Nunya said:As a rank and file home user with above average skills (but not an
expert), and as a person with marketing and PR experience, here's
my impression:
MS and ZA both screwed up.
First, ZA is widely used. Second, MS should have, or could have
known that the July update would therefore have a broad negative
impact. Third, *if* ZA had enough advance warning to issue a
corrective fix before the update, and just knowingly and
negligently chose to do so for no particular good reason, double
shame on them. But that does not really seem likely. However its
indisputable that the first two are true.
Both screwed up because:
MS did not make any effort to make the ZA problem known. The issue
was not discussed on the web page for the update, nor was there any
other alert associated with the update. Yet there is no way they
were not aware of the problem before pushing the update, unless
they were negligent in their preparations. Either way, bad on MS.
They left average home users, the most affected single group,
completely utterly in the dark. Those users do not usually know
where to look, such as in these newsgroups, to find out about such
problems. And any more, since half of them use the scum-ridden
Google Groups, they could not access them anyway, MS having trashed
their WWW access.
ZA did a very very poor job of responding to the problem. It was a
pain in the neck for me to find out that it was a ZA problem at
all. I knew enough to uninstall the update, something many home
users would not necessarily think to do, or know how to do. Going
back to a restore point, as many of them did, is an excessively
destructive solution.
When I tried to find the updates through the click point in the ZA
software "check for updates", repeatedly, N**none** were found.
When I went to the web pages suggested in these NGs for the fix, at
the time I checked, the links to the updates were not there.
Several on these groups became frustrated with me for asking
repeatedly, but somehow they did not manage to keep these links
posted as they apparently kept making changes to the page. Finally
on hard refresh I found the links. Bad on ZA.
From now on I will not allow MS to install any updates
automatically and will check for problems for a few days before
accepting them.
And due to this and other past avoidable ZA problems, plus
information that indicates their firewall is only marginally
effective at best, I will move on to a better firewall.
Nunya said:ZA did a very very poor job of responding to the problem. It was a pain in
the neck for me to find out that it was a ZA problem at all. I knew enough
to uninstall the update, something many home users would not necessarily
From now on I will not allow MS to install any updates automatically and
will check for problems for a few days before accepting them.
And due to this and other past avoidable ZA problems, plus information that
indicates their firewall is only marginally effective at best, I will move
on to a better firewall.
Leonard said:Is there perhaps something I can do to kill this worthless thread?
Would you like to see pictures from my last vacation? It was real
fun until we got lost...but that's a l-o-n-g story. It all started
one day when the sky was clear and the sun was bright...
Shenan said:<snipped>
Conversation in entirety:
http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
Comments in-line...
How would MS have known (as you state - before pushing the patch) that
somebody elses firewall application (created and supported by another
company) would have problems with this patch...? What are the limits
in what third-party things a company must test to ensure that fixing
their own product won't cause issues with someone elses product?
--%<----
Then again - I did see that part of your discussion and every time I
went to the web page link during that time - the thing you were being
told was there - was there. Then you would answer that it was not -
but I could still see it. It is possible that something was awry on
your computer(s) - or it was cached, proxy, etc and not refreshed.
*shrug*
For an educated person - that is always the wisest choice. Control
your data/stuff completely - only you know the nuances of it and what
is/is not important to you. Why anyone would do anything else is
beyond me. ;-)
The built-in Windows XP firewall (especially if you are also behind a
NAT router of some sort for any high-speed Internet you might have
and keep you AV/AS updated) is *more* than sufficient.
For _most_ home-users - anything more than what is built into Windows
XP and later (consumer OSes from Microsoft) is usually wasted space
and time in terms of 'firewall protection' - IMHO. Why add the
complication(s) and possible problem(s) (as demonstrated so well in
this case) if there is no logical reason to and especially if the
home user probably would not be able to fix it themselves in case of
a problem.
