FIX for ZoneAlarm & KB951748 issue released

CharlieG wrote:
Do these people not understand that we have NO internet access on
the computers affected. The FIRST PROBLEM is to FIX THAT.
Without internet connection I can't download any patches in any
order. The ZoneAlarm fixes don't work to reconnect to the internet.

This problem seems to affect MORE than they are admitting. I don't
have the KB951748 update installed and I'm still having trouble.
Uninstalling ZoneAlarm doesn't solve the problem either.

Ron Badour wrote:
It appears there may be varying degrees of the connection problem
since some people (me included) could get internet access merely by
changing the settings on ZA and thus could download the fix which
totally cured the problem.

CharlieG wrote:
I think you are right. I have been able to disable ZoneAlarm on two
machines and when I uninstalled 748 internet connection was
restored. But on a third machine I don't have 748 installed, but I
do have 749 and even UNINSTALLING ZoneAlarm I am still not able to
get internet reestablished. There were 5 MS updates installed at
the same time on this machine:

0749, 1698, 823-v3, 760 1376-v2, and 0762 Should I uninstall ALL of
those? If I should try one at a time what is the order of the ones
to be removed?

In response to another post here if two computers go out at the
same time it might be coincidence, but if both of those have a
software problem and both have the same software installed that is
creating the problem ..........

Shenan Stanley wrote:
However - you inferred only a single machine in your original
posting. You made no explicit mention of multiple machines in your
case. I pretty much would ignore coincidence if two computers get
the same changes and both have the same problem. Especially if I
can test a third system without the changes and everything is fine.

Yes - general troubleshooting always seem to start the same way...

1) List things that changed between 'things working as expected'
and 'things not working as expected'.
2) Remove the changes and revert to pre-change state.

** If the problem disappears - continue this line of
troubleshooting...
** If the problem does not disappear - either you missed a change
or the removal did not complete OR the problem is unrelated to the
changes.

3) Perform the changes you just undid one at a time - checking for
the problem you are trying to resolve after each trial. (In the
case of a computer - reboot a couple of times to ensure the change
is complete.) * Do not rush into it - perform ONE change at a time
and reboot - be consistent and diligent.

CharlieG wrote:
I see how you could reach that assumption. I was afraid that this
would be the answer.

Another poster seems concerned about me turning off ZoneAlarm. But
on this FINAL machine with problems I uninstalled ZoneAlarm
completely so that is NOT a consideration.

So Zone Alarm is *uninstalled* and all the patches released/installed this
month are uninstalled on this Windows XP (Professional, Home, Media Center,
Tablet PC or x64?) with Service Pack (2 or 3?) machine and you are not
getting any network traffic?

Tried...?

Start button -- RUN -- type in...

CMD /K NETSH FIREWALL RESET

-- Click on OK.

Also...

Start button -- RUN -- type in...

NETSH DIAG GUI

-- Click on OK. -- Scan your system.

You may also want to uninstall your network card hardware device driver and
reboot (allowing it to reinstall.)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

On Wed, 16 Jul 2008 14:01:35 -0400, "H.S."
wrote:

Root Kit wrote:
On Tue, 15 Jul 2008 12:01:59 -0400, "H.S."
wrote:

Hence the rule that one should not be logged in with administrative
rights for day to day usage of Windows unless doing computer maintenance
tasks. Your reasoning above just proves that this makes perfect sense.
The users who are logged in with admin privileges and not *extremely*
careful about their browsing habits get what they ask for when their
computer is hosed due to malware.

I'd like to clarify that there are tricks that still work perfectly
well for a malware running with restricted rights. It just rules out
some of the options.

Using a computer with admin rights by an average Joe user is, well, not
a smart thing to do (being very polite here).

Agreed.

If an OS demands that its users run as admins all the time, the OS is
poorly designed.

Indeed. Windows doesn't demand that. Anyway, due to the installation
defaults prior to Vista, many *programs* are badly designed - assuming
the user has admin rights.

