J
ju.c
Guest
Re: ZoneAlarm & KB951748 - My Fix Works!
I clearly wrote, "(Before the latest ZoneAlarm update)"
"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:#atBgmB5IHA.776@TK2MSFTNGP04.phx.gbl...
> ju.c wrote:
>> ZoneAlarm & KB951748 - Where's my internet?
>>
>> My solution that actually works after trying all those below and on
>> every other post, and you can keep all your other settings alone:
>>
>> 1. Open ZoneAlarm's 'Firewall' tab.
>> 2. Click the 'Custom' button under 'Internet Zone Security'.
>> 3. On the 'Internet Zone' section scroll down to 'Allow outgoing UDP
>> ports'.
>> 4. Check it and enter "80-3000", click 'Apply' button.
>> 5. Do the same for 'Allow outgoing TCP ports'.
>> 6. Click OK.
>>
>> * The range "80-3000" is just a guess on my part, if anyone knows a
>> better range please post it.
>>
>> Please post success or failure, thank you.
>>
>>
>> ZoneAlarm is investigating the issue with Microsoft update KB951748:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&thread.id=52785
>>
>> To solve this, just reset the ZA database and the ZA will be
>> "fresh" as when it was first installed:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
>>
>> ZoneAlarm Customer Care How to Perform a Clean Install:
>> http://www2.nohold.net/noHoldCust542/Prod_1/Articles55646/clean_install.html
>>
>> MS update KB951748 and ZoneAlarm:
>> http://www.dslreports.com/forum/r20759839-MS-update-KB951748-and-ZoneAlarm-PROBLEM
>>
>> *** Where the real blame lies!!!
>> Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor
>> Patch Released:
>> http://securosis.com/2008/07/08/dan...ue-in-dns-massive-multivendor-patch-released/
>>
>> To find out if the DNS server you use is vulnerable:
>> http://doxpara.com/
>
> Gis Bun wrote:
>> You don't want to open up ports as it opens up a can of worms. Your
>> suggestion opens around 2920 TCP and UDP ports.
>>
>> Take ZoneAlarms section option. It is the most secure.
>
> ju.c wrote:
>> I've asked this question a few times before, how is it possible to
>> be so dumb?
>>
>> What ports are opened?
>
> Gis Bun wrote:
>> Now I'm not a network security expert, but I do know [and probably
>> obvious] that the less you enable to the Internet, the better.
>>
>> When someone tries to hack into your system [all this of course is
>> an example], they will use a utility to scan ports to see which are
>> accessible. Once the port is open, they could have access to your
>> PC.
>> Alternatively, if your PC was infected with a trojan and you opened
>> a bunch of ports, the trojan may be programmed well enough to exit
>> your PC through an open port.
>
> ju.c wrote:
>> I'm going to enlighten you once and for all, you stupid fool, Gis
>> Bun!
>> (Before the latest ZoneAlarm update)
>>
>> Option 1
>> What to do - Move the slider from Stealth to Medium.
>> What it does - Enables all outgoing ports. (and more)
>>
>> Option 2
>> What to do - Uninstall KB951748.
>> What it does - Leaves you vulnerable.
>>
>> Option 3
>> What to do - Uninstall ZoneAlarm and use the Windows firewall.
>> What it does - Keep KB951748. Loose ZoneAlarm. No outgoing port
>> control.
>> My Option 4
>> What to do - Only allow limited outgoing ports.
>> What it does - Keeps ZoneAlarm on Stealth. You keep KB951748. Only
>> a few outgoing opened ports. Almost full security maintained.
>
> I am happy you found a solution (work-around) for the problem - but as you implied
> yourself (above) - it is a moot point now. Zone Alarm admitted and repaired their issue
> by releasing an update.
>
> What the last sentence says to me is, "everything else done prior to the update (your
> solution included) was not the optimum solution and now there *is* an optimum solution
> for those who feel they need something like Zone Alarm to 'protect' their system - which
> is to update to the latest version."
>
> There actually was a 'more secure option' than any of the ones listed above (before the
> patch - again this is a moot point) available out there...
>
> -----
> Add your DNS servers to trusted zone
>
> 1. From the "Overview" panel, select the "Firewall" panel then click on the "Zones" tab
> 2. Click "Add", then select "IP address" from the shortcut menu. The Add IP Address
> dialog appears. Select "trusted" from the Zone drop-down list
> 3. Type the IP address and a description in the boxes provided, then click "OK"
> 4. If you are not sure what IP addresses to add:
> - Click the Start Menu
> - Click on Run. Type "cmd.exe"
> - In the command prompt type: "ipconfig /all". Look for DNS Server(s)
> in the output of the command.
> - For each IP address listed, navigate to the "Zones" panel of the
> "Firewall" tab, add the IP address, select "Trusted Zone", and
> press "Apply"
> 5. After you are done adding DNS servers click the "Apply" button
> -----
>
> But again - all a moot point now.
>
> If someone feels they need the 'protection' that Zone Alarm gives them over that of the
> Windows SP2 Firewall - then their best course of action is to apply the latest version
> of Zone Alarm as suggested by the manufacturer themselves. I hope that anyone still out
> there experiencing this issue and searching for an answer that happens across this
> conversation first does *that* suggestion above all others (but - they are welcome to do
> the rest - their life.)
