Re: FIX for ZoneAlarm & KB951748 issue released
On Mon, 21 Jul 2008 23:48:44 -0400, "jen" <jen@example.com> wrote:
>Microsoft patch knocks some ZoneAlarm users offline:
>**Firewall's hooks into Windows XP kernel the cause, says ZoneAlarm**
>http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9108298
<quote>
The quickest way to regain Internet access, said the company, is to
uninstall the security update tagged as KB951748 using Windows' Add or
Remove Programs utility. Alternately, users could tweak ZoneAlarm's
firewall settings or reduce the security level of the machine.
<end-quote>
How responsible.....
<quote>
"We filter network traffic at the kernel, where malware can't avoid
us," said James Grant, a ZoneAlarm team lead. "If you filter traffic
in user mode, malware can see what we're doing."
<end-quote>
Yearh, right. As if malware wouldn't compromise the kernel as well....
<quote>
The problem notwithstanding, she defended kernel hooking. "It's
undocumented, but it's in widespread use. Every major security vendor
makes use of it," said Yecies.
<end-quote>
So does any serious malware writer....
<quote>
"This isn't about finger-pointing," said Yecies, when asked which
company was responsible for the snafu, ZoneAlarm or Microsoft. When
pressed, however, she acknowledged that Microsoft should have caught
the problem before issuing its security update.
<end-quote>
Yearh, right. "Don't make changes to your kernel without making sure
we didn't mess with it.".....