FIX for ZoneAlarm & KB951748 issue released

[Shenan Stanley]

Re: FIX for ZoneAlarm & KB951748 issue released

<snipped>
Conversation in entirety:
http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af



Comments in-line...

Nunya Bidnits wrote:
> As a rank and file home user with above average skills (but not an
> expert), and as a person with marketing and PR experience, here's
> my impression:
>
> MS and ZA both screwed up.
>
> First, ZA is widely used. Second, MS should have, or could have
> known that the July update would therefore have a broad negative
> impact. Third, *if* ZA had enough advance warning to issue a
> corrective fix before the update, and just knowingly and
> negligently chose to do so for no particular good reason, double
> shame on them. But that does not really seem likely. However its
> indisputable that the first two are true.
>
> Both screwed up because:
>
> MS did not make any effort to make the ZA problem known. The issue
> was not discussed on the web page for the update, nor was there any
> other alert associated with the update. Yet there is no way they
> were not aware of the problem before pushing the update, unless
> they were negligent in their preparations. Either way, bad on MS.
> They left average home users, the most affected single group,
> completely utterly in the dark. Those users do not usually know
> where to look, such as in these newsgroups, to find out about such
> problems. And any more, since half of them use the scum-ridden
> Google Groups, they could not access them anyway, MS having trashed
> their WWW access.

How would MS have known (as you state - before pushing the patch) that
somebody elses firewall application (created and supported by another
company) would have problems with this patch...? What are the limits in
what third-party things a company must test to ensure that fixing their own
product won't cause issues with someone elses product?

Also know that not *all versions* of Zone Alarm exhibit this issue with the
patch MS released. Older versions of ZA have been discussed elsewhere in
this very conversation with the people stating they have *not* experienced
any issues.

Your statement about "MS having thrashed their WWW access" - while it was
the patch that exasperated the issue - it was ZA (that particular version no
less (or so it seems)) that had to be modified to remedy the situation.

> ZA did a very very poor job of responding to the problem. It was a
> pain in the neck for me to find out that it was a ZA problem at
> all. I knew enough to uninstall the update, something many home
> users would not necessarily think to do, or know how to do. Going
> back to a restore point, as many of them did, is an excessively
> destructive solution.

ZA did jump on it fairly quickly - all things considered. They fixed it and
released the patch within two days and had work-arounds *I believe* the same
day that the patch was released.

> When I tried to find the updates through the click point in the ZA
> software "check for updates", repeatedly, N**none** were found.
> When I went to the web pages suggested in these NGs for the fix, at
> the time I checked, the links to the updates were not there.
> Several on these groups became frustrated with me for asking
> repeatedly, but somehow they did not manage to keep these links
> posted as they apparently kept making changes to the page. Finally
> on hard refresh I found the links. Bad on ZA.

Yes. Bad on ZA, but perhaps they were putting things up and realizing other
issues, taking them down, putting things back up, etc.

Then again - I did see that part of your discussion and every time I went to
the web page link during that time - the thing you were being told was
there - was there. Then you would answer that it was not - but I could
still see it. It is possible that something was awry on your computer(s) -
or it was cached, proxy, etc and not refreshed. *shrug*

> From now on I will not allow MS to install any updates
> automatically and will check for problems for a few days before
> accepting them.

For an educated person - that is always the wisest choice. Control your
data/stuff completely - only you know the nuances of it and what is/is not
important to you. Why anyone would do anything else is beyond me. ;-)

> And due to this and other past avoidable ZA problems, plus
> information that indicates their firewall is only marginally
> effective at best, I will move on to a better firewall.

The built-in Windows XP firewall (especially if you are also behind a NAT
router of some sort for any high-speed Internet you might have and keep you
AV/AS updated) is *more* than sufficient.

For _most_ home-users - anything more than what is built into Windows XP and
later (consumer OSes from Microsoft) is usually wasted space and time in
terms of 'firewall protection' - IMHO. Why add the complication(s) and
possible problem(s) (as demonstrated so well in this case) if there is no
logical reason to and especially if the home user probably would not be able
to fix it themselves in case of a problem.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[H.S.]

