FIX for ZoneAlarm & KB951748 issue released

July 13, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

I am so glad I didn't get involved with this thread!

---

Leonard Grey

Errare humanum est

Shenan Stanley wrote:

> V Green wrote:

>> That's it. That's all. 50 years of good feelings. Works

>> for me. You should try it. You might like it.

>

> I have more good feelings than most and have plenty of people (because of

> those good feelings) who would come to me before anyone else for many

> things - but that doesn't address the question at all really - you didn't

> answer the main question...

>

> ---

> Are you saying that if you sell something (whatever you sell) and the person

> modifies it before bringing it back and they bring it back to fix something

> that would not have occurred if they had not modified it - you will take

> responsibility for what they did (what they added/modified) and fix the

> problem the third party modification caused for them at no charge?

> ---

>

> (And assume this is not family, not friend, a pure customer that you have no

> interest in making more than a loyal customer - and think about their other

> choices, etc.)

>

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Charles Lee wrote:

> problems are now fixed with security update & ZA in ZoneAlarms latest

> update... all releases covered, from basic to the full suite

For some reason the older ZoneAlarm like the classic 4.5.594 is not

affected. Why is that? The 4.5 is smaller and less resource hog too.

--

Lars-Erik - http://www.osterud.name - ICQ 7297605

Test my Firefox tweaks: http://firefox.osterud.name

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Hi, everyone,

This thread has seen a very "active" discusssion about the mutual

responsibilities of MS and ZA for the "loss of Internet access" disaster

linked to the issue of KB951748.

For sure, the DNS issue was known by the main software manufacturerers much

before July 8th, and ZA could have been more proactive.

However, the argument that MS can change its software "ex abrubto" and put

the culprit on 3d party software in case of problems (because, for ZA, the 3d

party has modified a core component of its system) needs to be re-examined.

Indeed,

- the main reason why people adopted ZA firewall (or other 3d party

firewalls) is because neither Win95/98/ME or WinXP (before SP2) had any

protection in this context (more about that on

http://en.wikipedia.org/wiki/Windows_Firewall). The firewall introduced with

WinXP SP2 was only directed against attacks from outside but did not block

anything from inside (this was considered as unecessary, and claimed as such

on this forum, ... untill, eventually, Vista introduced it, which

demonstrates its usefulness...)

- as a result, mots of us had to use 3d party firewalls to prortect our

computers (I did so after seeing my unprotected WinXP computers so easily

attacked ...).

I submit that MS should recognize that, because it introduced a decent

firewall only recently, it has to respect those users who installed a 3d

party firewal ... and have remained faithful to it.

Although, stricto sensu, MS is not obliged to take into consideration all 3d

party sofware when thay make chnages that may affect the users of such

software, they could have been more prudent in this case.

In a broader context, MS built its success (vs. Apple) by making an OS on

which 3d parties could buid their own applications. Ignoring this now (and

stating that they have "nothing to do with 3d party software") may well cause

important problems, and the demise of MS in the future. In ancient Rome,

people said "Jupiter blinds those who he will kill" and "The Tarpeian rock is

close to the Capitol". In this particular case, I'm afraid that MS was

blind... even if it was technically and legally right, and has forgotten

that falling from the Capitol hill is easier than climbing it.

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Paul (Bornival) wrote:

> Hi, everyone,

>

> This thread has seen a very "active" discusssion about the mutual

> responsibilities of MS and ZA for the "loss of Internet access" disaster

> linked to the issue of KB951748.

>

> For sure, the DNS issue was known by the main software manufacturerers much

> before July 8th, and ZA could have been more proactive.

>

> However, the argument that MS can change its software "ex abrubto" and put

> the culprit on 3d party software in case of problems (because, for ZA, the 3d

> party has modified a core component of its system) needs to be re-examined.

> Indeed,

>

> - the main reason why people adopted ZA firewall (or other 3d party

> firewalls) is because neither Win95/98/ME or WinXP (before SP2) had any

> protection in this context (more about that on

> http://en.wikipedia.org/wiki/Windows_Firewall). The firewall introduced with

> WinXP SP2 was only directed against attacks from outside but did not block

> anything from inside (this was considered as unecessary, and claimed as such

> on this forum, ... untill, eventually, Vista introduced it, which

> demonstrates its usefulness...)

>

> - as a result, mots of us had to use 3d party firewalls to prortect our

> computers (I did so after seeing my unprotected WinXP computers so easily

> attacked ...).

>

> I submit that MS should recognize that, because it introduced a decent

> firewall only recently, it has to respect those users who installed a 3d

> party firewal ... and have remained faithful to it.

>

> Although, stricto sensu, MS is not obliged to take into consideration all 3d

> party sofware when thay make chnages that may affect the users of such

> software, they could have been more prudent in this case.

