Jump to content

Techno Babble

FIX for ZoneAlarm & KB951748 issue released

By Guest PA Bear [MS MVP]
July 10, 2008 in Techno Babble

Share

https://offtopic.forum/topic/169926-fix-for-zonealarm-kb951748-issue-released/

Followers 0

Prev
2
3
4
5
6
7
8
Next
Page 7 of 8

Recommended Posts

Guest Root Kit

Posted July 18, 2008

On Fri, 18 Jul 2008 15:10:03 -0700, Stinger

<Stinger@discussions.microsoft.com> wrote:

>Why didn't you copy and paste the most important part of my last post Root

>Kit? You know the one...

You mean the one where you avoided answering what would happen to the

machine protected with "just" the windows firewall?

Quote

Popular Days

Guest Stinger

Posted July 18, 2008

"Kerry Brown" wrote:

> "Stinger" <Stinger@discussions.microsoft.com> wrote in message

> news:88C199ED-4893-4EB2-81F3-1053114DB96A@microsoft.com...

> >

> > "Root Kit" wrote:

> >

> >>

> >> BTW, what you provided here lacks any technical arguments which makes

> >> you sound more like a salesman than anything else. So what security

> >> software company do you represent?

> >>

> >

> > The same "software company" that includes common sense as part mission

> > statement Root Kit. Try reading the entire thread before you jump in

> > taking

> > things out of context. It's boring when people do that.

> >

> > Read back through the entire post before challenging my quotes from

> > others.

> >

> > Here's EXACTLY what Kerry said earlier word for word...

> > "There is no debating the fact that this flaw in the DNS system needed to

> > be

> > patched and it needed to be patched immediately. This has nothing to do

> > with

> > Windows."

> >

> > Nothing to do with Windows??????????

>

> I stand by the statement. The flaw iself had nothing to do with Windows. It

> was a flaw in the DNS communications protocol. Windows was using the

> existing protocol which was flawed. This meant that Windows had to be

> changed to work with the new protocol or it would be vulnerable. How is this

> a Windows problem? It's a DNS problem that all developers that make products

> that communicate with DNS servers have had to deal with.

>

> I agree with Root Kit. You havn't provided technical details of how a

> software firewall that does outbound monitoring improves security over the

> Windows firewall. You haven't tried to refute the fact that Zone Alarm's

> monitoring of and reaction to system file changes is flawed. You obviously

> misunderstand what caused Microsoft to update the DNS client in Windows. I'm

> done with the conversation unless you can provide us with some technical

> reasons that back up your assertions. I like a good debate as much as

> anybody but it's pointless unless you at least try to back up your

> statements.

>

> --

> Kerry Brown

> Microsoft MVP - Windows Desktop Experience: Systems Administration

> http://www.vistahelp.ca/phpBB2/

> http://vistahelpca.blogspot.com/

>

>

And I've yet to see anyone answer the most important question, you include

Kerry..

"Why was the patch even produced by MS if there wasn't a "problem" with the

OS?"

Windows has to be changed to work with the new protocol? So either there

was something wrong with Windows before or after the new protocol was

invoked...which is it? Can't have it both ways. If everything was fine

before the new DNS protocol was invoked, we're right back to my question

above. You don't need to have technical expertise to see when people dance

cokmpletely around a subject folks.

Quote

Guest Jim Carlock

Posted July 19, 2008

"PA Bear [MS MVP]" wrote:

: I'm not giving you attitude, I just need you to answer my questions,

: Phyllis. If you'd like to get voluntary or paid assistance elsewhere,

: please so do.

:

I'm pretty satisfied with a 2002 firewall. It's available free of

charge and was made by Kerio (version 2.15). It requires a packet

sniffer to fix up / block incoming bad packets. I believe an MVP

made the packet analyzer (CHX-I) but it's very hard to find these

days. There's a DNS product available, I lost the link recently,

where the CHX-I packet analyzer is supposed to exist. I recently

visited the website in the last couple of weeks, but put it off for

another day. I believe the DNS server that it may come with is an

offshoot of a BIND 8.4 or something like that. You wouldn't happen

to know what I'm talking about, Robert, would you? Oh... it was

treewalkdns.

You wouldn't happen to know anything about the packet analyzing

software that comes with the treewalkdns software, would you? I

bought into ZoneAlarm at one time (2001) and I never was able to

get it to work properly on XP. They released updates like 50 times

a year and I couldn't deal with that kind of product, and thus I

tried Kerio 2.15 out and have been satisfied ever since. Now I

see that Microsoft issued an update which updates tcpip.sys - I

wish I knew what was going on there, because I'm still happy with:

01/28/2006 03:47 PM 359,808 tcpip.sys

There seems to be alot of DNS problems lately. The BIND DNS ng

seems to get a lot of posts lately, especially with 9.50 version.

Jim Carlock

Natural Cure For Pink-Eye (Conjunctivitis)

http://www.associatedcontent.com/article/3...unctivitis.html

Quote

Guest Root Kit

Posted July 19, 2008

On Fri, 18 Jul 2008 16:00:03 -0700, Stinger

<Stinger@discussions.microsoft.com> wrote:

>And I've yet to see anyone answer the most important question, you include

>Kerry..

>

>"Why was the patch even produced by MS if there wasn't a "problem" with the

>OS?"

Why should anyone bother answering a question which exists only in

your head?

>Windows has to be changed to work with the new protocol?

Just like all the other platforms.

>So either there was something wrong with Windows before or after the new protocol was

>invoked...which is it? Can't have it both ways. If everything was fine

>before the new DNS protocol was invoked, we're right back to my question

>above.

Seems like you're talking to stay awake.

>You don't need to have technical expertise to see when people dance

>cokmpletely around a subject folks.

That's true. Everyone can see that's what you're doing.

Quote

Guest Kayman

Posted July 19, 2008

On Fri, 18 Jul 2008 12:43:26 -0300, John John (MVP) wrote:

>>>Before Windows XP what were people using?

>>

>> I don't know but I was using a 3rd party (so-called) firewall application

>> and (incidentally) Registry Cleaner :-)

>

> What do registry cleaners have to do with firewalls? Why are you even

> mentioning them here, if only as a feeble attempt to muddle the issue?

