Friday, 11 July 2008

Microsoft patch hoses computers running ZoneAlarm

zonealarm ms update pic copyFrom vnunet.com 10.07.08:

Hundreds of thousands of ZoneAlarm firewall users have been locked out of the internet by Microsoft's latest round of software updates.

Microsoft released four 'important' fixes as part of its regular Patch Tuesday update, one of which left ZoneAlarm users without web access.

The MS08-037 fix is designed to plug a vulnerability in Windows' implementations of the Domain Name System protocol, but has been responsible for "compatibility issues " with ZoneAlarm.

I was afflicted with just this problem yesterday morning when I booted up my XP machine. The previous day I’d been playing around with a couple of new programs as well as installing the 4 patches Microsoft pushed out for July so immediately thought that one of them was responsible. Having established my internet connection was just fine on another computer, I ran a system restore which rolled my machine’s operating system and program files back to a previous state. Thankfully, this finally allowed me to connect to the internet. It was only later in the day that I became aware of the ZoneAlarm problem and that this was the cause of my earlier troubles.

While Zone Labs have now released an updated version of their firewall and internet security suite, they offered three workarounds in the meantime:

1. Uninstall the MS patch – what I effectively did

2. Change the internet security zone setting down from ‘high’ to ‘medium’.

3. Adding the relevant ISP's DNS servers to ZoneAlarm's trusted zone.

For what it’s worth, this problem only hit me since I left Automatic Updates fully on since I last did a clean install of Windows. Previously, I had been in the habit of leaving the setting on ‘Notify me but don't automatically download or install’ after the 2006 debacle when Microsoft started pushing out WGA (Windows Genuine Advantage) via Automatic Updates. As Brian Livingston commented in his article, Dump Windows Update - use alternatives, “the code, which qualifies as spyware under any objective definition, was programmed to contact Microsoft's servers every 24 hours.”

That didn’t sit well with me at all. In case the Redmond giant tried to pull a similar stunt, I adopted a ‘wait and see’ policy for a few days or so after patches were released to observe how they were faring on the machines of the millions of users who jumped straight in and got the updates immediately. That way, if anyone’s system was going to be hosed, it shouldn’t have been mine. Suffice I say after this experience, I’ll be returning to my previous ‘patch practice’ and holding off for a while before installing the monthly batch of patches.

And if you’re wondering, yes, I’m going to be sticking with ZoneAlarm. For one, this fiasco wasn’t actually their fault and now the dust has settled, I don’t think apportioning blame is the best thing for anyone here. Software conflictions remain a fact of life and as long as there are remedies ASAP, it’s something we all just need to live with. While ZoneAlarm isn’t perfect, I’m not convinced there are more effective products that come with fewer overall grievances to choose from right now.

10 comments:

  1. Meh... I stopped using ZoneAlarm long time ago, because it wasn't doing anything for me. I think it just gives people a piece of mind :p

    But then I'm not connected to any local networks or anything, so the windows firewall does the job. :)

    ReplyDelete
  2. I had this issue too, it's really not fun to be sitting working at night and just as you're shutting down for the evening to realise that your internet is unresponsive.

    It's a sign of the times how worrying that is, especially if you decide to sit up and fix it rather than risk bringing a laptop without internet access in with you the next day.

    ReplyDelete
  3. Yeah, I know what you mean about the ZoneAlarm standalone firewall, Andro. I should have made it clear in the post that I'm actually using the full-blown ZA security suite.
    I like the ZA OS firewall which alerts you to programs/spyware/viruses etc. that try to launch other files/programs/processes and allow you to deny them. If I had been running it when I had my 'virus outbreak' last month, I'm certain it wouldn't have happened.

    Plus with a two-way firewall you can see what stuff is 'calling home'. :-)

    And P.S.
    I heard that one disgruntled ZoneAlarm user wanted to go to the HQ of Zone Lab and personally give each of the development team a wedgie they wouldn't forget to vent his frustration. Or so he claimed. :-O

    ReplyDelete
  4. Not related or anything but is anyone worried about Law Minx, she seems to have been away longer than I have!!!!

    ReplyDelete
  5. I think she is still about, FF. I saw her make a couple of comments on Andro's blog - says her blog will be up again soon.

    ReplyDelete
  6. Hiya Michael,
    This is totally off topic, I'm afraid but I am having horrendous problems with my blog - its been hijacked by a guy called Paul Masterson, and for the moment I can do nothing about it; my url has therefore changed - it is no longer lawminx.blogspot.com but minx610.blogspot.com, so you'll have to ammend your link to me, Im afraid!!
    (*rushes off, stressed, to tell everyone else of this catastrophe*!!!)

    ReplyDelete
  7. Yet another offtopic post (sorry): Michael, do you watch BigBrother? :p

    ReplyDelete
  8. Erm, on and off if it's on in the background, Andro. I've never actually sat down and watched it purposefully but I'm sometimes subjected to a snippet of it here and there. I'm not proud of it but there you are. :-\

    Shocking stuff about your blog, Minxy. But how could someone hijack it? Haven't you got to delete your account completely for it to be available for someone else?

    ReplyDelete
  9. I've changed the link for your blog, Minxy. Is there any chance of you getting your original URL back in the future?

    ReplyDelete
  10. Hi Michael,

    I hope to get my URL back soon - I'm in touch with blogger and google, though I think its about to come down to the battle of the IP address when it comes to claiming my posts back . I dont know how this person managed to hijack my blog, because the addy was never available for anyone's use except my own - needless to say this is something thats puzzling blogger, too. However, though the posts have for the moment disappeared, I am quite sure that I can come up with some nonsense as a replacement to keep you all entertained!! :)

    ReplyDelete