Re: FIX for ZoneAlarm & KB951748 issue released

Nunya Bidnits wrote:
>
> ZA did a very very poor job of responding to the problem. It was a pain in

Totally agree with this.

> the neck for me to find out that it was a ZA problem at all. I knew enough
> to uninstall the update, something many home users would not necessarily

Yes, average home users were the most affected. I myself was seeing this
happen with my friends and relatives. No one knew what was going on.
Their internet connection was not working (ping worked, DSL worked) but
internet did not. Moreover, it appears like MS forced this update to its
customers somehow. Followed all the debugging steps I could but couldn't
find the problem, till I discovered the relevant threads here.



>
> From now on I will not allow MS to install any updates automatically and
> will check for problems for a few days before accepting them.

I myself follow this rule consistently.


> And due to this and other past avoidable ZA problems, plus information that
> indicates their firewall is only marginally effective at best, I will move
> on to a better firewall.

Totally agree with you here too. ZA is just not a personal firewall it
used to be till around a couple of years ago. It has become bloated and
resource hungry. Its uninstallation script is a total crap and leaves
clutter all over the registry (does not remove itself properly). And if
you ask this problem it is support forum, the "guru" posters (probably
on the pay roll) give a convoluted method whose prerequisite is that a
user should have the history of past versions of ZoneAlarm ever
installed on that computer! Who in the right mind thinks that an average
user is going to keep such data!?!? Looks like the ZA company people are
not in touch with ground reality from an average user's point.

All in all, ZA is not a professional piece of application. I am now
looking at Comodo and netdefender (this one is open source).

 

[Shenan Stanley]

Re: FIX for ZoneAlarm & KB951748 issue released

<snipped>

Leonard Grey wrote:
> Is there perhaps something I can do to kill this worthless thread?
> Would you like to see pictures from my last vacation? It was real
> fun until we got lost...but that's a l-o-n-g story. It all started
> one day when the sky was clear and the sun was bright...

Yes.

Mark it as blocked with your newsreader or better yet - simply ignore it.

There is nothing compelling you (afaik) to read/respond to this particular
conversation anymore than the 100's of others in this newsgroup per day. It
is - most likely - a conscience choice on your part; and thus, completely
under your control. If so - your asking how to not interact with this
thread falls to your own will-power and skills - not anyone elses.

Using Thunderbird 2.0.0.14 (Windows/20080421)? You might look for help
here:
http://www.mozilla.org/support/thunderbird/

However - again - your best bet is to *ignore* what you don't want to read.
In this case that is fairly simple - the subject has not changed. Don't
open messages with that subject. Use a filter and don't even download them
maybe. ;-)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

 

[Nunya Bidnits]

Re: FIX for ZoneAlarm & KB951748 issue released

Shenan Stanley wrote:
> <snipped>
> Conversation in entirety:
>
http://groups.google.com/group/micr...8/b3486be8412ee2af?lnk=st&q=#b3486be8412ee2af
>
>
>
> Comments in-line...
>
> How would MS have known (as you state - before pushing the patch) that
> somebody elses firewall application (created and supported by another
> company) would have problems with this patch...? What are the limits
> in what third-party things a company must test to ensure that fixing
> their own product won't cause issues with someone elses product?

I said could have or should have known... and if they didn't test far enough
to check on a product that is widely used by their customers like ZA, shame
on them. At best, its negligent laziness.

>

--%<----

> Then again - I did see that part of your discussion and every time I
> went to the web page link during that time - the thing you were being
> told was there - was there. Then you would answer that it was not -
> but I could still see it. It is possible that something was awry on
> your computer(s) - or it was cached, proxy, etc and not refreshed.
> *shrug*

And how do you account for it being in my cache, if it never existed? Have
you ever seen a bug in Firfox that one single time only, clips a paragraph
from a web page, and never does it again? ... Neither have I. At some point
when they were diddling with that ZA update, clearly, someone let a version
of the page, called a workaround, on line that did not include the update.
After others insisted it was there, I did a hard refresh, then it turned up.
So it was as I said it was there, in the form I described, at one time, at
least for long enough for me to download it and get it into my browser
cache.... case closed.