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
I clearly wrote, "(Before the latest ZoneAlarm update)"
"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:#atBgmB5IHA.776@TK2MSFTNGP04.phx.gbl...
> ju.c wrote:
>> ZoneAlarm & KB951748 - Where's my internet?
>>
>> My solution that actually works after trying all those below and on
>> every other post, and you can keep all your other settings alone:
>>
>> 1. Open ZoneAlarm's 'Firewall' tab.
>> 2. Click the 'Custom' button under 'Internet Zone Security'.
>> 3. On the 'Internet Zone' section scroll down to 'Allow outgoing UDP
>> ports'.
>> 4. Check it and enter "80-3000", click 'Apply' button.
>> 5. Do the same for 'Allow outgoing TCP ports'.
>> 6. Click OK.
>>
>> * The range "80-3000" is just a guess on my part, if anyone knows a
>> better range please post it.
>>
>> Please post success or failure, thank you.
>>
>>
>> ZoneAlarm is investigating the issue with Microsoft update KB951748:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&thread.id=52785
>>
>> To solve this, just reset the ZA database and the ZA will be
>> "fresh" as when it was first installed:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
>>
>> ZoneAlarm Customer Care How to Perform a Clean Install:
>> http://www2.nohold.net/noHoldCust542/Prod_1/Articles55646/clean_install.html
>>
>> MS update KB951748 and ZoneAlarm:
>> http://www.dslreports.com/forum/r20759839-MS-update-KB951748-and-ZoneAlarm-PROBLEM
>>
>> *** Where the real blame lies!!!
>> Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor
>> Patch Released:
>> http://securosis.com/2008/07/08/dan...ue-in-dns-massive-multivendor-patch-released/
>>
>> To find out if the DNS server you use is vulnerable:
>> http://doxpara.com/
>
> Gis Bun wrote:
>> You don't want to open up ports as it opens up a can of worms. Your
>> suggestion opens around 2920 TCP and UDP ports.
>>
>> Take ZoneAlarms section option. It is the most secure.
>
> ju.c wrote:
>> I've asked this question a few times before, how is it possible to
>> be so dumb?
>>
>> What ports are opened?
>
> Gis Bun wrote:
>> Now I'm not a network security expert, but I do know [and probably
>> obvious] that the less you enable to the Internet, the better.
>>
>> When someone tries to hack into your system [all this of course is
>> an example], they will use a utility to scan ports to see which are
>> accessible. Once the port is open, they could have access to your
>> PC.
>> Alternatively, if your PC was infected with a trojan and you opened
>> a bunch of ports, the trojan may be programmed well enough to exit
>> your PC through an open port.
>
> ju.c wrote:
>> I'm going to enlighten you once and for all, you stupid fool, Gis
>> Bun!
>> (Before the latest ZoneAlarm update)
>>
>> Option 1
>> What to do - Move the slider from Stealth to Medium.
>> What it does - Enables all outgoing ports. (and more)
>>
>> Option 2
>> What to do - Uninstall KB951748.
>> What it does - Leaves you vulnerable.
>>
>> Option 3
>> What to do - Uninstall ZoneAlarm and use the Windows firewall.
>> What it does - Keep KB951748. Loose ZoneAlarm. No outgoing port
>> control.
>> My Option 4
>> What to do - Only allow limited outgoing ports.
>> What it does - Keeps ZoneAlarm on Stealth. You keep KB951748. Only
>> a few outgoing opened ports. Almost full security maintained.
>
> I am happy you found a solution (work-around) for the problem - but as you implied
> yourself (above) - it is a moot point now. Zone Alarm admitted and repaired their issue
> by releasing an update.
>
> What the last sentence says to me is, "everything else done prior to the update (your
> solution included) was not the optimum solution and now there *is* an optimum solution
> for those who feel they need something like Zone Alarm to 'protect' their system - which
> is to update to the latest version."
>
> There actually was a 'more secure option' than any of the ones listed above (before the
> patch - again this is a moot point) available out there...
>
> -----
> Add your DNS servers to trusted zone
>
> 1. From the "Overview" panel, select the "Firewall" panel then click on the "Zones" tab
> 2. Click "Add", then select "IP address" from the shortcut menu. The Add IP Address
> dialog appears. Select "trusted" from the Zone drop-down list
> 3. Type the IP address and a description in the boxes provided, then click "OK"
> 4. If you are not sure what IP addresses to add:
> - Click the Start Menu
> - Click on Run. Type "cmd.exe"
> - In the command prompt type: "ipconfig /all". Look for DNS Server(s)
> in the output of the command.
> - For each IP address listed, navigate to the "Zones" panel of the
> "Firewall" tab, add the IP address, select "Trusted Zone", and
> press "Apply"
> 5. After you are done adding DNS servers click the "Apply" button
> -----
>
> But again - all a moot point now.
>
> If someone feels they need the 'protection' that Zone Alarm gives them over that of the
> Windows SP2 Firewall - then their best course of action is to apply the latest version
> of Zone Alarm as suggested by the manufacturer themselves. I hope that anyone still out
> there experiencing this issue and searching for an answer that happens across this
> conversation first does *that* suggestion above all others (but - they are welcome to do
> the rest - their life.)
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>