John, John (MVP), as I mentioned in a preceding thread, you can't be very

intelligent and your lateral thinking capabilities are vitually not

existent! Prior NT these apps were basically regarded essential tools.

Don't you you know the meaning of "incidentally" ?

> If third party firewalls are only "so-called firewalls" then the Windows

> XP firewall is no different, it too is nothing more than a personal

> firewall.

The WinXp firewall application is an integral part of the OS and deals

with inbound protection and therefore does not give you a false sense of

security. Best of all, it doesn't implement lots of nonsense like

pretending that outbound traffic needs to be monitored. And yes,

technically speaking, 'firewall' is really a misnomer.

>>> What were they using on NT4 and on Windows 2000?

>>

>> I don't know.

>

> That doesn't surprise me.

Why is that, and what is that supposed to mean?

Ah, I recall a statement you made in a previous message:

" We all know that the Windows firewall is sufficient and good at it's

job...".

I envy you for having the gift to know thoughts of others. (And my crystal

ball ain't working - bummer).

>>>Just because XP got a firewall now anything else has suddenly become

>>>unfit for use?

>>

>> Well, these are throwaway words; If you were more open-minded' in relation

>> to OS's and read ( and comprehend) through pertinent write-ups (even in

>> this thread), than it'd be obvious to you - and no, I am not a techie style_emoticons/

>

> I am more open minded than you are!

But it seems your comprehension is lacking :-)

> I have no quibbles about which

> firewall people decide to use, if they want to use the Windows firewall

> that is fine, the Windows firewall offers protection for what it was

> design to do, there is nothing wrong with it at all. If users want to

> use other good firewalls that offer different features that is fine too,

Agree, as long it is not a 3rd party software (so-called) firewall!

When starting learning to drive a car I wanted to drive on the 'left' side

of the road because at the time I thought there was nothing wrong with it

all, in fact I thought that driving on the middle of the road is much

safer. Boy am I glad that somebody put me straight!

> many of these other firewalls are also good and they do everything that

> the Windows firewall does plus they give users additional features that

> users have asked for. That is fine by me,

We are talking about 3rd party software (so-called) firewall applications!

The user gets easily blinded by all the hype created by the makers of 3rd

party (so-called) firewalls. Now they believe it (your're one of them) and

if an opportunity presents itself I will continue posting links with

articles saying otherwise in order to create some realistic counterbalance.

Heck, even Sunbelt (the makers of Kerio) concede that outbound controll of

their software is basically a useless POS.

In the end it's the user (not you or I) who'll decide.

> I don't care what they use...

Nor do I. But you should be ashamed of yourself for making such a

statement. As a MVP you should set an example and advise novices and the

uninformed to the best of your ability and in accordance with your vast and

specialized knowledge (isn't that you've got the 'badge' in the first

place?)! And all you can say "I don't care".

> providing that they use something!

(LOL) I refrain from commenting! Except that I sincerely believe that you

must have demonstrated some skills prior being awarded with a MVP badge.

Would you please stick to these particular skills and refrain from

commenting and/or making statements related to Internet Security!

(Embarrasing, really).

> You on the other hand think that you

> should dictate your views onto others and that you should be telling

> them what to do.

Bunk, you don't know what what I am thinking [PERIOD]!

I provide links to educational articles provided by well respected authors

who are highly regarded and respected in the Internet Security Community;

Their credentials are outstanding!

I know you disregard the writings of these authors as 'nonsense'. You do

recall your statement in a previous post:

"I really don't know why you keep spewing this nonsense out..."

'Nuff said.

> You are on a religious zeal to convert the masses.

Call it what you wish. Based on what I know, I am eager providing a counter

balance, the accompanied links of my posts speak for themself (if

understood).

> When users tell you they want other features all you can do is berate

> them and try to impose your views on them.

You tried this before. Providing educational links to the uninformed can

hardly be considered 'berating'.

You're some kind of a frustrated individual, to say the least!

> The fact is that there is

> nothing wrong with many of the third party firewalls out there and if

> users want to use them it really is none of your business.

The fact is there are a lot of things wrong with these Illusion ware! You

just don't seem do understand it. I will continue making it my business

providing links to educational article, so what are you going to do about

it? Users can take heed or ignore these write-ups. Heck, it's a free

country and this is usenet.

If you feel so strong about it, why don't you join a moderated forum!

> You're attempt to discredit all third party firewalls is plainly

> misguided, the facts are that many of these other products are also good

> products and many are free.

Since almost all educational and factual write-ups fail to get commercial

support, my effort to provide this material opposing the hype created by

the makers of 3rd party software (so-called) firwall is justified and

right.

Now be honest, which software company do you work for?

> The bottom line is that you and others in your camp simply cannot back

> that notion that you perpetuate that all third party firewalls are

> incapable of protecting users. That is untrue, it is a lie, plain and

> simple, there is no other way to put it.

The bottom line is that 3rd party (so-called) firewall applications

promoting the importance of 'outbound control" are without exception

snake oil!

BTW, aside from your MVP badge, what are your credentials?

Quote

Guest Kayman

Posted July 19, 2008

On Fri, 18 Jul 2008 16:00:03 -0700, Stinger wrote:

>

> And I've yet to see anyone answer the most important question, you include

> Kerry..

> "Why was the patch even produced by MS if there wasn't a "problem" with the

> OS?"

> Windows has to be changed to work with the new protocol? So either there

> was something wrong with Windows before or after the new protocol was

> invoked...which is it? Can't have it both ways. If everything was fine

> before the new DNS protocol was invoked, we're right back to my question

> above. You don't need to have technical expertise to see when people dance

> cokmpletely around a subject folks.

This may clarify things:

http://securosis.com/2008/07/08/dan-kamins...patch-released/

<div class='quotetop'> <div class='quotemain'>....Mr. Kaminsky immediately reported the issue to major authorities,

including the United States Computer Emergency Response Team (part of the

Department of Homeland Security), and began working on a coordinated fix.

Engineers from major technology vendors around the world converged on the

Microsoft campus in March to coordinate their response. All of the

vendors began repairing their products and agreed that a synchronized

release, on a single day, would minimize the risk that malicious

individuals could figure out the vulnerability before all vendors were able

to offer secure versions of their products...