Paul said:Hi, everyone,
This thread has seen a very "active" discusssion about the mutual
responsibilities of MS and ZA for the "loss of Internet access"
disaster linked to the issue of KB951748.
For sure, the DNS issue was known by the main software
manufacturerers much before July 8th, and ZA could have been more
proactive.
However, the argument that MS can change its software "ex abrubto"
and put the culprit on 3d party software in case of problems
(because, for ZA, the 3d party has modified a core component of its
system) needs to be re-examined. Indeed,
- the main reason why people adopted ZA firewall (or other 3d party
firewalls) is because neither Win95/98/ME or WinXP (before SP2) had
any protection in this context (more about that on
http://en.wikipedia.org/wiki/Windows_Firewall). The firewall
introduced with WinXP SP2 was only directed against attacks from
outside but did not block anything from inside (this was considered
as unecessary, and claimed as such on this forum, ... untill,
eventually, Vista introduced it, which demonstrates its usefulness...)
- as a result, mots of us had to use 3d party firewalls to prortect
our computers (I did so after seeing my unprotected WinXP computers
so easily attacked ...).
I submit that MS should recognize that, because it introduced a decent
firewall only recently, it has to respect those users who installed a
3d party firewal ... and have remained faithful to it.
Although, stricto sensu, MS is not obliged to take into consideration
all 3d party sofware when thay make chnages that may affect the users
of such software, they could have been more prudent in this case.
In a broader context, MS built its success (vs. Apple) by making an
OS on which 3d parties could buid their own applications. Ignoring
this now (and stating that they have "nothing to do with 3d party
software") may well cause important problems, and the demise of MS in
the future. In ancient Rome, people said "Jupiter blinds those who
he will kill" and "The Tarpeian rock is close to the Capitol". In
this particular case, I'm afraid that MS was blind... even if it was
technically and legally right, and has forgotten that falling from
the Capitol hill is easier than climbing it.
Shenan said:Zone Alarm is popular - but it is not (by far) the only option around
(or that was around in many cases) and not everyone is running it as
their third-party solution - which means there will be MANY different
ones they would have to 'test' - and which versions (of each one) do
you test? What are the limitation on how far back you test? After
all - people are reporting in this very conversation that some older
versions of Zone Alarm itself do not exhibit the issues of the
version right before the patch to remedy this problem - which tells
me that Zone Alarm didn't have this issue, did have this issue,
doesn't have this issue again (if you just pretend the patch could
have been released some time ago.)
Joan said:<lol> I just got rid of ZA <g>
PA Bear said:No, sorry. It's been a very long week...
...To tell you the truth, I don't think there is any
need for third party firewall especially when you have got Windows XP's
firewall enabled (OR Vista's) and your Modem/Router has its own firewall.
From time to time, you will always have third party software conflict with
MS patches but this is all part and parcel of the game to protect you in
the long run.
I do not think that you have grasped the problem here it is not ZoneNunya said:As a rank and file home user with above average skills (but not an expert),
and as a person with marketing and PR experience, here's my impression:
MS and ZA both screwed up.
First, ZA is widely used. Second, MS should have, or could have known that
the July update would therefore have a broad negative impact. Third, *if* ZA
had enough advance warning to issue a corrective fix before the update, and
just knowingly and negligently chose to do so for no particular good reason,
double shame on them. But that does not really seem likely. However its
indisputable that the first two are true.
Both screwed up because:
MS did not make any effort to make the ZA problem known. The issue was not
discussed on the web page for the update, nor was there any other alert
associated with the update. Yet there is no way they were not aware of the
problem before pushing the update, unless they were negligent in their
preparations. Either way, bad on MS. They left average home users, the most
affected single group, completely utterly in the dark. Those users do not
usually know where to look, such as in these newsgroups, to find out about
such problems. And any more, since half of them use the scum-ridden Google
Groups, they could not access them anyway, MS having trashed their WWW
access.
