Re: FIX for ZoneAlarm & KB951748 issue released
Sam wrote:
> xxexbushpig wrote:
>> Well it might have been a "dimbulb" (which is a great new word BTW),
>> but it wasn't as big a dimbulb as the Microsoft person who issued the
>> KB951748 update that screwed up millions of people!
>
> Look, I understand where you are coming from. I have been bitten by this
> "bug" too (well, not me personally, but couple of relatives I help with
> computer stuff).
>
> Also note that I am no Windows fan boy. So I don't get giddy eyed and
> swoon at every new Windows release or update and neither do I
> *religiously* defend their "secure OS" or their pricing policies (as
> some do there ... *ducks*). I just use it as a tool for whatever I have
> to do.
>
> So, in my view this particular update, the KB951748, appears to fix some
> DNS vulnerability in Windows. Good. But it also messed up Zone Alarm.
> But MS has nothing to do with Zone Alarm and ZA people already gave out
> an upgraded version of ZA which solves this. It would have been prudent
> of ZA people to have seen this coming and taken corrective measures
> earlier. As long as MS gave sufficient prior warning to all the vendors
> in the field about this update, I don't think they are to blame.
>
> My 2c.
>
>
>
>
Sam, Read this article:
The DNS bug was found & should have been a co-operative update July 8.
http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/
The article does not say who was notified, but the bug was *not* found
by MS and MS has no responsibility to tell others, as this was all
supposed to be done July 8.
IMHO, ZA missed the boat or was just slow.