"Dan Kaminsky was finally successful in getting the security research

community to back his claims to the design flaw with DNS."

http://tech.blorge.com/Structure:%20/2008/...d-with-dns-bug/

Happy reading style_emoticons/

Quote

Guest Phyllis

Posted July 19, 2008

Been out of town.

Ran Norton Removal tool, no difference.

Reinstalled Windows updates KB951748, 951978, 890830.

My connectivity issues are throughout the day.

I own Netgear MR814 Router, I believe it is 802.11g. I have already decided

it might be my router going bad since it is 3-4 years old, so I have

unhooked everything and am connected now directly to my cable. So far,

everything is staying connected OK, but has only been a few hours. I am

going to watch for the rest of the weekend. If it continues to work OK, I

am buying a new wireless router. Do you have any recommendations for a good

one? Thanks

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

news:u53wtES5IHA.2332@TK2MSFTNGP03.phx.gbl...

> I'm not giving you attitude, I just need you to answer my questions,

> Phyllis. If you'd like to get voluntary or paid assistance elsewhere,

> please so do.

>

>> ...I believe you should know that SP3 became available before July

>> 8, 2008

>

> SP3 was made available via Windows Update website on or about 07 May-08,

> and

> for a very bried period was being offered to some users who'd configured

> Automatic Updates (AU) to "Download but notify" and "Notify Only."

>

> SP3 was made available to all users, independent of their AU settings, at

> 17:00 UTC, 10 Jul-08.

>

>> NO, it is not only after standby that it occurs...

>

> Thank you for answering my specific question.

>

>> I cleaned my machine of all files/traces of Norton after I uninstalled

>> via

>> Add/Remove Programs, but will download/run the removal tool that you

>> provided.

>

> Let me know if running the removal tool helps at all. Norton applications

> are notorious for not uninstalling cleanly, Phyllis. The "remainders"

> left

> behind can have an untold number of affects on performance, including

> connectivity.

>

> Phyllis, what's the make & model of your wireless router? Do you own it

> or

> do you lease it from your ISP there in Conway?

>

> Also tell me if the connectivity issues only seem to occur at specific

> times of the day (e.g., only in the early evening; from 5 PM till

> bedtime).

> --

> ~PA Bear

>

> Phyllis wrote:

>> My response from my last post: ("Don't remember date of SP3 install, was

>> right after it became available and I got update notification from

>> Automatic

>> Updates.") I believe you should know that SP3 became available before

>> July

>> 8, 2008. I really appreciate all the help, but can do without the

>> "attitude." I know this problem has been overwhelming to deal with and

>> you

>> are probably tired of incompetent people owning computers but none the

>> less

>> we all have them now.

>>

>> NO, it is not only after standby that it occurs. Also answered in last

>> post. (Usually when I FIRST open Internet Explorer I get this box that

>> says

>> "no internet connection available, do you want to work offline or retry."

>> When I click retry it connects right up. My wireless connection doesn't

>> connect at startup and if I do manage to get it connected it drops during

>> standby.) Does this response not answer the question about having the

>> problem only after standby or hibernation? I have my computer set to

>> never

>> hibernate.

>>

>> Outlook Express also exhibits the same problem.

>>

>> I cleaned my machine of all files/traces of Norton after I uninstalled

>> via

>> Add/Remove Programs, but will download/run the removal tool that you

>> provided. I will also install the updates. Thank you very much for your

>> help.

>>

>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>> news:e3tHLOK5IHA.4908@TK2MSFTNGP04.phx.gbl...

>>> [Crossposting eliminated]

>>>

>>> Did you or did you not install WinXP SP3 on or after 08 July 2008?

>>>

>>> You explained your connection problems before. I need to know if you

>>> only have such problems after resuming the machine from Standby or

>>> Hibernate? If not, please say so.

>>>

>>> Do any of your other applications (e.g., Outlook Express) exhibit these

>>> connection problems or is it just IE7?

>>>

>>> =========================

>>>> ...I have also had Norton Internet Security during 2006 and 2007.

>>>

>>> 1. If anything named Norton or if LiveUpdate is listed in Add/Remove

>>> Programs, please uninstall it/them.

>>>

>>> 2. Now download/run this removal tool and reboot:

>>> http://service1.symantec.com/SUPPORT/tsgen...005033108162039

>>>

>>> 3. Any improvement in the connectivity department?

>>> =========================

>>>

>>>> I did a system restore yesterday and told Automatic Updates to not show

>>>> me

>>>> KB951748 and KB951978 again.

>>>

>>> Please do NOT use System Restore to "undo" updates. Uninstall them via

>>> Add/Remove Programs instead.

>>>

>>> I would STRONGLY recommend that you get KB951748 and KB951978 installed

>>> again ASAP! You've proven that neither of them caused your problem, and

>>> KB951748 especially is a big deal! =>

>>> http://blog.washingtonpost.com/securityfix...net_tues_1.html

>>>

>>> And I can assure you that all responsible ISPs consider it a big deal,

>>> too, and are scrambling to make changes to protect against these

>>> vulnerabilities.

>>> --

>>> ~Robear Dyer (PA Bear)

>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

>>> AumHa VSOP & Admin http://aumha.net

>>> DTS-L http://dts-l.net/

>>>

>>> Phyllis wrote:

>>>> I am using microsoft.public.security in my Outlook Express to

>>>> view/reply.

>>>>

>>>> Problem started first part of the week after Windows Updates and AVG

>>>> update.

>>>>

>>>> Don't remember date of SP3 install, was right after it became available

>>>> and

>>>> I got update notification from Automatic Updates. Usually when I first

>>>> open

>>>> Internet Explorer I get this box that says "no internet connection

>>>> available, do you want to work offline or retry." When I click retry

>>>> it

>>>> connects right up. My wireless connection doesn't connect at startup

>>>> and

>>>> if

>>>> I do manage to get it connected it drops during standby.

>>>>

>>>> I use Windows Firewall, but have recently had Zone Alarms but didn't

>>>> like

>>>> some things about it and uninstalled via Add/Remove programs. I have

>>>> run

>>>> a

>>>> search and did not find any files associated with Zone Alarms on my

>>>> computer. I have also had Norton Internet Security during 2006 and

>>>> 2007.