>

> In a broader context, MS built its success (vs. Apple) by making an OS on

> which 3d parties could buid their own applications. Ignoring this now (and

> stating that they have "nothing to do with 3d party software") may well cause

> important problems, and the demise of MS in the future. In ancient Rome,

> people said "Jupiter blinds those who he will kill" and "The Tarpeian rock is

> close to the Capitol". In this particular case, I'm afraid that MS was

> blind... even if it was technically and legally right, and has forgotten

> that falling from the Capitol hill is easier than climbing it.

>

Actually the DNS hole was newly discovered to say that software

developers knew about this "much before July 8" is not accurate. What

is of much more concern is ISP's have that same hole. It has been

suggested that Open DNS offers protection but I would be much more

concerned about the ISP hole that the one on the pc.

--

Rick

Fargo, ND

N 46°53'251"

W 096°48'279"

Remember the USS Liberty

http://www.ussliberty.org/

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Paul (Bornival) wrote:

> This thread has seen a very "active" discusssion about the mutual

> responsibilities of MS and ZA for the "loss of Internet access"

> disaster linked to the issue of KB951748.

>

> For sure, the DNS issue was known by the main software

> manufacturerers much before July 8th, and ZA could have been more

> proactive.

>

> However, the argument that MS can change its software "ex abrubto"

> and put the culprit on 3d party software in case of problems

> (because, for ZA, the 3d party has modified a core component of its

> system) needs to be re-examined. Indeed,

>

> - the main reason why people adopted ZA firewall (or other 3d party

> firewalls) is because neither Win95/98/ME or WinXP (before SP2) had

> any protection in this context (more about that on

> http://en.wikipedia.org/wiki/Windows_Firewall). The firewall

> introduced with WinXP SP2 was only directed against attacks from

> outside but did not block anything from inside (this was

> considered as unecessary, and claimed as such on this forum, ...

> untill, eventually, Vista introduced it, which demonstrates its

> usefulness...)

Just because Vista has something does not 'demonstrate its usefulness' - it

merely demonstrates good marketing... If the people want it - throw it in

there... Even if most of those people do not understand what it really

does/doesn't do. (AERO is far from 'useful' - and it is in Vista.)

> - as a result, mots of us had to use 3d party firewalls to prortect

> our computers (I did so after seeing my unprotected WinXP computers

> so easily attacked ...)

Some people do/did not (even without any SP, SP1, SP1a) run a third party

firewall. Many of those ran/run fine.

SP2 was released in 2004. It is 2008 and SP3 has since bveen released.

Four years is a long time not to reflect on your security options if someone

was concerned at one time enough to get a free firewall solution in the

past - in my opinion. (Some people still run some pretty old versions of

whatever free software they may have chosen - some may even run software

from manufacturers that do not exist any longer...)

> I submit that MS should recognize that, because it introduced a

> decent firewall only recently, it has to respect those users who

> installed a 3d party firewal ... and have remained faithful to it.

Respect it - okay - agreed.

Research every one of them to see if they will cause problems - even those

that have since disappeared into the ether and are still ran by people

because they never bothered to get anything else, etc?

Zone Alarm is popular - but it is not (by far) the only option around (or

that was around in many cases) and not everyone is running it as their

third-party solution - which means there will be MANY different ones they

would have to 'test' - and which versions (of each one) do you test? What

are the limitation on how far back you test? After all - people are

reporting in this very conversation that some older versions of Zone Alarm

itself do not exhibit the issues of the version right before the patch to

remedy this problem - which tells me that Zone Alarm didn't have this issue,

did have this issue, doesn't have this issue again (if you just pretend the

patch could have been released some time ago.)

> Although, stricto sensu, MS is not obliged to take into

> consideration all 3d party sofware when thay make chnages that may

> affect the users of such software, they could have been more

> prudent in this case.

How? In what way? See my above query...

What limitations do you put on testing other people's software to make sure

when you patch yours it doesn't cause some particular version of some

particular software to break something overall?

> In a broader context, MS built its success (vs. Apple) by making an

> OS on which 3d parties could buid their own applications. Ignoring

> this now (and stating that they have "nothing to do with 3d party

> software") may well cause important problems, and the demise of MS

> in the future. In ancient Rome, people said "Jupiter blinds those

> who he will kill" and "The Tarpeian rock is close to the Capitol".

> In this particular case, I'm afraid that MS was blind... even if

> it was technically and legally right, and has forgotten that

> falling from the Capitol hill is easier than climbing it.

Interesting. I did enjoy reading that. Maybe Microsoft will cause its own

downfall - and maybe that is not a bad thing.

However - I am still unsure what you are expecting someone in a position

such as this one to have done differently.