---%<----

> For an educated person - that is always the wisest choice. Control
> your data/stuff completely - only you know the nuances of it and what
> is/is not important to you. Why anyone would do anything else is
> beyond me. ;-)

I tried to make the point that I was commenting as an everyday user. Realize
that many everyday users trust MS implicitly, and those home users are the
vast majority of MS OS customers, and not to consider their everyday usage
likelihoods was a failure by MS. Realize that the average person either
trusts MS to do the right thing, or does not trust themselves to know more
than MS, and therefore would never consider trying to control the updates
themselves. Personally, I just did it as convenience, since an MS update has
never caused me a problem in all these years. But nevermore.

>> And due to this and other past avoidable ZA problems, plus
>> information that indicates their firewall is only marginally
>> effective at best, I will move on to a better firewall.
>
> The built-in Windows XP firewall (especially if you are also behind a
> NAT router of some sort for any high-speed Internet you might have
> and keep you AV/AS updated) is *more* than sufficient.

Its all up to date. I'm using 2000P on one computer so there's no XP
firewall. That's the computer that was bitten. But I am not going to change
the OS on a perfectly functional computer just for a firewall, that's like
jumping out of a perfectly good airplane. So I am probably going to Comodo
2.4 unless someone can suggest something better.
>
> For _most_ home-users - anything more than what is built into Windows
> XP and later (consumer OSes from Microsoft) is usually wasted space
> and time in terms of 'firewall protection' - IMHO. Why add the
> complication(s) and possible problem(s) (as demonstrated so well in
> this case) if there is no logical reason to and especially if the
> home user probably would not be able to fix it themselves in case of
> a problem.

I would agree with you had not an older computer running the XP firewall
plus AV and other malware protection still been infected with unacceptable
trash, to the point that it ended up in the recycle bin, after being
cannibalized for parts.

For the record, my W2000P computer running ZA (now temporarily), SpyBot, and
AVG antivirus, and Firefox browser, has not been infected with anything
since I put it on line over a year ago. The only problem it's had is the MS
update for July.

I'm again speaking as a consumer, something I think deserves more attention
from MS when they make changes that are over the head of the average user.
It wasn't over my head, but then it wasn't just no problem either. From a PR
point of view, MS and ZA both *should* and *could* have known about this in
advance, and both *could* have put out a notice to that effect.

And note again from the average consumer point of view that most would not
know what to do once the browser was shut down, since they couldn't get to
the ZA update page, even if the ZA software's *check for update* feature had
actually found the update instead of saying there was none available.

Please give the average person a break. This whole MS/ZA/update hassle was
totally unnecessary and avoidable with just a little extra conscientious
effort.

MartyB in KC

 

[Nunya Bidnits]

Re: FIX for ZoneAlarm & KB951748 issue released

Paul (Bornival) wrote:
> Hi, everyone,
>
> This thread has seen a very "active" discusssion about the mutual
> responsibilities of MS and ZA for the "loss of Internet access"
> disaster linked to the issue of KB951748.
>
> For sure, the DNS issue was known by the main software
> manufacturerers much before July 8th, and ZA could have been more
> proactive.
>
> However, the argument that MS can change its software "ex abrubto"
> and put the culprit on 3d party software in case of problems
> (because, for ZA, the 3d party has modified a core component of its
> system) needs to be re-examined. Indeed,
>
> - the main reason why people adopted ZA firewall (or other 3d party
> firewalls) is because neither Win95/98/ME or WinXP (before SP2) had
> any protection in this context (more about that on
> http://en.wikipedia.org/wiki/Windows_Firewall). The firewall
> introduced with WinXP SP2 was only directed against attacks from
> outside but did not block anything from inside (this was considered
> as unecessary, and claimed as such on this forum, ... untill,
> eventually, Vista introduced it, which demonstrates its usefulness...)
>
> - as a result, mots of us had to use 3d party firewalls to prortect
> our computers (I did so after seeing my unprotected WinXP computers
> so easily attacked ...).
>
> I submit that MS should recognize that, because it introduced a decent
> firewall only recently, it has to respect those users who installed a
> 3d party firewal ... and have remained faithful to it.
>
> Although, stricto sensu, MS is not obliged to take into consideration
> all 3d party sofware when thay make chnages that may affect the users
> of such software, they could have been more prudent in this case.
>
> In a broader context, MS built its success (vs. Apple) by making an
> OS on which 3d parties could buid their own applications. Ignoring
> this now (and stating that they have "nothing to do with 3d party
> software") may well cause important problems, and the demise of MS in
> the future. In ancient Rome, people said "Jupiter blinds those who
> he will kill" and "The Tarpeian rock is close to the Capitol". In
> this particular case, I'm afraid that MS was blind... even if it was
> technically and legally right, and has forgotten that falling from
> the Capitol hill is easier than climbing it.