On Wed, 16 Jul 2008 12:15:02 -0700, Stinger wrote:

No offense PA Bear, but that's a pretty arrogate attitude if that 3rd party
application is reviewed by the IT industry time and time again as a much
better product than Windows version of a firewall.

Meanwhile users of the Windows operating system suffer because of a decision
made by Microsoft to make this a update. Anyone else think they (MS) knew
this was going to happen besides myself?


You're very poorly informed. Can't you read threads in its entirety or do
you have a problem relating to comprehension abilities? It seems you're
just another ****er.

On Wed, 16 Jul 2008 13:13:01 -0700, CharlieG wrote:

I see how you could reach that assumption. I was afraid that this would be
the answer.

Another poster seems concerned about me turning off ZoneAlarm. But on this
FINAL machine with problems I uninstalled ZoneAlarm completely so that is NOT
a consideration.

For a complete removal try this:
http://zonealarm.donhoover.net/uninstall.html

Apples & oranges. It's common knowledge that the Windows Firewall (in
WinXP) is a one-way (incoming) firewall.

Does the average SOHO user need an outgoing firewall? Maybe, maybe not.

But since you brought up reviews of "better products," take a look at
http://www.matousec.com/projects/fir...ge/results.php. Your
opinion of ZA may not be the same after you do so.


Stinger wrote:
No offense PA Bear, but that's a pretty arrogate attitude if that 3rd
party
application is reviewed by the IT industry time and time again as a much
better product than Windows version of a firewall...

Interesting reply!

Admitting a 3rd party firewall actually does more than Windows version, but
in the same breath implying it's overkill. That's akin to saying Windows
built a sufficient firewall and anything that doesn't do exactly the same
thing as it (being the industry leader it likes to hangs it hat on) you
simply dismiss as irrelevant.

Again, quite an arrogant stance. Perhaps there's a good reason why quite a
few of these thrid party firewalls have that added outgoing feature.
Perhaps they are taking the inductry lead by going above and beyond what
Microsoft deems as sufficient. Perhaps Microsoft in it's drive to actually
be THE inductry leader should design both an incoming and outgoing firewall
so the general public that uses it's product is better served?

BTW Kayman, I read all threads before wasting my bandwidth on a reply. In
fact I do quite a bit more than just read THIS forum for research before as
well. Suggest you do the same. PA Bear, if providing a link is supposed to
hammer home a point, do I really need to post other links that contradict
yours to make my point? There are plenty others available than the same one
you've been providing in this and other threads.

Bottom line, this update is important since it was a gapping hole in Windows
for quite some time. Great that Windows decided to do something about it.
Bad it renders tried and true helper 3rd party software that has been used
for years by the general public trying its best to close that huge hole in
Windows (with what is considered "overkill) and at the same time consumers
are unable to even get on the internet without a single word of caution from
the makers of the operating system. Ironically, they left it up to the geeks
of the world to figure it out. Nice from a company that assumes it's the
industry leader.

"PA Bear [MS MVP]" wrote:

Apples & oranges. It's common knowledge that the Windows Firewall (in
WinXP) is a one-way (incoming) firewall.

Does the average SOHO user need an outgoing firewall? Maybe, maybe not.

But since you brought up reviews of "better products," take a look at
http://www.matousec.com/projects/fir...ge/results.php. Your
opinion of ZA may not be the same after you do so.


Stinger wrote:
No offense PA Bear, but that's a pretty arrogate attitude if that 3rd
party
application is reviewed by the IT industry time and time again as a much
better product than Windows version of a firewall...

"Stinger" wrote in message
news:B7A45133-F148-4507-85CB- Bottom line, this update is important since
it was a gapping hole in Windows
for quite some time. Great that Windows decided to do something about it.
Bad it renders tried and true helper 3rd party software that has been used
for years by the general public trying its best to close that huge hole in
Windows (with what is considered "overkill) and at the same time
consumers
are unable to even get on the internet without a single word of caution
from
the makers of the operating system. Ironically, they left it up to the
geeks
of the world to figure it out. Nice from a company that assumes it's the
industry leader.