There are obviously still people running much older versions of the software

that is mentioned in the subject of this posting and those people are not

having issues (according to their responses in this very conversation and

elsewhere.) There are people running other third party software that does

similar/the same thing as the software mentioned in the subject of this

posting and they are not having trouble. I have seen sporadic postings

lately (one to three) of people running brand-new similar software from

another (large) manufacturer supposedly having similar issues.

What would have been the 'thing to do' with all these variables in place, in

your opinion?

--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival) wrote:

> Hi, everyone,

>

> This thread has seen a very "active" discusssion about the mutual

> responsibilities of MS and ZA for the "loss of Internet access" disaster

> linked to the issue of KB951748.

>

> For sure, the DNS issue was known by the main software manufacturerers much

> before July 8th, and ZA could have been more proactive.

Quite right! And this really should be the end of the story!

> However, the argument that MS can change its software "ex abrubto" and put

> the culprit on 3d party software in case of problems (because, for ZA, the 3d

> party has modified a core component of its system) needs to be re-examined.

> Indeed,

ZA had sufficient time to address this issue.

> - the main reason why people adopted ZA firewall (or other 3d party

> firewalls) is because neither Win95/98/ME or WinXP (before SP2) had any

> protection in this context (more about that on

> http://en.wikipedia.org/wiki/Windows_Firewall). The firewall introduced with

> WinXP SP2 was only directed against attacks from outside but did not block

> anything from inside (this was considered as unecessary, and claimed as such

> on this forum, ... untill, eventually, Vista introduced it, which

> demonstrates its usefulness...)

It was essential to utilize a 3rd party firewall application prior

WindowsNT (which incidentally applies also to Registry Cleaners). After the

introduction of NT the in-build firewall made 3rd party applications

superfluous, which obviously wasn't well received by the makers of these

software.

> - as a result, mots of us had to use 3d party firewalls to prortect our

> computers (I did so after seeing my unprotected WinXP computers so easily

> attacked ...).

A 3rd party apps. wouldn't have saved you; Especially ZA!

> I submit that MS should recognize that, because it introduced a decent

> firewall only recently, it has to respect those users who installed a 3d

> party firewal ... and have remained faithful to it.

The decent firewall was introduced by MSFT with the introduction of NT. It

is, compared to the existing 3rd party apps., a "more honest" and superior

and product. The reason for most users chosing 3rd party applications is

the relentless hype and scare mongering tactics created by the makers of

these software. In terms of security 'outbound control' is utter nonsense!

> Although, stricto sensu, MS is not obliged to take into consideration all 3d

> party sofware when thay make chnages that may affect the users of such

> software, they could have been more prudent in this case.

Again, ZA had sufficient time to act accordingly. Others did, didn't they?

> In a broader context,

Educational reading re outbound control:

PFW Criticism.

http://en.wikipedia.org/wiki/Personal_firewall#Criticisms

Why your firewall sucks.

http://tooleaky.zensoft.com/

"But I quickly realized the truth: The added protection provided by

outbound filtering is entirely illusory."

At Least This Snake Oil Is Free.

http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx

Deconstructing Common Security Myths.

http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx

Scroll down to:

"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

Exploring the windows Firewall.

http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx

"Outbound protection is security theater¡Xit¡¦s a gimmick that only gives the

impression of improving your security without doing anything that actually

does improve your security."

Read in its entirety:

Managing the Windows Vista Firewall

http://technet.microsoft.com/en-us/magazine/cc510323.aspx

Apropos hype:

Go to...

http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

....and follow all the hype created by Sunbelt's *Marketing Department*.

Still use the free Windows XP firewall?
Unfortunately, this gives you a false sense of security. It only protects
incoming traffic. But outgoing traffic, with your credit card info, social
security number, bank accounts, passwords and other confidential
information is not protected. The WinXP firewall will let it all go out.
But... SPF will block that data if you buy the FULL version! You absolutely
need a better, commercial-grade firewall.

Then read in...

Windows Personal Firewall Analysis

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings

....a more realistic view which obviously was drafted by the head of

Sunbelt's *Operations department*.

Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall

2007-08-07: Here is the response we have received from this vendor:

Sunbelt Software is committed to providing the strongest possible security
products to its customers, and we will be working to correct demonstrable
issues in the Sunbelt Personal Firewall. Users can expect these and other
continuing enhancements for the Sunbelt Personal Firewall in the near
future.

However, we have some reservations about personal firewall "leak testing"
in general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.

The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.

Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.

Finally, leak testing typically relies on simulator programs, the use of
which is widely discredited among respected anti-malware researchers -- and
for good reason. Simulators simply cannot approximate the actual behavior
of real malware in real world conditions. Furthermore, when simulators are
used for anti-malware testing, the testing process is almost unavoidably
tailored to fit the limitations of simulator instead of the complexity of
real world conditions. What gets lost is a sense for how the tested
products actually perform against live, kicking malware that exhibits
behavior too complex to be captured in narrowly designed simulators.