>>>>

>>>> I did a system restore yesterday and told Automatic Updates to not show

>>>> me

>>>> KB951748 and KB951978 again. I did install the Malicious Software

>>>> Tool.

>>>> Problem remains. I am wondering if maybe my internet provider may have

>>>> been

>>>> messing with it trying to resolve this problem themselves. I believe

>>>> it

>>>> was

>>>> on Zone Alarms forum that I read where internet providers were having

>>>> to

>>>> make corrections to their servers too. Don't know if that is correct

>>>> or

>>>> not. I have read so much today, I can hardly remember my name at this

>>>> point. I have it all connected right now and has been working fine for

>>>> the

>>>> last couple of hours. Don't know what is going on.

>>>>

>>>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message

>>>> news:%23bqaawG5IHA.1196@TK2MSFTNGP05.phx.gbl...

>>>>>> I have been experiencing problems with my internet

>>>>>> connection all week.

>>>>>

>>>>> "All week" meaning since you installed KB951748, KB951978, and the

>>>>> Malicious Software Removal Tool on or shortly after 08 July 2008?

>>>>>

>>>>> When did you install WinXP SP3? Was AVG running in the background

>>>>> when

>>>>> you installed SP3? Do you only experience such issues after resuming

>>>>> from

>>>>> Standby or Hibernation?

>>>>>

>>>>> You've told us that ZoneAlarm isn't installed. Is another third-party

>>>>> firewall installed or are you using the Windows Firewall?

>>>>>

>>>>> Has a Norton or McAfee application ever been installed on the machine?

>>>>>

>>>>> Lastly, if you uninstall "Security Update for Windows XP (KB951748)"

>>>>> via

>>>>> Add/Remove Programs & reboot, does the behavior persist?

>>>>>

>>>>> PS: Please tell me which newsgroup you're using to view and reply to

>>>>> this

>>>>> thread. I'd prefer that we discontinue the unnecessary crossposting.

>>>>>

>>>>> Phyllis wrote:

>>>>>> Microsoft Windows Updates this week were KB951748 (Security Update

>>>>>> for

>>>>>> XP),

>>>>>> KB951978 (Update for Windows XP), KB890830 (Windows Malicious

>>>>>> Software

>>>>>> Removal Tool). I have been experiencing problems with my internet

>>>>>> connection all week. Sometimes I can't get it to connect at all, or

>>>>>> a

>>>>>> window will come up and say "there is no internet connection

>>>>>> available,

>>>>>> do I

>>>>>> want to work offline or retry." If I click retry it will connect

>>>>>> right

>>>>>> up.

>>>>>> Then at other times it will connect to the cable connection with no

>>>>>> problem,

>>>>>> but then my wireless connection will not connect, it doesn't even

>>>>>> show

>>>>>> a

>>>>>> network available. After fooling with it (disable, re-enable,

>>>>>> repair)

>>>>>> it

>>>>>> will just finally connect up.

>>>>>>

>>>>>> I had already upgraded to AVG 8.0 several weeks ago. The update this

>>>>>> week

>>>>>> was just a part of daily updates, but required restart of my computer

>>>>>> which

>>>>>> it never did before. It says 8.0.138.

>>>>>>

>>>>>>> What other Windows updates did you install this week? Exactly

>>>>>>> what

>>>>>>> problems are you experiencing since installing the July 2008

>>>>>>> updates?

>>>>>>>

>>>>>>> Did you upgrade from AVG v7.5 to v8.0, and are you now running

>>>>>>> v8.1.135?

>>>>>>> --

>>>>>>> Phyllis wrote:

>>>>>>>> Sorry about posting in the wrong place, but I was mainly commenting

>>>>>>>> on

>>>>>>>> the

>>>>>>>> fact that there were others with what seemed like the same problem

>>>>>>>> that

>>>>>>>> did

>>>>>>>> not have ZA.

>>>>>>>>

>>>>>>>> XP SP3, IE 7, and my AVG did an update this week that required

>>>>>>>> restart

>>>>>>>> of

>>>>>>>> my

>>>>>>>> computer which has never happened before, so it is possible they

>>>>>>>> made

>>>>>>>> some

>>>>>>>> changes as well. Has anyone complained about that freebie screwing

>>>>>>>> things

>>>>>>>> up? Seems like everything I have on my computer has been wanting

>>>>>>>> to

>>>>>>>> update

>>>>>>>> today and I'm getting a little gun shy. Thanks

>>>>>>>>

>>>>>>>>> No, sorry. It's been a very long week...

>>>>>>>>>

>>>>>>>>> Then again, you did post in a thread about ZoneAlarm and KB951748

>>>>>>>>> instead

>>>>>>>>> of beginning your own thread.

>>>>>>>>>

>>>>>>>>> What's your Windows version (e.g., WinXP SP3) and IE version,

>>>>>>>>> Phyllis?

>>>>>>>>> What other updates did you install this week besides KB951748?

>>>>>>>>> --

>>>>>>>>> Phyllis wrote:

>>>>>>>>>> So this fix works even if you are not running Zone Alarms?

>>>>>>>>>>

>>>>>>>>>>> ZA's had the fix for several days now:

>>>>>>> <snip>

>

Quote

Guest Paul (Bornival)

Posted July 20, 2008

Intersting comments.

(See details hereunder)

"H.S." wrote:

> Paul (Bornival) wrote:

> >

> > I am amazed by how strongly people linked to MS state that outbound

> > filtering is unecessary or even countreproductive. Yet, other people, not

> > linked to MS, think otherwise. Why is it so ?

> >

>

> Looks like MS does not want to invest time and resources in developing a

> full firewall and is thus marketing and trying to convince its users

> that outbound control is unnecessary.

I giess this is really true and is what I was suspecting.

>

> Historically, MS has wanted their OS to be used by dumb average Joe

> users and thus tuned its system as such. Consequently, they compromised

> on multiuser features, restricted user usage habits and proper computer

> terminology. Result: Almost all users believe Windows must be run in

> admin mode. They do not gain any basic knowledge about computers which

> is commonplace among computer technologists (MS uses its own

> nomenclature, as you mentioned, probably based on recommendations by

> marketing drones). All this leads to significant ignorance of important

> issues related to computer security.

