, but
    why not using it if you can ?
     
    Paul (Bornival), Jul 16, 2008
    #75
  16. The sucessfull attacks on WinXP computers I was were before the introduction
    of SP2. This was completely and effectively avoided after installing ZA.
    When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
    ZA was eventually easier to adjust to our needs. This is why I remained
    faithfl to ZA (and I'm not the only one...). Note that turning off WinXP
    network services was not possible (or largely unpractical) given our needs of
    communication between computers.
     
    Paul (Bornival), Jul 16, 2008
    #76
  17. PA Bear [MS MVP]

    Root Kit Guest

    True - but could easily have been avoided by shutting down unnecessary
    services, adding a simple packet filter or activating the build-in
    one.
    I wonder what your needs are.
    How do you expect ZA to protect services you need to make available?
     
    Root Kit, Jul 16, 2008
    #77
  18. PA Bear [MS MVP]

    Root Kit Guest

    Would have? - So it was a disaster?
    The key issue here is:

    How did this malware get in? - and why was it allowed to run in the
    first place? Because that part is security related. The rest is just
    damage control based on blind luck.
    Sure. Unfortunately, it can be configured to do a lot of nonsense.
    For the same reason you don't constantly wear a helmet just in case
    someone drops something from an aero plane.

    Outbound protection (host based) is not for free. It comes at a cost
    which can be hard for layman to asses. The added system complexity of
    installing a bunch of potentially vulnerable code of questionable
    quality and functionality and the cons that follow from that, must be
    weighed against the possible pros.

    You make a computer secure by removing unnecessary stuff and fixing
    what is broken - not by adding further potentially vulnerable code to
    an already insecure code base.
     
    Root Kit, Jul 16, 2008
    #78
  19. PA Bear [MS MVP]

    Kayman Guest

    Educational reading (not only for Vista users).

    Managing the Windows Vista Firewall
    http://technet.microsoft.com/en-us/magazine/cc510323.aspx
     
    Kayman, Jul 16, 2008
    #79
  20. PA Bear [MS MVP]

    CharlieG Guest

    Do these people not understand that we have NO internet access on the
    computers affected. The FIRST PROBLEM is to FIX THAT. Without internet
    connection I can't download any patches in any order. The ZoneAlarm fixes
    don't work to reconnect to the internet.

    This problem seems to affect MORE than they are admitting. I don't have the
    KB951748 update installed and I'm still having trouble. Uninstalling
    ZoneAlarm doesn't solve the problem either.
     
    CharlieG, Jul 16, 2008
    #80
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.