Well said.

MBKC

 

[Nunya Bidnits]

Re: FIX for ZoneAlarm & KB951748 issue released

Shenan Stanley wrote:

> Zone Alarm is popular - but it is not (by far) the only option around
> (or that was around in many cases) and not everyone is running it as
> their third-party solution - which means there will be MANY different
> ones they would have to 'test' - and which versions (of each one) do
> you test? What are the limitation on how far back you test? After
> all - people are reporting in this very conversation that some older
> versions of Zone Alarm itself do not exhibit the issues of the
> version right before the patch to remedy this problem - which tells
> me that Zone Alarm didn't have this issue, did have this issue,
> doesn't have this issue again (if you just pretend the patch could
> have been released some time ago.)

Older versions of ZA also would not have had up to date protection profiles
installed. Not keeping security software up to date is operator error, IMO.
So being saved from a mistake by a mistake is a marginal victory at best,
eh?

MartyB in KC

 

[ANONYMOUS]

Re: FIX for ZoneAlarm & KB951748 issue released



Joan Archer wrote:

> <lol> I just got rid of ZA <g>
>
> --
> Joan Archer
> http://www.freewebs.com/crossstitcher
> http://lachsoft.com/photogallery
>

You are a wise woman. To tell you the truth, I don't think there is any
need for third party firewall especially when you have got Windows XP's
firewall enabled (OR Vista's) and your Modem/Router has its own firewall.

From time to time, you will always have third party software conflict with
MS patches but this is all part and parcel of the game to protect you in
the long run.

Hope this helps.

 

[ANONYMOUS]

Re: FIX for ZoneAlarm & KB951748 issue released



"PA Bear [MS MVP]" wrote:

> No, sorry. It's been a very long week...
>

your week would have been shorter had you not bothered to provide links to unnecessary third
party products which are an added extra to resources when one already has state of the art
FIREWALL provided by Microsoft and most brodband modems and routers have their own firewall
enabled by default.

I don't know why people bother with any other firewall which may or may not consume scarce
resource!

 

[Kayman]

Re: FIX for ZoneAlarm & KB951748 issue released

On Mon, 14 Jul 2008 19:33:44 +0100, ANONYMOUS wrote:

> ...To tell you the truth, I don't think there is any
> need for third party firewall especially when you have got Windows XP's
> firewall enabled (OR Vista's) and your Modem/Router has its own firewall.

In addition I'd recommend disabling any unnecessary and potentially
dangerous Services.
Configure and adjust Services to suit your computing needs
Windows XP Service Pack 3 Service Configurations
http://www.blackviper.com/WinXP/servicecfg.htm

> From time to time, you will always have third party software conflict with
> MS patches but this is all part and parcel of the game to protect you in
> the long run.

Quite right!