Also a very good point. This habit of MS to give other names to things

already existing under a well known, common name is really annoying. It goes

even from one version of Windows to the next, as seen in Vista for which I

lost a lot of time finding things which I knew rom WinXP but eventually got

other names...

>

> But to be fair, these marketing strategies also resulted in the boom of

> personal computer.

I'am not so sure about that. Marketing people tend to think they (and their

recepes) make the market, but they never conduct real stidies to prove that.

In the case of Windows, I guess the success stems from two elements:

- an open base for software developpers to construct their programs (and

this is actually one oint that is being forgotten by MS ... see the problem

of ZA and KB951748 that spraked all this discussion)

- the rapid incoporation in MS products of the good things from other

programs (see Word, that was clearly inferior to other word processing

packages, but improved ... now, it also got its sucess because MS made

access to Win difficult for other programs when moving from MS-Dos to

Windows)...

>

> Also, the strict control over licenses also played a very important role

> in making Linux what it is today: secure, open source and, these days,

> with better GUI than Windows in many respects. Had Windows been "open",

> maybe there would not have been as much impetus in making Linux distros

> so user friendly. I have myself seen that current version of Ubuntu is

> much more easier to install than Windows!

>

>

Quote

Guest Harry Johnston [MVP]

Posted July 20, 2008

V Green wrote:

> ZA WORKED before the update. The update BROKE it.

> So it's ZA's problem?

Strictly speaking, ZA prevented the update from functioning properly. For the

record, according to my best understanding of the technical details of the

conflict, even if Microsoft had known about the issue there wasn't anything they

could have done about it.

Harry.

Quote

Guest Harry Johnston [MVP]

Posted July 20, 2008

John John (MVP) wrote:

> When users tell you they want other features all you can do is berate

> them and try to impose your views on them. The fact is that there is

> nothing wrong with many of the third party firewalls out there [...]

Except that they subvert the functionality of the operating system, increasing

the risk of ... well, to choose an example completely at random, losing internet

connectivity after applying a security update. :-)

It's a trade-off. There is some security benefit - provided the malware in

question is carelessly written - but is it worth the costs?

On the whole, the computer security industry spends enough on advertising that I

don't think it hurts to have the occasional person noisily presenting the other

side of the case!

Harry.

Quote

Guest John John (MVP)

Posted July 20, 2008

Kayman wrote:

> On Fri, 18 Jul 2008 12:43:26 -0300, John John (MVP) wrote:

>

> <snip for brevity>

>

>>>>Before Windows XP what were people using?

>>>

>>>I don't know but I was using a 3rd party (so-called) firewall application

>>>and (incidentally) Registry Cleaner :-)

>>

>>What do registry cleaners have to do with firewalls? Why are you even

>>mentioning them here, if only as a feeble attempt to muddle the issue?

>

> John, John (MVP), as I mentioned in a preceding thread, you can't be very

> intelligent and your lateral thinking capabilities are vitually not

> existent! Prior NT these apps were basically regarded essential tools.

> Don't you you know the meaning of "incidentally" ?

The best you can do now is resort to personal attacks, says a lot about you.

The point to be made is that before XP was released third party firewall

products were the only alternative to hardware firewalls, many of these

third party firewall products were good and many were free. These were

trusted applications from trusted companies. Then, overnight, just

because Windows XP was released, in the eyes of a zealous few these

companies became villains peddling worthless products! A couple of

individuals decided to tar and feather a whole ISV group with the same

wide brush! That is wrong, absolutely wrong, and the attack on some of

those ISVs is completely unwarranted, those ISVs were trusted companies

the day before XP hit the market and they were no less trustworthy the

day after XP was released. Much of the hype against those ISVs is

nothing more than blind zealotry!

There is also a developing and troubling trend in this whole debate, one

that some people are bent on spreading at all costs, that because

software firewalls are not immune to exploits by malware attempting to

send data to outside networks, then by simple deduction any and all

egress filtering as a security concept is unnecessary. Egress filtering

at the perimeter, done by reliable network appliances, is a vital part

of network security, without proper egress control your network security

is incomplete, ignore egress traffic at your own perils! Maybe you do

not value your data, but others do! In a perfect world there would be

no pests, no virus, worms, or trojans. No one would try to pry at your

private data and malicious attacks against computers would be non

existent. Of course we don't live in a perfect world and people are

going to continue to get infected with all kinds of pests and some of

those pests will attempt to steal private data, the value of egress

control has not diminished when Windows XP was released, over the years

the need for proper egress filtering has not diminished or vanished, it

has increased.

John

Quote

Guest Paul (Bornival)

Posted July 20, 2008

"Harry Johnston [MVP]" wrote:

> V Green wrote:

>

> > ZA WORKED before the update. The update BROKE it.

> > So it's ZA's problem?

>

> Strictly speaking, ZA prevented the update from functioning properly. For the

> record, according to my best understanding of the technical details of the

> conflict, even if Microsoft had known about the issue there wasn't anything they

> could have done about it.

>

> Harry.

>

Where can we find the technical details of the incompatibility. I have been

looking hard but have not found anything relevant so far (or so vague you

can't understand what is going on).

Quote

Guest Harry Johnston [MVP]

Posted July 20, 2008

Paul (Bornival) wrote:

> Where can we find the technical details of the incompatibility. I have been

> looking hard but have not found anything relevant so far (or so vague you

> can't understand what is going on).

I believe there is some information on the ZoneAlarm forums, and there's been a

fair bit of discussion in microsoft.public.windowsupdate.

The quick summary, as I understand it, is that ZoneAlarm couldn't cope with the

fact that the update modified some of the system files associated with internet

access. It wasn't anything specific about the way they were changed, simply the

fact that they had changed.

Harry.

Quote

Guest Kayman

Posted July 20, 2008

On Sun, 20 Jul 2008 10:57:01 -0700, Paul (Bornival) wrote:

> "Harry Johnston [MVP]" wrote:

>

>> V Green wrote:

>>

>>> ZA WORKED before the update. The update BROKE it.