This is pretty eye-opening as well:

Firewall LeakTesting.

Excerpts:

Leo Laporte: "So the leaktest is kind of pointless."

Steve Gibson: "Well,yes,...

Leo: "So are you saying that there's no point in doing a leaktest anymore?"

Steve: "Well, it's why I have not taken the trouble to update mine, because

you..."

Leo: "You can't test enough".

Steve: "Well, yeah.

Leo: "Right. Very interesting stuff. I guess that - my sense is, if you

can't test for leaks, a software-based firewall is kind of essentially

worthless."

Read and/or listen to the entire conversation here:

http://www.grc.com/sn/SN-105.htm

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival)

<PaulBornival@discussions.microsoft.com> wrote:

>The firewall introduced with WinXP SP2 was only directed against attacks

>from outside but did not block anything from inside (this was considered

>as unecessary,

Not quite. Learn to distinguish between useful and practically doable.

>and claimed as such on this forum, ... untill, eventually,

>Vista introduced it, which demonstrates its usefulness...)

The outbound control of Vista is very different from the "application

outbound control" introduced by 3rd party FW's.

Vistas outbound control makes sense because it builds on the general

security enhancements of Vista. Outbound control on an XP platform as

a security measure against malware is still utter nonsense.

>- as a result, mots of us had to use 3d party firewalls to prortect our

>computers

You didn't have to. But you were tricked into believing so by FW

vendors and "security" hyper's.

> (I did so after seeing my unprotected WinXP computers so easily

>attacked ...).

This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.

Pre SP2, all you needed to do was turn the FW on, or even better -

shut down unnecessary network services, which MS unfortunately has a

bad habit of having running by default.

>I submit that MS should recognize that, because it introduced a decent

>firewall only recently, it has to respect those users who installed a 3d

>party firewal ... and have remained faithful to it.

You think MS should support security hype? You think MS should support

something they know is nonsense because they are well aware of the

shortcomings of its own OS?

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Root Kit wrote:

> security enhancements of Vista. Outbound control on an XP platform as

> a security measure against malware is still utter nonsense.

>

I am not sure I understand the above statement. I am curious what it

really means. Could you please explain and give an example or two.

Thanks.

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Leonard Grey wrote:

> I am so glad I didn't get involved with this thread!

>

> ---

> Leonard Grey

> Errare humanum est

>

> Shenan Stanley wrote:

>> V Green wrote:

>>> That's it. That's all. 50 years of good feelings. Works

>>> for me. You should try it. You might like it.

>>

>> I have more good feelings than most and have plenty of people

>> (because of those good feelings) who would come to me before anyone

>> else for many things - but that doesn't address the question at all

>> really - you didn't answer the main question...

>>

>> ---

>> Are you saying that if you sell something (whatever you sell) and

>> the person modifies it before bringing it back and they bring it

>> back to fix something that would not have occurred if they had not

>> modified it - you will take responsibility for what they did (what

>> they added/modified) and fix the problem the third party

>> modification caused for them at no charge? ---

>>

>> (And assume this is not family, not friend, a pure customer that you

>> have no interest in making more than a loyal customer - and think

>> about their other choices, etc.)

As a rank and file home user with above average skills (but not an expert),

and as a person with marketing and PR experience, here's my impression:

MS and ZA both screwed up.

First, ZA is widely used. Second, MS should have, or could have known that

the July update would therefore have a broad negative impact. Third, *if* ZA

had enough advance warning to issue a corrective fix before the update, and

just knowingly and negligently chose to do so for no particular good reason,

double shame on them. But that does not really seem likely. However its

indisputable that the first two are true.

Both screwed up because:

MS did not make any effort to make the ZA problem known. The issue was not

discussed on the web page for the update, nor was there any other alert

associated with the update. Yet there is no way they were not aware of the

problem before pushing the update, unless they were negligent in their

preparations. Either way, bad on MS. They left average home users, the most

affected single group, completely utterly in the dark. Those users do not

usually know where to look, such as in these newsgroups, to find out about

such problems. And any more, since half of them use the scum-ridden Google

Groups, they could not access them anyway, MS having trashed their WWW

access.

ZA did a very very poor job of responding to the problem. It was a pain in

the neck for me to find out that it was a ZA problem at all. I knew enough

to uninstall the update, something many home users would not necessarily

think to do, or know how to do. Going back to a restore point, as many of

them did, is an excessively destructive solution.

