MS Security Patch Blocks Net Access For ZoneAlarm Users 110
An anonymous reader writes "Users of Check Point ZoneAlarm security products, including the extremely popular, free-of-charge software firewall, have discovered that a Microsoft security update released on Tuesday has blocked their internet access. The firewall manufacturer is 'investigating the issue,' and so far the workaround seems to be to uninstall the recent DNS spoofing vulnerability fix MS08-037 (KB951748), and not reinstall it until Microsoft or Check Point have come up with updated versions of their products."
Why are we blaming Microsoft? (Score:4, Insightful)
Re:And this is a bad thing how? (Score:2, Insightful)
It's not a hard question and, thus, not a surprising answer when Microsoft is blamed.
AND you are absolutely correct about Check Point NOT being open source themselves; if they were it might also present a path to the resolution.
Otherwise, my bet is that:
The real issue is . . . . (Score:2, Insightful)
Microsoft should have tested this security update with all the popular firewall software and notified the developers of the firewall software itself. Then Microsoft and the affected software companies should have sent a notification of this issue to registered users of their software.
Zone Alarm certainly counts as popular firewall software
If Microsoft did not test this against zone alarm , than that is pretty shabby QA on the part of Microsoft. If they did, and did not find the issue than it is still pretty shabby QA.
If this was tested and the makers of the software notified, than it was pretty bad on the part of both Microsoft and the third party developers not to notify users and ISPs of this impending issue.
Basically, this surprise for ISP's and users never should have occurred.
Re:Why are we blaming Microsoft? (Score:4, Insightful)
One program breaks and it's an M$ issue? Nah. (Score:5, Insightful)
...or instead of complaining to Microsoft, you can disable ZoneAlarm and enjoy having your connection work again. Cheap firewalls failing to perform exactly how you'd like them to is an old, old story.
Given the ridiculous profusion of budget 'security' software swarming around, it hardly seems fair to lay the blame on M$ when ZoneAlarm is the only program that this patch appears to conflict with.
Of course, if ZoneAlarm wasn't proprietary, we could go see where they screwed up. Maybe you should go harass them for being closed-source instead?
Re:And this is a bad thing how? (Score:3, Insightful)
I think his main argument is just against proprietary (ie, non-open source) software, meaning that regardless of who's to blame here, this is an example of why FOSS is better.
Re:other workaround (Score:2, Insightful)
Don't you think it's hard to take a security product seriously when its settings are "high", "medium", and "low"?
Not that other products are any better...
Par For the Course (Score:4, Insightful)
And what do Slashdot readers have to say? In about equal numbers:
OK geniuses. What, realistically, is the industry supposed to do in order to stop doing this sort of thing?
I don't know what the answer is. If I did, I'd be lining up staffing, capital, etc. But I'm 100% sure that it is not:
Re:And this is a bad thing how? (Score:2, Insightful)
Re:Software FW..sigh, hold bridge of nose, shake h (Score:4, Insightful)
The may be a big headache for somebody at an ISP who needs to help out users, but as somebody who uses ZoneAlarm, I find it to be very useful.
I've got an actual firewall in my router, but that only protects me from what comes in. And I run Linux, so that counters most other random garbage. But, on occasion, I use Windows and ZoneAlarm is very handy because it alerts me when any program is trying to send data out.
*This* is where software firewalls in Windows shine. So many programs in Windows phone home or access the Internet for completely unknown reasons. So, I block it. If it breaks and I really need that particular program, I can unblock it. It's hard to measure how much this really helps, and, of course, I'm sure there are ways to transmit in Windows without the firewall knowing about it. Still, it's nice to be able to say apps X and Y, you get to access the Net. Everybody else has to ask first.
Re:And this is a bad thing how? (Score:2, Insightful)