>>> So it's ZA's problem?

>>

>> Strictly speaking, ZA prevented the update from functioning properly. For the

>> record, according to my best understanding of the technical details of the

>> conflict, even if Microsoft had known about the issue there wasn't anything they

>> could have done about it.

>>

>> Harry.

>>

>

> Where can we find the technical details of the incompatibility. I have been

> looking hard but have not found anything relevant so far (or so vague you

> can't understand what is going on).

Informative reading:

Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch

Released

http://securosis.com/2008/07/08/dan-kamins...patch-released/

"Dan Kaminsky was finally successful in getting the security research

community to back his claims to the design flaw with DNS."

http://tech.blorge.com/Structure:%20/2008/...d-with-dns-bug/

DNS flaw discoverer says more permanent fixes will be needed

Current patch options merely stopgaps; worst attacks likely on the way

http://www.computerworld.com/action/articl...84&pageNumber=1

Just a quick note...

http://www.doxpara.com/

Multiple DNS implementations vulnerable to cache poisoning

http://www.kb.cert.org/vuls/id/800113

Quote

Guest Kayman

Posted July 21, 2008

On Sun, 20 Jul 2008 10:24:26 -0300, John John (MVP) wrote:

> Kayman wrote:

>

>> On Fri, 18 Jul 2008 12:43:26 -0300, John John (MVP) wrote:

>>

>> <snip for brevity>

>>

>>>>>Before Windows XP what were people using?

>>>>

>>>>I don't know but I was using a 3rd party (so-called) firewall application

>>>>and (incidentally) Registry Cleaner :-)

>>>

>>>What do registry cleaners have to do with firewalls? Why are you even

>>>mentioning them here, if only as a feeble attempt to muddle the issue?

>>

>> John, John (MVP), as I mentioned in a preceding thread, you can't be very

>> intelligent and your lateral thinking capabilities are vitually not

>> existent! Prior NT these apps were basically regarded essential tools.

>> Don't you you know the meaning of "incidentally" ?

>

> The best you can do now is resort to personal attacks, says a lot about you.

Nonsense, the "attacks" are nothing but observations based on your

immature and ill informed responses! In any case, you made your own bed!

You started this by calling me names (remember?)...I can only assume you

were smoking this stuff (i.e. crack & pot).

> The point to be made is that before XP was released third party firewall

> products were the only alternative to hardware firewalls, many of these

> third party firewall products were good and many were free.

Yes, as I had mentioned many times previously - Prior NT !

> These were trusted applications from trusted companies.

I wouldn't go that far, but admittedly some of these software were suitable

for platforms prior NT.

(Which company did you say you are representing?)

> Then, overnight, just

> because Windows XP was released, in the eyes of a zealous few these

> companies became villains peddling worthless products! A couple of

> individuals decided to tar and feather a whole ISV group with the same

> wide brush! That is wrong, absolutely wrong, and the attack on some of

> those ISVs is completely unwarranted, those ISVs were trusted companies

> the day before XP hit the market and they were no less trustworthy the

> day after XP was released. Much of the hype against those ISVs is

> nothing more than blind zealotry!

You rant is (again) embarrassing. And YES , with the introduction of XP

these 3rd party personal (so-called) firewalls became superfluous [PERIOD]!

The makers of these Illusion Ware recognized this very quickly. The dollar

almighty is their foremost motivation, not users' security..hence the hype!

(by which you're blinded with).

> There is also a developing and troubling trend in this whole debate, one

> that some people are bent on spreading at all costs, that because

> software firewalls are not immune to exploits by malware attempting to

> send data to outside networks, then by simple deduction any and all

> egress filtering as a security concept is unnecessary. Egress filtering

> at the perimeter, done by reliable network appliances, is a vital part

> of network security, without proper egress control your network security

> is incomplete, ignore egress traffic at your own perils!

Fact:

Outbound control on an XP platform as a security measure against malware is

still utter nonsense.

The windows platform was designed with usability in mind providing all

kinds of possibilities for e.g. inter-process communication. This

together with the very high probability that the user is running with

unrestricted rights makes it impossible to prevent malware allowed to

run and determined to by-pass any outbound "control" (which, of course

modern malware is) from doing so. It's simply too unreliable to

qualify as a security measure.

Fact:

Malware must be stopped at the front door and NOT allowed to run

believing that its behavior can be somehow "controlled". In a

multi-purpose OS like windows with all programs running with

unrestricted rights, if program A can control program B, what prevents

program B from controlling program A (or C which A has already granted

permission for that matter)? (thx RK)

> Maybe you do not value your data, but others do!

There you go again , another "crystal ball" statement!

You don't know my values! And you're really talking about YOU , now

don't you?

> In a perfect world there would be

> no pests, no virus, worms, or trojans. No one would try to pry at your

> private data and malicious attacks against computers would be non

> existent. Of course we don't live in a perfect world and people are

> going to continue to get infected with all kinds of pests and some of

> those pests will attempt to steal private data, the value of egress

> control has not diminished when Windows XP was released, over the years

> the need for proper egress filtering has not diminished or vanished, it

> has increased.

Fact:

The only reasonable way to deal with malware is to prevent it from being

run in the first place. That's what AV software or Windows' System

Restriction Policies are doing. And what 3rd party Personal (so-called)

Firewalls fail to do!

John John (MVP), would you please educate and inform yourself by studying

publications not associated with any COMMERCIAL influence. Additionally,

the authors of these publications can be contacted....why don't you bite

the bullet and do so? It'll brighten your horizon and you could pass on

your newly acquired knowledge to this and other newsgroups.

You may wish to utilize this:

Configuring NT-services much more secure.

http://www.ntsvcfg.de/ntsvcfg_eng.html

Quote

Guest Root Kit

Posted July 21, 2008

On Sun, 20 Jul 2008 10:24:26 -0300, "John John (MVP)"

<audetweld@nbnet.nb.ca> wrote:

>The point to be made is that before XP was released third party firewall

>products were the only alternative to hardware firewalls

That's not entirely true. You are missing the obvious (and in fact

most secure) alternative of shutting down the unneeded network

services (which should of course have been the windows default

setting). I used to run a W2K machine with a direct Internet

connection without any inbound "protection" at all and without

problems for several years. And to be honest, still today I wouldn't

loose any sleep over operating a hardened W2K client machine directly

on the net.