When I tried to find the updates through the click point in the ZA software

"check for updates", repeatedly, N**none** were found. When I went to the

web pages suggested in these NGs for the fix, at the time I checked, the

links to the updates were not there. Several on these groups became

frustrated with me for asking repeatedly, but somehow they did not manage to

keep these links posted as they apparently kept making changes to the page.

Finally on hard refresh I found the links. Bad on ZA.

From now on I will not allow MS to install any updates automatically and

will check for problems for a few days before accepting them.

And due to this and other past avoidable ZA problems, plus information that

indicates their firewall is only marginally effective at best, I will move

on to a better firewall.

MartyB in KC

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Is there perhaps something I can do to kill this worthless thread? Would

you like to see pictures from my last vacation? It was real fun until we

got lost...but that's a l-o-n-g story. It all started one day when the

sky was clear and the sun was bright...

---

Leonard Grey

Errare humanum est

Nunya Bidnits wrote:

> Leonard Grey wrote:

>> I am so glad I didn't get involved with this thread!

>>

>> ---

>> Leonard Grey

>> Errare humanum est

>>

>> Shenan Stanley wrote:

>>> V Green wrote:

>>>> That's it. That's all. 50 years of good feelings. Works

>>>> for me. You should try it. You might like it.

>>> I have more good feelings than most and have plenty of people

>>> (because of those good feelings) who would come to me before anyone

>>> else for many things - but that doesn't address the question at all

>>> really - you didn't answer the main question...

>>>

>>> ---

>>> Are you saying that if you sell something (whatever you sell) and

>>> the person modifies it before bringing it back and they bring it

>>> back to fix something that would not have occurred if they had not

>>> modified it - you will take responsibility for what they did (what

>>> they added/modified) and fix the problem the third party

>>> modification caused for them at no charge? ---

>>>

>>> (And assume this is not family, not friend, a pure customer that you

>>> have no interest in making more than a loyal customer - and think

>>> about their other choices, etc.)

>

> As a rank and file home user with above average skills (but not an expert),

> and as a person with marketing and PR experience, here's my impression:

>

> MS and ZA both screwed up.

>

> First, ZA is widely used. Second, MS should have, or could have known that

> the July update would therefore have a broad negative impact. Third, *if* ZA

> had enough advance warning to issue a corrective fix before the update, and

> just knowingly and negligently chose to do so for no particular good reason,

> double shame on them. But that does not really seem likely. However its

> indisputable that the first two are true.

>

> Both screwed up because:

>

> MS did not make any effort to make the ZA problem known. The issue was not

> discussed on the web page for the update, nor was there any other alert

> associated with the update. Yet there is no way they were not aware of the

> problem before pushing the update, unless they were negligent in their

> preparations. Either way, bad on MS. They left average home users, the most

> affected single group, completely utterly in the dark. Those users do not

> usually know where to look, such as in these newsgroups, to find out about

> such problems. And any more, since half of them use the scum-ridden Google

> Groups, they could not access them anyway, MS having trashed their WWW

> access.

>

> ZA did a very very poor job of responding to the problem. It was a pain in

> the neck for me to find out that it was a ZA problem at all. I knew enough

> to uninstall the update, something many home users would not necessarily

> think to do, or know how to do. Going back to a restore point, as many of

> them did, is an excessively destructive solution.

>

> When I tried to find the updates through the click point in the ZA software

> "check for updates", repeatedly, N**none** were found. When I went to the

> web pages suggested in these NGs for the fix, at the time I checked, the

> links to the updates were not there. Several on these groups became

> frustrated with me for asking repeatedly, but somehow they did not manage to

> keep these links posted as they apparently kept making changes to the page.

> Finally on hard refresh I found the links. Bad on ZA.

>

> From now on I will not allow MS to install any updates automatically and

> will check for problems for a few days before accepting them.

>

> And due to this and other past avoidable ZA problems, plus information that

> indicates their firewall is only marginally effective at best, I will move

> on to a better firewall.

>

> MartyB in KC

>

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Conversation in entirety:

http://groups.google.com/group/microsoft.public.security/browse_frm/thread/f691e0bbe3886038/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af

Comments in-line...

Nunya Bidnits wrote:

> As a rank and file home user with above average skills (but not an

> expert), and as a person with marketing and PR experience, here's

> my impression:

>

> MS and ZA both screwed up.

>

> First, ZA is widely used. Second, MS should have, or could have

> known that the July update would therefore have a broad negative

> impact. Third, *if* ZA had enough advance warning to issue a

> corrective fix before the update, and just knowingly and

> negligently chose to do so for no particular good reason, double

> shame on them. But that does not really seem likely. However its

> indisputable that the first two are true.

>

> Both screwed up because:

>

> MS did not make any effort to make the ZA problem known. The issue

> was not discussed on the web page for the update, nor was there any

> other alert associated with the update. Yet there is no way they

> were not aware of the problem before pushing the update, unless

> they were negligent in their preparations. Either way, bad on MS.