You should do a bit of research before you post. The gaping hole was in the
way DNS worked. It was not Windows specific. Almost every OS was affected.
In fact almost everything that interacted with DNS in any way was affected.

http://www.securityfocus.com/news/11526

Take a look at some of the affected products.

http://www.kb.cert.org/vuls/id/800113

We can debate the effectiveness of software firewalls all day. I don't think
at the end of the debate either of us would change their mind. You think
they're great. I think they're mostly hype and snake oil. There is no
debating the fact that this flaw in the DNS system needed to be patched and
it needed to be patched immediately. This has nothing to do with Windows.
The flaw was in the way DNS worked. The fact that your 3rd party application
couldn't deal with the fact that an OS update changed some system files says
a lot about how well it's programmed. It wasn't any changes in the files
that broke your software. It was just the fact that the files changed that
broke it. If an application can't deal with the fact that an OS may update
itself it's not an application I would want on my computer.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/

On Thu, 17 Jul 2008 04:09:00 -0700, Stinger wrote:

snip for brevity

BTW Kayman, I read all threads before wasting my bandwidth on a reply. In
fact I do quite a bit more than just read THIS forum for research before as
well. Suggest you do the same.

Where did my post did not match up with your research? Gimme a hint,
please!

Bottom line, this update is important since it was a gapping hole in Windows
for quite some time.

http://tech.blorge.com/Structu%20...ed-with-dns-bu

What Kerry said.

Stinger wrote:
Interesting reply!

Admitting a 3rd party firewall actually does more than Windows version,
but
in the same breath implying it's overkill. That's akin to saying Windows
built a sufficient firewall and anything that doesn't do exactly the same
thing as it (being the industry leader it likes to hangs it hat on) you
simply dismiss as irrelevant.

Again, quite an arrogant stance. Perhaps there's a good reason why quite
a
few of these thrid party firewalls have that added outgoing feature.
Perhaps they are taking the inductry lead by going above and beyond what
Microsoft deems as sufficient. Perhaps Microsoft in it's drive to
actually
be THE inductry leader should design both an incoming and outgoing
firewall
so the general public that uses it's product is better served?

BTW Kayman, I read all threads before wasting my bandwidth on a reply.
In
fact I do quite a bit more than just read THIS forum for research before
as
well. Suggest you do the same. PA Bear, if providing a link is supposed
to
hammer home a point, do I really need to post other links that contradict
yours to make my point? There are plenty others available than the same
one
you've been providing in this and other threads.

Bottom line, this update is important since it was a gapping hole in
Windows
for quite some time. Great that Windows decided to do something about it.
Bad it renders tried and true helper 3rd party software that has been used
for years by the general public trying its best to close that huge hole in
Windows (with what is considered "overkill) and at the same time
consumers
are unable to even get on the internet without a single word of caution
from
the makers of the operating system. Ironically, they left it up to the
geeks of the world to figure it out. Nice from a company that assumes
it's
the industry leader.

"PA Bear [MS MVP]" wrote:

Apples & oranges. It's common knowledge that the Windows Firewall (in
WinXP) is a one-way (incoming) firewall.

Does the average SOHO user need an outgoing firewall? Maybe, maybe not.

But since you brought up reviews of "better products," take a look at
http://www.matousec.com/projects/fir...ge/results.php. Your
opinion of ZA may not be the same after you do so.


Stinger wrote:
No offense PA Bear, but that's a pretty arrogate attitude if that 3rd
party
application is reviewed by the IT industry time and time again as a much
better product than Windows version of a firewall...

Start a free Windows Update support incident request:
https://support.microsoft.com/oas/de...spx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates. When you call, clearly state that your problem is related
to a Security Update and cite the update's KB number (e.g., KB951748).