 

[Rick]

Re: FIX for ZoneAlarm & KB951748 issue released

Nunya Bidnits wrote:
> Leonard Grey wrote:
>> I am so glad I didn't get involved with this thread!
>>
>> ---
>> Leonard Grey
>> Errare humanum est
>>
>> Shenan Stanley wrote:
>>> V Green wrote:
>>>> That's it. That's all. 50 years of good feelings. Works
>>>> for me. You should try it. You might like it.
>>> I have more good feelings than most and have plenty of people
>>> (because of those good feelings) who would come to me before anyone
>>> else for many things - but that doesn't address the question at all
>>> really - you didn't answer the main question...
>>>
>>> ---
>>> Are you saying that if you sell something (whatever you sell) and
>>> the person modifies it before bringing it back and they bring it
>>> back to fix something that would not have occurred if they had not
>>> modified it - you will take responsibility for what they did (what
>>> they added/modified) and fix the problem the third party
>>> modification caused for them at no charge? ---
>>>
>>> (And assume this is not family, not friend, a pure customer that you
>>> have no interest in making more than a loyal customer - and think
>>> about their other choices, etc.)
>
> As a rank and file home user with above average skills (but not an expert),
> and as a person with marketing and PR experience, here's my impression:
>
> MS and ZA both screwed up.
>
> First, ZA is widely used. Second, MS should have, or could have known that
> the July update would therefore have a broad negative impact. Third, *if* ZA
> had enough advance warning to issue a corrective fix before the update, and
> just knowingly and negligently chose to do so for no particular good reason,
> double shame on them. But that does not really seem likely. However its
> indisputable that the first two are true.
>
> Both screwed up because:
>
> MS did not make any effort to make the ZA problem known. The issue was not
> discussed on the web page for the update, nor was there any other alert
> associated with the update. Yet there is no way they were not aware of the
> problem before pushing the update, unless they were negligent in their
> preparations. Either way, bad on MS. They left average home users, the most
> affected single group, completely utterly in the dark. Those users do not
> usually know where to look, such as in these newsgroups, to find out about
> such problems. And any more, since half of them use the scum-ridden Google
> Groups, they could not access them anyway, MS having trashed their WWW
> access.
>
> ZA did a very very poor job of responding to the problem. It was a pain in
> the neck for me to find out that it was a ZA problem at all. I knew enough
> to uninstall the update, something many home users would not necessarily
> think to do, or know how to do. Going back to a restore point, as many of
> them did, is an excessively destructive solution.
>
> When I tried to find the updates through the click point in the ZA software
> "check for updates", repeatedly, N**none** were found. When I went to the
> web pages suggested in these NGs for the fix, at the time I checked, the
> links to the updates were not there. Several on these groups became
> frustrated with me for asking repeatedly, but somehow they did not manage to
> keep these links posted as they apparently kept making changes to the page.
> Finally on hard refresh I found the links. Bad on ZA.
>
> From now on I will not allow MS to install any updates automatically and
> will check for problems for a few days before accepting them.
>
> And due to this and other past avoidable ZA problems, plus information that
> indicates their firewall is only marginally effective at best, I will move
> on to a better firewall.
>
> MartyB in KC
>
I do not think that you have grasped the problem here it is not Zone
Labs or Microsoft. It is the whole Internet--the problem does not go
away if you have KB951748 installed. The ISP's of the world have to fix
the problem too. Open DNS helps but, it is not the final solution either.

--

Rick
Fargo, ND
N 46°53'251"
W 096°48'279"

Remember the USS Liberty
http://www.ussliberty.org/

 

[HEMI-Powered]

Re: FIX for ZoneAlarm & KB951748 issue released

Rick added these comments in the current discussion du jour ...