> They left average home users, the most affected single group,

> completely utterly in the dark. Those users do not usually know

> where to look, such as in these newsgroups, to find out about such

> problems. And any more, since half of them use the scum-ridden

> Google Groups, they could not access them anyway, MS having trashed

> their WWW access.

How would MS have known (as you state - before pushing the patch) that

somebody elses firewall application (created and supported by another

company) would have problems with this patch...? What are the limits in

what third-party things a company must test to ensure that fixing their own

product won't cause issues with someone elses product?

Also know that not *all versions* of Zone Alarm exhibit this issue with the

patch MS released. Older versions of ZA have been discussed elsewhere in

this very conversation with the people stating they have *not* experienced

any issues.

Your statement about "MS having thrashed their WWW access" - while it was

the patch that exasperated the issue - it was ZA (that particular version no

less (or so it seems)) that had to be modified to remedy the situation.

> ZA did a very very poor job of responding to the problem. It was a

> pain in the neck for me to find out that it was a ZA problem at

> all. I knew enough to uninstall the update, something many home

> users would not necessarily think to do, or know how to do. Going

> back to a restore point, as many of them did, is an excessively

> destructive solution.

ZA did jump on it fairly quickly - all things considered. They fixed it and

released the patch within two days and had work-arounds *I believe* the same

day that the patch was released.

> When I tried to find the updates through the click point in the ZA

> software "check for updates", repeatedly, N**none** were found.

> When I went to the web pages suggested in these NGs for the fix, at

> the time I checked, the links to the updates were not there.

> Several on these groups became frustrated with me for asking

> repeatedly, but somehow they did not manage to keep these links

> posted as they apparently kept making changes to the page. Finally

> on hard refresh I found the links. Bad on ZA.

Yes. Bad on ZA, but perhaps they were putting things up and realizing other

issues, taking them down, putting things back up, etc.

Then again - I did see that part of your discussion and every time I went to

the web page link during that time - the thing you were being told was

there - was there. Then you would answer that it was not - but I could

still see it. It is possible that something was awry on your computer(s) -

or it was cached, proxy, etc and not refreshed. *shrug*

> From now on I will not allow MS to install any updates

> automatically and will check for problems for a few days before

> accepting them.

For an educated person - that is always the wisest choice. Control your

data/stuff completely - only you know the nuances of it and what is/is not

important to you. Why anyone would do anything else is beyond me. ;-)

> And due to this and other past avoidable ZA problems, plus

> information that indicates their firewall is only marginally

> effective at best, I will move on to a better firewall.

The built-in Windows XP firewall (especially if you are also behind a NAT

router of some sort for any high-speed Internet you might have and keep you

AV/AS updated) is *more* than sufficient.

For _most_ home-users - anything more than what is built into Windows XP and

later (consumer OSes from Microsoft) is usually wasted space and time in

terms of 'firewall protection' - IMHO. Why add the complication(s) and

possible problem(s) (as demonstrated so well in this case) if there is no

logical reason to and especially if the home user probably would not be able

to fix it themselves in case of a problem.

--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Nunya Bidnits wrote:

>

> ZA did a very very poor job of responding to the problem. It was a pain in

Totally agree with this.

> the neck for me to find out that it was a ZA problem at all. I knew enough

> to uninstall the update, something many home users would not necessarily

Yes, average home users were the most affected. I myself was seeing this

happen with my friends and relatives. No one knew what was going on.

Their internet connection was not working (ping worked, DSL worked) but

internet did not. Moreover, it appears like MS forced this update to its

customers somehow. Followed all the debugging steps I could but couldn't

find the problem, till I discovered the relevant threads here.

>

> From now on I will not allow MS to install any updates automatically and

> will check for problems for a few days before accepting them.

I myself follow this rule consistently.

> And due to this and other past avoidable ZA problems, plus information that

> indicates their firewall is only marginally effective at best, I will move

> on to a better firewall.

Totally agree with you here too. ZA is just not a personal firewall it

used to be till around a couple of years ago. It has become bloated and

resource hungry. Its uninstallation script is a total crap and leaves

clutter all over the registry (does not remove itself properly). And if

you ask this problem it is support forum, the "guru" posters (probably

on the pay roll) give a convoluted method whose prerequisite is that a

user should have the history of past versions of ZoneAlarm ever

installed on that computer! Who in the right mind thinks that an average

user is going to keep such data!?!? Looks like the ZA company people are

not in touch with ground reality from an average user's point.

All in all, ZA is not a professional piece of application. I am now

looking at Comodo and netdefender (this one is open source).

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Leonard Grey wrote:

> Is there perhaps something I can do to kill this worthless thread?

