All the latest UK technology news, reviews and analysis
|
|
|
09 Jul 2008
Hundreds of thousands of ZoneAlarm firewall users have been locked out of the internet by Microsoft's latest round of software updates.
Microsoft released four 'important' fixes as part of its regular Patch Tuesday update, one of which left ZoneAlarm users with out web access.
The MS08-037 fix is designed to plug a vulnerability in Windows' implementations of the Domain Name System protocol, but has been responsible for "compatibility issues " with ZoneAlarm.
A spokesman for ZoneLabs, the Check Point subsidiary which manufacturers ZoneAlarm, told vnunet.com that the company became aware of the problem late last night when US users began downloading the Microsoft code.
ZoneLabs advises users of ZoneAlarm to remove the Microsoft update as a workaround until it has created a more satisfactory solution to the problem. The company has set up a forum to help keep users informed.
The forum moderator states: "We are investigating the issue with the Microsoft update KB951748. For the time being we suggest you uninstall KB951748 until the issue has been resolved. We will post when we have more information."
Some users of the firm's forums have discovered that downgrading the firewall's security from High to Medium for the internet fixes the problem, but this is not advised by ZoneLabs.
A user by the name of 'PokeyCA' wrote: "By now, everyone who is using ZA, knows that Microsoft's update KB951748 broke ZA.
"The reason that it broke ZA is that Microsoft had to expand the randomness that the DNS client uses when asking for UDP ports to go to DNS servers.
"ZA only looks for these requests in a certain range of UDP ports, but with the new DNS client (note that IE has not changed, but some of the base networking programs (svchost.exe)), ZA sees requests outside of this range and blocks them. Therefore, Internet is broken.
"Unfortunately, Microsoft didn't tell firewall manufacturers (hardware and software) that they were updating this."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Low Latency Network Engineer, Senior Network Engineer...
SQL DBA - (North London) North London , £45k - 50k...
Business Architect – (North London) £65,000 – 75,000k...
Graduate Software Engineer - Javascript OR Android...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Don't blame Microsoft
How can some people here blame Microsoft for this issue? They are not responsible for checking thousands of programs that this update might affect before releasing it, that would delay updates leaving people vulnerable for a longer period of time. This was clearly an error on CheckPoint's side, read into the specifics that caused ZoneAlarm to malfunction before you start babbling about conspiracies with Microsoft taking out it's competitors and such. Idiots.
Posted by: !Sheeple 16 Jul 2008
Catch 22
The only way I got around it was to download email to my phone, find a Zonelabs email which named the MS updaye and ask a friend to investigate it for me. On erasing the update all was OK.
Posted by: Jimbo 14 Jul 2008
M/soft fix!!
I was one of the poor 'idiots' who had to contact my ISP to find out what was going on, but when I contacted ZA they couldn't help and so got no help from them.
Posted by: Rosemary Smith 10 Jul 2008
after fix, I'm missing programs and files
I turned off Z.A. long enough to go to their tech support site, then clicked on a download which automatically started downloading an exe file. I stopped that quickly and tried the another option - deleting the kb951748 update. Upon restarting I found a bunch of icons were missing and whole programs (incuding Zone Alarm) and other files gone.
Posted by: JZ 10 Jul 2008
Another Microsoft greatness and failure
How many times has microsoft come out with updates and then affect the masses with their "oops", its the other guy? This is not acceptable, just like thier windows vista failure. The simple way is to go in to control panel, programs uninstall, check box at top of window showing "all" and uninstall the little bugger that ends in 1748 and that will allow your protection until the "real" fix comes out and give you back protection. Bill Gates, Fire the idiot that thought out this one!!!!!!
Posted by: Bob 10 Jul 2008
Collateral damage of legitimate target
Curious that this patch zaqpped one of Micro$oft's main competitors. Pure chance, of course...
Posted by: John Rogers 10 Jul 2008
Easy
You just need to uninstall the update through the usual Settings-Control Panel-Add and Remove Programs. ZA couldn't have fixed the issue in advance as it seems Microsoft didn't tell anyone. I lost 5 hours of busy worktime yesterday trying to figure out what went wrong, I'm starting to loose my patience with Microsoft.
Posted by: AA 10 Jul 2008
that seems bassackwards?
Seems to me, it's up to Zone Labs to fix the issue on their end. Uninstalling a security update is serious business? that's like having a pot of water boil dry on a stove and blaming the flame for being too hot, instead of blaming the guy for not adding more water? just my 2 cents....
Posted by: Bruce Eddy 09 Jul 2008
Zone Alarm
All very well stopping Zone Alarm clients accessing the Internet but how do you know it is a Microsoft fix if you cannot access the Internet to read these messages. I have had a very frustrating day trying all sorts of things before doing a system restore. Should I have done that first?????
Posted by: Terence Whitehead 09 Jul 2008
How are we to know
What a muckup,how are we as novices to know that Microsoft made a bodge of their update when we cant access the internet other than call in a technician at great expense, to be told that the update is not compatable with Zone Alarm firewall . Microsoft get your act together, or is that asking to much from you?
Posted by: william sneddon 09 Jul 2008