> Nunya Bidnits wrote:
>> Leonard Grey wrote:
>>> I am so glad I didn't get involved with this thread!
>>>
>>> ---
>>> Leonard Grey
>>> Errare humanum est
>>>
>>> Shenan Stanley wrote:
>>>> V Green wrote:
>>>>> That's it. That's all. 50 years of good feelings. Works for
>>>>> me. You should try it. You might like it.
>>>> I have more good feelings than most and have plenty of people
>>>> (because of those good feelings) who would come to me before
>>>> anyone else for many things - but that doesn't address the
>>>> question at all really - you didn't answer the main question...
>>>>
>>>> ---
>>>> Are you saying that if you sell something (whatever you sell) and
>>>> the person modifies it before bringing it back and they bring it
>>>> back to fix something that would not have occurred if they had
>>>> not modified it - you will take responsibility for what they did
>>>> (what they added/modified) and fix the problem the third party
>>>> modification caused for them at no charge? ---
>>>>
>>>> (And assume this is not family, not friend, a pure customer that
>>>> you have no interest in making more than a loyal customer - and
>>>> think about their other choices, etc.)
>>
>> As a rank and file home user with above average skills (but not an
>> expert), and as a person with marketing and PR experience, here's
>> my impression:
>>
>> MS and ZA both screwed up.
>>
>> First, ZA is widely used. Second, MS should have, or could have
>> known that the July update would therefore have a broad negative
>> impact. Third, *if* ZA had enough advance warning to issue a
>> corrective fix before the update, and just knowingly and
>> negligently chose to do so for no particular good reason, double
>> shame on them. But that does not really seem likely. However its
>> indisputable that the first two are true.
>>
>> Both screwed up because:
>>
>> MS did not make any effort to make the ZA problem known. The issue
>> was not discussed on the web page for the update, nor was there any
>> other alert associated with the update. Yet there is no way they
>> were not aware of the problem before pushing the update, unless
>> they were negligent in their preparations. Either way, bad on MS.
>> They left average home users, the most affected single group,
>> completely utterly in the dark. Those users do not usually know
>> where to look, such as in these newsgroups, to find out about such
>> problems. And any more, since half of them use the scum-ridden
>> Google Groups, they could not access them anyway, MS having trashed
>> their WWW access.
>>
>> ZA did a very very poor job of responding to the problem. It was a
>> pain in the neck for me to find out that it was a ZA problem at
>> all. I knew enough to uninstall the update, something many home
>> users would not necessarily think to do, or know how to do. Going
>> back to a restore point, as many of them did, is an excessively
>> destructive solution.
>>
>> When I tried to find the updates through the click point in the ZA
>> software "check for updates", repeatedly, N**none** were found.
>> When I went to the web pages suggested in these NGs for the fix, at
>> the time I checked, the links to the updates were not there.
>> Several on these groups became frustrated with me for asking
>> repeatedly, but somehow they did not manage to keep these links
>> posted as they apparently kept making changes to the page. Finally
>> on hard refresh I found the links. Bad on ZA.
>>
>> From now on I will not allow MS to install any updates
>> automatically and will check for problems for a few days before
>> accepting them.
>>
>> And due to this and other past avoidable ZA problems, plus
>> information that indicates their firewall is only marginally
>> effective at best, I will move on to a better firewall.
>>
>> MartyB in KC
>>
> I do not think that you have grasped the problem here it is not Zone
> Labs or Microsoft. It is the whole Internet--the problem does not
> go away if you have KB951748 installed. The ISP's of the world have
> to fix the problem too. Open DNS helps but, it is not the final
> solution either.
>

some interesting thoughts expressed in this thread

--
HP, aka Jerry

"If it waddles like a duck and quacks like a duck, it must be a duck"

 

[Raskewz]

Re: FIX for ZoneAlarm & KB951748 issue released


--
Stay Focused & Have Faith,Have Fun!


"Charles Lee" wrote:

> problems are now fixed with security update & ZA in ZoneAlarms latest
> update... all releases covered, from basic to the full suite
>
> Follow the link below, download new update version of ZA 70.483.000, and
> then download the security update KB 951748 afterwards.
> I have done all pc's on my home network... all back to normal....
> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
>
>
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
> news:uexAfNp4IHA.3804@TK2MSFTNGP03.phx.gbl...
> > [Crossposted to Windows Update, WinXP General, IE General, Security,
> > Security Home Users newsgroups]
> >
> > Resolution [was Workaround] for Sudden Loss of Internet Access Problem
> > http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
> > (revised multiple times since release on 08 July 2008)
> >
> > NB: Do NOT use Option #2 if at all possible! The vulnerability addressed
> > by KB951748 *is* a big deal! See
> > http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html
> >
> > Want to consider other, more highly-rated firewalls?
> > http://www.matousec.com/projects/firewall-challenge/results.php
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> > AumHa VSOP & Admin http://aumha.net
> > DTS-L http://dts-l.net/
>
>
>

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Mon, 14 Jul 2008 11:09:12 -0400, "H.S."
<hs.samREMOVEMEix@google.com> wrote:

>Root Kit wrote:
>
>> security enhancements of Vista. Outbound control on an XP platform as
>> a security measure against malware is still utter nonsense.
>>
>
>I am not sure I understand the above statement. I am curious what it
>really means. Could you please explain and give an example or two.