>These were trusted applications from trusted companies.

I guess that's an opinion open for debate.

>Then, overnight, just because Windows XP was released, in the eyes of a

>zealous few these companies became villains peddling worthless products!

That's also not true. They were highly criticized among specialists

already before that. It's just hard to get through the marketing

noise.

>A couple of individuals decided to tar and feather a whole ISV group with the same

>wide brush! That is wrong, absolutely wrong, and the attack on some of

>those ISVs is completely unwarranted, those ISVs were trusted companies

>the day before XP hit the market and they were no less trustworthy the

>day after XP was released. Much of the hype against those ISVs is

>nothing more than blind zealotry!

I think it's absolutely fair that some people stand up against the

obvious hype and in cases utter nonsense that the marketing

departments of these companies were and are still using to fool less

knowledgeable users into buying their products. I find it a bit

worrying that an MVP does not have the technical insight to see

through the smoke.

I've asked this before without getting any responses: Why are there no

web pages with listings of personal firewall software available for

Linux? Well, don't bother. I already know the answer.

Please understand that I'm not in any way trying to "defend" MS. I

fully recognize that windows has it's serious security flaws. But when

claiming that it can be made more secure by adding further highly

questionable code to it, one has stepped away from technical sense and

into emotional reasoning - often backed by non-applicable analogies.

>There is also a developing and troubling trend in this whole debate, one

>that some people are bent on spreading at all costs, that because

>software firewalls are not immune to exploits by malware attempting to

>send data to outside networks, then by simple deduction any and all

>egress filtering as a security concept is unnecessary.

Who is that? - I for sure have not been spreading that thought.

>Egress filtering at the perimeter, done by reliable network appliances, is a vital part

>of network security,

Agreed.

Quote

Guest Root Kit

Posted July 21, 2008

On Mon, 21 Jul 2008 07:41:27 +0700, Kayman

<kaymanDeleteThis@operamail.com> wrote:

>> The point to be made is that before XP was released third party firewall

>> products were the only alternative to hardware firewalls, many of these

>> third party firewall products were good and many were free.

>

>Yes, as I had mentioned many times previously - Prior NT !

In fact even the windows 9x platform usually didn't need any packet

filtering. You'd just have to unbind any network service from your

network interface that you didn't want.

Quote

Guest John John (MVP)

Posted July 21, 2008

Kayman wrote:

> Fact:

> The only reasonable way to deal with malware is to prevent it from being

> run in the first place. That's what AV software or Windows' System

> Restriction Policies are doing. And what 3rd party Personal (so-called)

> Firewalls fail to do!

>

> John John (MVP), would you please educate and inform yourself by studying

> publications not associated with any COMMERCIAL influence. Additionally,

> the authors of these publications can be contacted....why don't you bite

> the bullet and do so? It'll brighten your horizon and you could pass on

> your newly acquired knowledge to this and other newsgroups.

Only a fool would claim that proper egress control has no place in

network security. Even the experts at Microsoft advise users to protect

their data with egress control. You, of course, also know better than

the folks at Microsoft.

John

Quote

Guest Root Kit

Posted July 21, 2008

On Mon, 21 Jul 2008 09:14:31 -0300, "John John (MVP)"

<audetweld@nbnet.nb.ca> wrote:

>Only a fool would claim that proper egress control has no place in

>network security. Even the experts at Microsoft advise users to protect

>their data with egress control.

Beside of the fact that "Only a fool would claim..." marks the

beginning of a non-argument - who are you addressing here? I don't

recall anyone making the claim you're stating.

Quote

Guest Kayman

Posted July 21, 2008

On Mon, 21 Jul 2008 09:14:31 -0300, John John (MVP) wrote:

> Kayman wrote:

>

>> Fact:

>> The only reasonable way to deal with malware is to prevent it from being

>> run in the first place. That's what AV software or Windows' System

>> Restriction Policies are doing. And what 3rd party Personal (so-called)

>> Firewalls fail to do!

>>

>> John John (MVP), would you please educate and inform yourself by studying

>> publications not associated with any COMMERCIAL influence. Additionally,

>> the authors of these publications can be contacted....why don't you bite

>> the bullet and do so? It'll brighten your horizon and you could pass on

>> your newly acquired knowledge to this and other newsgroups.

>

> Only a fool...

You just can't help yourself, can you.

Name calling does not hide your immaturity.

> ...would claim that proper egress control has no place in network security.

Where precisely did I claim that?

> Even the experts at Microsoft advise users to protect their data with

> egress control.

Which 3rd party personal (so-called) firewall is MSFT recommending?

Where are links, URL's, publications?

> You, of course, also know better than the folks at Microsoft.

Your assumption is nothing but an assumption (you've got to replace that

crystal ball). And who in particular from MSFT are you referring to? I'd be

genuinely interested to read their write-ups. If you're referring to the

authors already mentioned in this thread, please point me to their

publication(s) which state that 3rd party personal (so-called) firewall is

an effective tool for controlling egress traffic.

It seems you either totally not understanding my point or deliberately

evading the issue!

MSFT knows exactly well that outbound application protection is an

illusion, which is why they don't offer such a (phony-baloney) thing.

Unlike you, they understand the nature of their operating system, and are

even honest enough to admit that outbound control is way too unreliable.

Even commercial enterprises like Sunbelt, makers of Kerio and Steve Gibson

of Gibson Research Corporation have finally conceded this fact!

Now don't change directions here and twist this straightforward post into a

convoluted psychedelic drivel.

John John (MVP), WHERE IS THE BEEF? SHOW US THE MONEY! PUT UP OR SHUT UP!

Quote

Guest Paul (Bornival)

Posted July 21, 2008

"Kayman" wrote:

> > Where can we find the technical details of the incompatibility. I have been

> > looking hard but have not found anything relevant so far (or so vague you

> > can't understand what is going on).

>

> Informative reading:

>

> Dan Kaminsky Discovers Fundamental Issue In DNS: ...

Thank you. But I have actually read all those documents. What I was

interested in was to understand the technical (ral) reason for the

incompatibility of ZA with KB951748.