For enterprise customers, support for security updates is available through
your usual support contacts.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.net

CharlieG wrote:
I see how you could reach that assumption. I was afraid that this would
be
the answer.

Another poster seems concerned about me turning off ZoneAlarm. But on
this
FINAL machine with problems I uninstalled ZoneAlarm completely so that is
NOT a consideration.
snip

Hi,

"Root Kit" wrote:

On Wed, 16 Jul 2008 00:04:54 -0700, Paul (Bornival)
wrote:

I'll give a simple example where outbound control would have prevented what
was nearly a disaster.

Would have? - So it was a disaster?

One of our computer was inadvertently infected by a
malware that used the Outlook address book of the user and start sending
e-mails to all addressees...

The key issue here is:

How did this malware get in? - and why was it allowed to run in the
first place? Because that part is security related. The rest is just
damage control based on blind luck.

Well, as you know, it came stupidly by someone "from outside" sending an
infected e-mail before our university firewall had been updated to catch it.
I agree that this was a fault, but history is full of fortresses that should
never had been caught but eventually were, sometimes by very simple tricks.
So, prtection from otside is good, but what do you do when the ennemy is
inside ...


If ZA would have been installed, this would not
have happened because it can be configured to block the sending of mass
e-mails.

Sure. Unfortunately, it can be configured to do a lot of nonsense.

I'ma not sure about that. You can, of course, also make a lot of non-sense
with many programs including ZA, but I did not see too much problems here if
you are a bit careful. Conversely, the WinXP SP2 firewall is not so easy to
master... (mainly because MS likes, as in many other cases, uses names
different from what other people use to design well known porcessse, which is
a wel known marketing trick, but this is another isssue with MS).

Outbound protection may not catch everythig and is not perfect, but
why not using it if you can ?

For the same reason you don't constantly wear a helmet just in case
someone drops something from an aero plane.

See my comment above. For sure, the helmet is not the best thing, and this
is why policemen also have rifles (which I do not like, but ...).


Outbound protection (host based) is not for free. It comes at a cost
which can be hard for layman to asses. The added system complexity of
installing a bunch of potentially vulnerable code of questionable
quality and functionality and the cons that follow from that, must be
weighed against the possible pros.

Can you be more specific in this. How much more resources are really needed
to set up outbound protection in addition to inbound. What is the payload in
terms of CPU and memory usage ? To be clear, I do not see much difference
during operation between computers with and without ZA. The difference is
defiitely in the booting time, but once this is over, no real difference at
least for me.


You make a computer secure by removing unnecessary stuff and fixing
what is broken - not by adding further potentially vulnerable code to
an already insecure code base.

Again, not usre about that. If we were to follow you, the only solution is
to stop using Windows at all and moving to Linux or Apple... The problem
with Windows is that its design was indeed quite open (which eventually
explains its success) but also a bit irresponsible...

"Root Kit" wrote:

On Wed, 16 Jul 2008 00:07:46 -0700, Paul (Bornival)
wrote:

The sucessfull attacks on WinXP computers I was were before the introduction
of SP2. This was completely and effectively avoided after installing ZA.

True - but could easily have been avoided by shutting down unnecessary
services, adding a simple packet filter or activating the build-in
one.

- shutting down servies is nice ... but the trouble is that the MS
documentatin is so poor that you never know what you really do when you shut
down a service ... untill someone comes and complain that things do not work
any longer as they did before... Then you realize that you better not shut
down any service ... (I could luch longer about that, but, believe me, ther
are so many softwares that capitalize on existing "default" Windows services
that you think twice before shutting one down...).

- packet filters are nice, but are you going to implement them on 30
computers with different requirements ...

- the build-in firewall was so well hidden that I only discovered its
existence by accident, and it was not very esay to master... I guess MS never
advertised it because they knew how weak and inefficient it was. If what I
say is not true, why did not advertise it ?