The windows platform was designed with usability in mind providing all
kinds of possibilities for e.g. inter-process communication. This
together with the very high probability that the user is running with
unrestricted rights makes it impossible to prevent malware allowed to
run and determined to by-pass any outbound "control" (which, of course
modern malware is) from doing so. It's simply too unreliable to
qualify as a security measure.

Malware must be stopped at the front door and *not* allowed to run
believing that its behavior can be somehow "controlled". In a
multi-purpose OS like windows with all programs running with
unrestricted rights, if program A can control program B, what prevents
program B from controlling program A (or C which A has already granted
permission for that matter)?

 

[H.S.]

Re: FIX for ZoneAlarm & KB951748 issue released

Root Kit wrote:
> On Mon, 14 Jul 2008 11:09:12 -0400, "H.S."
> <hs.samREMOVEMEix@google.com> wrote:
>
>> Root Kit wrote:
>>
>>> security enhancements of Vista. Outbound control on an XP platform as
>>> a security measure against malware is still utter nonsense.
>>>
>> I am not sure I understand the above statement. I am curious what it
>> really means. Could you please explain and give an example or two.
>
> The windows platform was designed with usability in mind providing all
> kinds of possibilities for e.g. inter-process communication. This
> together with the very high probability that the user is running with
> unrestricted rights makes it impossible to prevent malware allowed to
> run and determined to by-pass any outbound "control" (which, of course
> modern malware is) from doing so. It's simply too unreliable to
> qualify as a security measure.
>
> Malware must be stopped at the front door and *not* allowed to run
> believing that its behavior can be somehow "controlled". In a
> multi-purpose OS like windows with all programs running with
> unrestricted rights, if program A can control program B, what prevents
> program B from controlling program A (or C which A has already granted
> permission for that matter)?

Hence the rule that one should not be logged in with administrative
rights for day to day usage of Windows unless doing computer maintenance
tasks. Your reasoning above just proves that this makes perfect sense.
The users who are logged in with admin privileges and not *extremely*
careful about their browsing habits get what they ask for when their
computer is hosed due to malware.

On the other hand, if Windows demands that it be always run with admin
rights, it is just not designed properly then. But to be fair, I don't
think any sane person even at Redmond will suggest using Windows with
full admin rights always in today's internet world.

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Tue, 15 Jul 2008 12:01:59 -0400, "H.S."
<hs.samREMOVEMEix@google.com> wrote:

>Hence the rule that one should not be logged in with administrative
>rights for day to day usage of Windows unless doing computer maintenance
>tasks. Your reasoning above just proves that this makes perfect sense.
>The users who are logged in with admin privileges and not *extremely*
>careful about their browsing habits get what they ask for when their
>computer is hosed due to malware.

I'd like to clarify that there are tricks that still work perfectly
well for a malware running with restricted rights. It just rules out
some of the options.

 

[Paul (Bornival)]

Re: FIX for ZoneAlarm & KB951748 issue released

"Shenan Stanley" wrote:


> What would have been the 'thing to do' with all these variables in place, in
> your opinion?
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html

I think that the obvious things that MS could have been doing, given the
known disruptive effect KB951748 could have had on Internet connections, are:
- making KB951748 NOTinstalling automatically and without warning (as it
occured to all of the computers I look after ... and which were all blocked
in succession until we discovered what was going on ...);
- to clealy state, during the installation procedure, that the user had to
check for potential incompatibilities with some firewals ... and to see
her/his administrator in case of doubt.

In our case, this would have prevented us from loosing several hours to
determine the cause of the problem...