Quote

Guest Paul (Bornival)

Posted July 21, 2008

"Harry Johnston [MVP]" wrote:

> Paul (Bornival) wrote:

>

> > Where can we find the technical details of the incompatibility. I have been

> > looking hard but have not found anything relevant so far (or so vague you

> > can't understand what is going on).

>

> I believe there is some information on the ZoneAlarm forums, and there's been a

> fair bit of discussion in microsoft.public.windowsupdate.

>

> The quick summary, as I understand it, is that ZoneAlarm couldn't cope with the

> fact that the update modified some of the system files associated with internet

> access. It wasn't anything specific about the way they were changed, simply the

> fact that they had changed.

>

> Harry.

Thank you for your reply. I checked these forums but could not find

specific information. Do you know which files were modified and why ZA could

not cope with them ?

Quote

Guest John John (MVP)

Posted July 21, 2008

Kayman wrote:

> On Mon, 21 Jul 2008 09:14:31 -0300, John John (MVP) wrote:

>

>

>>Kayman wrote:

>>

>>

>>>Fact:

>>>The only reasonable way to deal with malware is to prevent it from being

>>>run in the first place. That's what AV software or Windows' System

>>>Restriction Policies are doing. And what 3rd party Personal (so-called)

>>>Firewalls fail to do!

>>>

>>>John John (MVP), would you please educate and inform yourself by studying

>>>publications not associated with any COMMERCIAL influence. Additionally,

>>>the authors of these publications can be contacted....why don't you bite

>>>the bullet and do so? It'll brighten your horizon and you could pass on

>>>your newly acquired knowledge to this and other newsgroups.

>>

>>Only a fool...

>

> You just can't help yourself, can you.

> Name calling does not hide your immaturity.

>

>

>>...would claim that proper egress control has no place in network security.

>

> Where precisely did I claim that?

>

>

>>Even the experts at Microsoft advise users to protect their data with

>>egress control.

>

> Which 3rd party personal (so-called) firewall is MSFT recommending?

> Where are links, URL's, publications?

>

>

>>You, of course, also know better than the folks at Microsoft.

>

> Your assumption is nothing but an assumption (you've got to replace that

> crystal ball). And who in particular from MSFT are you referring to? I'd be

> genuinely interested to read their write-ups. If you're referring to the

> authors already mentioned in this thread, please point me to their

> publication(s) which state that 3rd party personal (so-called) firewall is

> an effective tool for controlling egress traffic.

> It seems you either totally not understanding my point or deliberately

> evading the issue!

> MSFT knows exactly well that outbound application protection is an

> illusion, which is why they don't offer such a (phony-baloney) thing.

> Unlike you, they understand the nature of their operating system, and are

> even honest enough to admit that outbound control is way too unreliable.

> Even commercial enterprises like Sunbelt, makers of Kerio and Steve Gibson

> of Gibson Research Corporation have finally conceded this fact!

> Now don't change directions here and twist this straightforward post into a

> convoluted psychedelic drivel.

> John John (MVP), WHERE IS THE BEEF? SHOW US THE MONEY! PUT UP OR SHUT UP!

You constantly shift the discussion from the value of proper egress

filtering to software firewalls, even though I have said right from the

start that egress filtering at the firewall can be foiled and that users

should consider better methods. So get it in your thick skull, egress

filtering at a perimeter appliance is a sound security measure, even the

folks at Microsoft will tell you this:

http://msdn.microsoft.com/en-us/library/aa302431.aspx

Now maybe you should read what is says there and get a grip on yourself,

you don't know all that there is to know about network security and data

protection! Quite frankly you should not be one to speak of drivel, you

spew enough of it yourself! If you are really too stupid to recognize

the purpose and usefulness of egress traffic control then you are indeed

lacking in the basics of network and data security!

John

Quote

Guest Harry Johnston [MVP]

Posted July 21, 2008

John John (MVP) wrote:

> You constantly shift the discussion from the value of proper egress

> filtering to software firewalls, even though I have said right from the

> start that egress filtering at the firewall can be foiled and that users

> should consider better methods. So get it in your thick skull, egress

> filtering at a perimeter appliance is a sound security measure, [...]

As far as I recall, nobody in this thread has ever said otherwise. The

discussion is about software firewalls, after all!

Harry.

Quote

Guest Harry Johnston [MVP]

Posted July 21, 2008

Paul (Bornival) wrote:

> Thank you for your reply. I checked these forums but could not find

> specific information. Do you know which files were modified and why ZA could

> not cope with them ?

The Microsoft KB article describes the files that the update replaces:

http://support.microsoft.com/kb/951748

<http://support.microsoft.com/kb/951748>

I haven't confirmed this myself, but my understanding is that ZA assumed that

the changes were due to malware infection and refused to use the files.

Harry.

Quote

Prev
2
3
4
5
6
7
8
Next
Page 7 of 8

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

× Pasted as rich text. Paste as plain text instead

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

×

Share

https://offtopic.forum/topic/169926-fix-for-zonealarm-kb951748-issue-released/

Followers 0

Go to topic listing

×

Browse
- Back
- Forums
- Blogs
- Events
- Articles
- Downloads
- Gallery
- Staff
- Online Users
- Leaderboard
Activity
- Back
- All Activity
- Search
Support
- Back
- Support

×

Create New...

Sign In

FIX for ZoneAlarm & KB951748 issue released

Recommended Posts

Guest Root Kit

Popular Days

Popular Days

Guest Stinger

Guest Jim Carlock

Guest Root Kit

Guest Kayman

Guest Kayman

Guest Phyllis

Guest Paul (Bornival)

Guest Harry Johnston [MVP]

Guest Harry Johnston [MVP]

Guest John John (MVP)

Guest Paul (Bornival)

Guest Harry Johnston [MVP]

Guest Kayman

Guest Kayman

Guest Root Kit

Guest Root Kit

Guest John John (MVP)

Guest Root Kit

Guest Kayman

Guest Paul (Bornival)

Guest Paul (Bornival)

Guest John John (MVP)

Guest Harry Johnston [MVP]

Guest Harry Johnston [MVP]

Join the conversation

Browse

Activity

Support