> Would you like to see pictures from my last vacation? It was real

> fun until we got lost...but that's a l-o-n-g story. It all started

> one day when the sky was clear and the sun was bright...

Yes.

Mark it as blocked with your newsreader or better yet - simply ignore it.

There is nothing compelling you (afaik) to read/respond to this particular

conversation anymore than the 100's of others in this newsgroup per day. It

is - most likely - a conscience choice on your part; and thus, completely

under your control. If so - your asking how to not interact with this

thread falls to your own will-power and skills - not anyone elses.

Using Thunderbird 2.0.0.14 (Windows/20080421)? You might look for help

here:

http://www.mozilla.org/support/thunderbird/

However - again - your best bet is to *ignore* what you don't want to read.

In this case that is fairly simple - the subject has not changed. Don't

open messages with that subject. Use a filter and don't even download them

maybe. ;-)

--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Shenan Stanley wrote:

> <snipped>

> Conversation in entirety:

>

http://groups.google.com/group/microsoft.public.security/browse_frm/thread/f691e0bbe3886038/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af

>

> Comments in-line...

>

> How would MS have known (as you state - before pushing the patch) that

> somebody elses firewall application (created and supported by another

> company) would have problems with this patch...? What are the limits

> in what third-party things a company must test to ensure that fixing

> their own product won't cause issues with someone elses product?

I said could have or should have known... and if they didn't test far enough

to check on a product that is widely used by their customers like ZA, shame

on them. At best, its negligent laziness.

>

--%<----

> Then again - I did see that part of your discussion and every time I

> went to the web page link during that time - the thing you were being

> told was there - was there. Then you would answer that it was not -

> but I could still see it. It is possible that something was awry on

> your computer(s) - or it was cached, proxy, etc and not refreshed.

> *shrug*

And how do you account for it being in my cache, if it never existed? Have

you ever seen a bug in Firfox that one single time only, clips a paragraph

from a web page, and never does it again? ... Neither have I. At some point

when they were diddling with that ZA update, clearly, someone let a version

of the page, called a workaround, on line that did not include the update.

After others insisted it was there, I did a hard refresh, then it turned up.

So it was as I said it was there, in the form I described, at one time, at

least for long enough for me to download it and get it into my browser

cache.... case closed.

---%<----

> For an educated person - that is always the wisest choice. Control

> your data/stuff completely - only you know the nuances of it and what

> is/is not important to you. Why anyone would do anything else is

> beyond me. ;-)

I tried to make the point that I was commenting as an everyday user. Realize

that many everyday users trust MS implicitly, and those home users are the

vast majority of MS OS customers, and not to consider their everyday usage

likelihoods was a failure by MS. Realize that the average person either

trusts MS to do the right thing, or does not trust themselves to know more

than MS, and therefore would never consider trying to control the updates

themselves. Personally, I just did it as convenience, since an MS update has

never caused me a problem in all these years. But nevermore.

>> And due to this and other past avoidable ZA problems, plus

>> information that indicates their firewall is only marginally

>> effective at best, I will move on to a better firewall.

>

> The built-in Windows XP firewall (especially if you are also behind a

> NAT router of some sort for any high-speed Internet you might have

> and keep you AV/AS updated) is *more* than sufficient.

Its all up to date. I'm using 2000P on one computer so there's no XP

firewall. That's the computer that was bitten. But I am not going to change

the OS on a perfectly functional computer just for a firewall, that's like

jumping out of a perfectly good airplane. So I am probably going to Comodo

2.4 unless someone can suggest something better.

>

> For _most_ home-users - anything more than what is built into Windows

> XP and later (consumer OSes from Microsoft) is usually wasted space

> and time in terms of 'firewall protection' - IMHO. Why add the

> complication(s) and possible problem(s) (as demonstrated so well in

> this case) if there is no logical reason to and especially if the

> home user probably would not be able to fix it themselves in case of

> a problem.

I would agree with you had not an older computer running the XP firewall

plus AV and other malware protection still been infected with unacceptable

trash, to the point that it ended up in the recycle bin, after being

cannibalized for parts.

For the record, my W2000P computer running ZA (now temporarily), SpyBot, and

AVG antivirus, and Firefox browser, has not been infected with anything

since I put it on line over a year ago. The only problem it's had is the MS

update for July.

I'm again speaking as a consumer, something I think deserves more attention

from MS when they make changes that are over the head of the average user.

It wasn't over my head, but then it wasn't just no problem either. From a PR

point of view, MS and ZA both *should* and *could* have known about this in

advance, and both *could* have put out a notice to that effect.

And note again from the average consumer point of view that most would not

know what to do once the browser was shut down, since they couldn't get to

the ZA update page, even if the ZA software's *check for update* feature had

actually found the update instead of saying there was none available.