Note: as result of this situation, all our computers are now set to no
longer automatically install Microsoft updates until these are tested on one
computer ... To some extent, MS killed it-self the process of automatic
updating...

Paul

>
>
>

 

[Paul (Bornival)]

Re: FIX for ZoneAlarm & KB951748 issue released


"Root Kit" wrote:

> On Mon, 14 Jul 2008 11:09:12 -0400, "H.S."
> <hs.samREMOVEMEix@google.com> wrote:
>
> >Root Kit wrote:
>
> Malware must be stopped at the front door and *not* allowed to run
> believing that its behavior can be somehow "controlled". In a
> multi-purpose OS like windows with all programs running with
> unrestricted rights, if program A can control program B, what prevents
> program B from controlling program A (or C which A has already granted
> permission for that matter)?

I'll give a simple example where outbound control would have prevented what
was nearly a disaster. One of our computer was inadvertently infected by a
malware that used the Outlook address book of the user and start sending
e-mails to all addressees... If ZA would have been installed, this would not
have happened because it can be configured to block the sending of mass
e-mails. Outbound protection may not catch everythig and is not perfect, but
why not using it if you can ?
>

 

[Paul (Bornival)]

Re: FIX for ZoneAlarm & KB951748 issue released


"Root Kit" wrote:

> On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival)
> <PaulBornival@discussions.microsoft.com> wrote:
> > (I did so after seeing my unprotected WinXP computers so easily
> >attacked ...).
>
> This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.
> Pre SP2, all you needed to do was turn the FW on, or even better -
> shut down unnecessary network services, which MS unfortunately has a
> bad habit of having running by default.

The sucessfull attacks on WinXP computers I was were before the introduction
of SP2. This was completely and effectively avoided after installing ZA.
When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
ZA was eventually easier to adjust to our needs. This is why I remained
faithfl to ZA (and I'm not the only one...). Note that turning off WinXP
network services was not possible (or largely unpractical) given our needs of
communication between computers.

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Wed, 16 Jul 2008 00:07:46 -0700, Paul (Bornival)
<PaulBornival@discussions.microsoft.com> wrote:

>The sucessfull attacks on WinXP computers I was were before the introduction
>of SP2. This was completely and effectively avoided after installing ZA.

True - but could easily have been avoided by shutting down unnecessary
services, adding a simple packet filter or activating the build-in
one.

>When SP2 was introduced, I compared ZA with the SP2 firewall, and found that
>ZA was eventually easier to adjust to our needs. This is why I remained
>faithfl to ZA (and I'm not the only one...).

I wonder what your needs are.

>Note that turning off WinXP network services was not possible (or largely
>unpractical) given our needs of communication between computers.

How do you expect ZA to protect services you need to make available?

 

[Root Kit]

Re: FIX for ZoneAlarm & KB951748 issue released

On Wed, 16 Jul 2008 00:04:54 -0700, Paul (Bornival)
<PaulBornival@discussions.microsoft.com> wrote:

>I'll give a simple example where outbound control would have prevented what
>was nearly a disaster.

Would have? - So it was a disaster?

>One of our computer was inadvertently infected by a
>malware that used the Outlook address book of the user and start sending
>e-mails to all addressees...

The key issue here is:

How did this malware get in? - and why was it allowed to run in the
first place? Because that part is security related. The rest is just
damage control based on blind luck.

> If ZA would have been installed, this would not
>have happened because it can be configured to block the sending of mass
>e-mails.

Sure. Unfortunately, it can be configured to do a lot of nonsense.

>Outbound protection may not catch everythig and is not perfect, but
>why not using it if you can ?

For the same reason you don't constantly wear a helmet just in case
someone drops something from an aero plane.

Outbound protection (host based) is not for free. It comes at a cost
which can be hard for layman to asses. The added system complexity of
installing a bunch of potentially vulnerable code of questionable
quality and functionality and the cons that follow from that, must be
weighed against the possible pros.

You make a computer secure by removing unnecessary stuff and fixing
what is broken - not by adding further potentially vulnerable code to
an already insecure code base.