When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
ZA was eventually easier to adjust to our needs. This is why I remained
faithfl to ZA (and I'm not the only one...).

I wonder what your needs are.

Oh simple... a workgroup with 30 computers in peer-to-peer configuration and
in a very open environment (each computer ahs a PUBLIC IP address - do not
ask me why, this is so - but each needs to be reachable from outside by me
and a few other authorized persons...; no domain as we had no one to be its
administrator and if the domain server fails, evryting fails ...). Seems
crasy, but since we got ZA on all machines, we simply have no more any
problem ...

Note that turning off WinXP network services was not possible (or largely
unpractical) given our needs of communication between computers.

How do you expect ZA to protect services you need to make available?

Well, did YOU really tested ZA ?

"Kayman" wrote:

On Wed, 16 Jul 2008 00:07:46 -0700, Paul (Bornival) wrote:

"Root Kit" wrote:

On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival)
wrote:
(I did so after seeing my unprotected WinXP computers so easily
attacked ...).

Educational reading (not only for Vista users).

Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/m.../cc510323.aspx

I am amazed by how strongly people linked to MS state that outbound
filtering is unecessary or even countreproductive. Yet, other people, not
linked to MS, think otherwise. Why is it so ?

I don't think very many people that understand security think outbound
filtering is not a useful thing to do. Many people that understand how
computers work think that relying on a software firewall to stop something
that is running on the same computer and has the same or higher privileges
as the firewall isn't a good thing or even possible. Outbound filtering is
very useful for some situations. Outbound filtering to stop malware where
the filtering and the malware are on the same computer is a fool's game. For
security outbound filtering is best done by something that is not running on
the computer to be filtered. For other reasons, like blocking p2p traffic or
messenger traffic (i.e. non-malicious traffic) outbound filtering via
software on the computer works but I still prefer to do this elsewhere.
Filtering like this means you are trying to restrict the user from doing
something. Using software on the computer the computer to restrict the user
is also a fool's errand. Anyone who has physical access to the computer and
a little bit of knowledge can bypass it.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/



"Paul (Bornival)" wrote in message
...


"Kayman" wrote:

On Wed, 16 Jul 2008 00:07:46 -0700, Paul (Bornival) wrote:

"Root Kit" wrote:

On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival)
wrote:
(I did so after seeing my unprotected WinXP computers so easily
attacked ...).

Educational reading (not only for Vista users).

Managing the Windows Vista Firewall
http://technet.microsoft.com/en-us/m.../cc510323.aspx

I am amazed by how strongly people linked to MS state that outbound
filtering is unecessary or even countreproductive. Yet, other people, not
linked to MS, think otherwise. Why is it so ?

Paul (Bornival) wrote:

I am amazed by how strongly people linked to MS state that outbound
filtering is unecessary or even countreproductive. Yet, other people, not
linked to MS, think otherwise. Why is it so ?


Looks like MS does not want to invest time and resources in developing a
full firewall and is thus marketing and trying to convince its users
that outbound control is unnecessary.

Historically, MS has wanted their OS to be used by dumb average Joe
users and thus tuned its system as such. Consequently, they compromised
on multiuser features, restricted user usage habits and proper computer
terminology. Result: Almost all users believe Windows must be run in
admin mode. They do not gain any basic knowledge about computers which
is commonplace among computer technologists (MS uses its own
nomenclature, as you mentioned, probably based on recommendations by
marketing drones). All this leads to significant ignorance of important
issues related to computer security.

But to be fair, these marketing strategies also resulted in the boom of
personal computer.

Also, the strict control over licenses also played a very important role
in making Linux what it is today: secure, open source and, these days,
with better GUI than Windows in many respects. Had Windows been "open",
maybe there would not have been as much impetus in making Linux distros
so user friendly. I have myself seen that current version of Ubuntu is
much more easier to install than Windows!