ZA did a very very poor job of responding to the problem. It was a pain in
the neck for me to find out that it was a ZA problem at all. I knew enough
to uninstall the update, something many home users would not necessarily
think to do, or know how to do. Going back to a restore point, as many of
them did, is an excessively destructive solution.
When I tried to find the updates through the click point in the ZA software
"check for updates", repeatedly, N**none** were found. When I went to the
web pages suggested in these NGs for the fix, at the time I checked, the
links to the updates were not there. Several on these groups became
frustrated with me for asking repeatedly, but somehow they did not manage to
keep these links posted as they apparently kept making changes to the page.
Finally on hard refresh I found the links. Bad on ZA.
From now on I will not allow MS to install any updates automatically and
will check for problems for a few days before accepting them.
And due to this and other past avoidable ZA problems, plus information that
indicates their firewall is only marginally effective at best, I will move
on to a better firewall.
MartyB in KC
Charles Lee said:problems are now fixed with security update & ZA in ZoneAlarms latest
update... all releases covered, from basic to the full suite
Follow the link below, download new update version of ZA 70.483.000, and
then download the security update KB 951748 afterwards.
I have done all pc's on my home network... all back to normal....
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
PA Bear said:[Crossposted to Windows Update, WinXP General, IE General, Security,
Security Home Users newsgroups]
Resolution [was Workaround] for Sudden Loss of Internet Access Problem
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
(revised multiple times since release on 08 July 2008)
NB: Do NOT use Option #2 if at all possible! The vulnerability addressed
by KB951748 *is* a big deal! See
http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
Want to consider other, more highly-rated firewalls?
http://www.matousec.com/projects/firewall-challenge/results.php
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
I am not sure I understand the above statement. I am curious what it
really means. Could you please explain and give an example or two.
Root said:The windows platform was designed with usability in mind providing all
kinds of possibilities for e.g. inter-process communication. This
together with the very high probability that the user is running with
unrestricted rights makes it impossible to prevent malware allowed to
run and determined to by-pass any outbound "control" (which, of course
modern malware is) from doing so. It's simply too unreliable to
qualify as a security measure.
Malware must be stopped at the front door and *not* allowed to run
believing that its behavior can be somehow "controlled". In a
multi-purpose OS like windows with all programs running with
unrestricted rights, if program A can control program B, what prevents
program B from controlling program A (or C which A has already granted
permission for that matter)?
Hence the rule that one should not be logged in with administrative
rights for day to day usage of Windows unless doing computer maintenance
tasks. Your reasoning above just proves that this makes perfect sense.
The users who are logged in with admin privileges and not *extremely*
careful about their browsing habits get what they ask for when their
computer is hosed due to malware.
What would have been the 'thing to do' with all these variables in place, in
your opinion?
Root Kit said:Malware must be stopped at the front door and *not* allowed to run
believing that its behavior can be somehow "controlled". In a
multi-purpose OS like windows with all programs running with
unrestricted rights, if program A can control program B, what prevents
program B from controlling program A (or C which A has already granted
permission for that matter)?
Root Kit said:This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.
Pre SP2, all you needed to do was turn the FW on, or even better -
shut down unnecessary network services, which MS unfortunately has a
bad habit of having running by default.
The sucessfull attacks on WinXP computers I was were before the introduction
of SP2. This was completely and effectively avoided after installing ZA.
When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
ZA was eventually easier to adjust to our needs. This is why I remained
faithfl to ZA (and I'm not the only one...).
Note that turning off WinXP network services was not possible (or largely
unpractical) given our needs of communication between computers.
I'll give a simple example where outbound control would have prevented what
was nearly a disaster.
One of our computer was inadvertently infected by a
malware that used the Outlook address book of the user and start sending
e-mails to all addressees...
If ZA would have been installed, this would not
have happened because it can be configured to block the sending of mass
e-mails.
Outbound protection may not catch everythig and is not perfect, but
why not using it if you can ?
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.