Please give the average person a break. This whole MS/ZA/update hassle was

totally unnecessary and avoidable with just a little extra conscientious

effort.

MartyB in KC

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Paul (Bornival) wrote:

> Hi, everyone,

>

> This thread has seen a very "active" discusssion about the mutual

> responsibilities of MS and ZA for the "loss of Internet access"

> disaster linked to the issue of KB951748.

>

> For sure, the DNS issue was known by the main software

> manufacturerers much before July 8th, and ZA could have been more

> proactive.

>

> However, the argument that MS can change its software "ex abrubto"

> and put the culprit on 3d party software in case of problems

> (because, for ZA, the 3d party has modified a core component of its

> system) needs to be re-examined. Indeed,

>

> - the main reason why people adopted ZA firewall (or other 3d party

> firewalls) is because neither Win95/98/ME or WinXP (before SP2) had

> any protection in this context (more about that on

> http://en.wikipedia.org/wiki/Windows_Firewall). The firewall

> introduced with WinXP SP2 was only directed against attacks from

> outside but did not block anything from inside (this was considered

> as unecessary, and claimed as such on this forum, ... untill,

> eventually, Vista introduced it, which demonstrates its usefulness...)

>

> - as a result, mots of us had to use 3d party firewalls to prortect

> our computers (I did so after seeing my unprotected WinXP computers

> so easily attacked ...).

>

> I submit that MS should recognize that, because it introduced a decent

> firewall only recently, it has to respect those users who installed a

> 3d party firewal ... and have remained faithful to it.

>

> Although, stricto sensu, MS is not obliged to take into consideration

> all 3d party sofware when thay make chnages that may affect the users

> of such software, they could have been more prudent in this case.

>

> In a broader context, MS built its success (vs. Apple) by making an

> OS on which 3d parties could buid their own applications. Ignoring

> this now (and stating that they have "nothing to do with 3d party

> software") may well cause important problems, and the demise of MS in

> the future. In ancient Rome, people said "Jupiter blinds those who

> he will kill" and "The Tarpeian rock is close to the Capitol". In

> this particular case, I'm afraid that MS was blind... even if it was

> technically and legally right, and has forgotten that falling from

> the Capitol hill is easier than climbing it.

Well said.

MBKC

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Shenan Stanley wrote:

> Zone Alarm is popular - but it is not (by far) the only option around

> (or that was around in many cases) and not everyone is running it as

> their third-party solution - which means there will be MANY different

> ones they would have to 'test' - and which versions (of each one) do

> you test? What are the limitation on how far back you test? After

> all - people are reporting in this very conversation that some older

> versions of Zone Alarm itself do not exhibit the issues of the

> version right before the patch to remedy this problem - which tells

> me that Zone Alarm didn't have this issue, did have this issue,

> doesn't have this issue again (if you just pretend the patch could

> have been released some time ago.)

Older versions of ZA also would not have had up to date protection profiles

installed. Not keeping security software up to date is operator error, IMO.

So being saved from a mistake by a mistake is a marginal victory at best,

eh?

MartyB in KC

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

Joan Archer wrote:

> <lol> I just got rid of ZA <g>

>

> --

> Joan Archer

> http://www.freewebs.com/crossstitcher

> http://lachsoft.com/photogallery

>

You are a wise woman. To tell you the truth, I don't think there is any

need for third party firewall especially when you have got Windows XP's

firewall enabled (OR Vista's) and your Modem/Router has its own firewall.

From time to time, you will always have third party software conflict with

MS patches but this is all part and parcel of the game to protect you in

the long run.

Hope this helps.

July 14, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

"PA Bear [MS MVP]" wrote:

> No, sorry. It's been a very long week...

>

your week would have been shorter had you not bothered to provide links to unnecessary third

party products which are an added extra to resources when one already has state of the art

FIREWALL provided by Microsoft and most brodband modems and routers have their own firewall

enabled by default.

I don't know why people bother with any other firewall which may or may not consume scarce

resource!

July 15, 2008

Re: FIX for ZoneAlarm & KB951748 issue released

On Mon, 14 Jul 2008 19:33:44 +0100, ANONYMOUS wrote:

> ...To tell you the truth, I don't think there is any

> need for third party firewall especially when you have got Windows XP's

> firewall enabled (OR Vista's) and your Modem/Router has its own firewall.

In addition I'd recommend disabling any unnecessary and potentially

dangerous Services.

Configure and adjust Services to suit your computing needs

Windows XP Service Pack 3 Service Configurations

http://www.blackviper.com/WinXP/servicecfg.htm

> From time to time, you will always have third party software conflict with

> MS patches but this is all part and parcel of the game to protect you in

> the long run.

Quite right!

July 15, 2008