MS Security Patch Blocks Net Access For ZoneAlarm Users

An anonymous reader writes "Users of Check Point ZoneAlarm security products, including the extremely popular, free-of-charge software firewall, have discovered that a Microsoft security update released on Tuesday has blocked their internet access. The firewall manufacturer is 'investigating the issue,' and so far the workaround seems to be to uninstall the recent DNS spoofing vulnerability fix MS08-037 (KB951748), and not reinstall it until Microsoft or Check Point have come up with updated versions of their products."

Why are we blaming Microsoft?

[Alereon]

Why are we assuming that this is a defect in the Microsoft patch, rather than a defect in the security software? I think it's much more likely that the software firewall application (which tend to be pretty skeevy in general, see Norton Internet Security) is inappropriately blocking access than that Microsoft screwed up the patch. From my (admittedly vague) understanding of the issue, I'm guessing that the firewall software whitelists outgoing UDP requests from port 53, and the new randomized ports are being blocked, preventing DNS queries from succeeding. I know blaming Microsoft is fun, but blaming even crappier software vendors is more fun :)

Re:And this is a bad thing how?

[Anonymous Coward]

What changed?

It's not a hard question and, thus, not a surprising answer when Microsoft is blamed.

AND you are absolutely correct about Check Point NOT being open source themselves; if they were it might also present a path to the resolution.

Otherwise, my bet is that:

1. Zone-Alarm expects a portion of MS's network stack to behave in a certain way and it has now changed,
2. Microsoft broke changed something in their API, or as I suspect
3. Zone-Alarm mis-interpreted the API or poorly coded to it.

The real issue is . . . .

[Anonymous Coward]

Microsoft should have tested this security update with all the popular firewall software and notified the developers of the firewall software itself. Then Microsoft and the affected software companies should have sent a notification of this issue to registered users of their software.

Zone Alarm certainly counts as popular firewall software

If Microsoft did not test this against zone alarm , than that is pretty shabby QA on the part of Microsoft. If they did, and did not find the issue than it is still pretty shabby QA.

If this was tested and the makers of the software notified, than it was pretty bad on the part of both Microsoft and the third party developers not to notify users and ISPs of this impending issue.

Basically, this surprise for ISP's and users never should have occurred.

Re:Why are we blaming Microsoft?

[Paradigm_Complex]

Why are you assuming that we're assuming? Vista got a lot more heat than it really deserved, often by people who know better. However, much of the public at large believed the complaints. Most non-technies I know, when the subject comes up, cite something along the lines of "I heard Vista sucks." No explanation why (often because they don't think they'd understand, they just don't care). Similar here: plenty of people will purposefully make stupid anti-MS statements, irrelevant of if they believe it or not or even care whose fault it is, in the hopes that if done sufficiently, it'll sink into the public mindset. Maybe they feel justified in giving MS back what it deserves after all the bad stuff they've gotten away with. Now mod me -1 Insightful so Joe Sixpack doesn't see this and we can continue our conspi^H^H^H^H^H^H vigilante fight for software freedom!

One program breaks and it's an M$ issue? Nah.

[Behrooz]

...or instead of complaining to Microsoft, you can disable ZoneAlarm and enjoy having your connection work again. Cheap firewalls failing to perform exactly how you'd like them to is an old, old story.

Given the ridiculous profusion of budget 'security' software swarming around, it hardly seems fair to lay the blame on M$ when ZoneAlarm is the only program that this patch appears to conflict with.

Of course, if ZoneAlarm wasn't proprietary, we could go see where they screwed up. Maybe you should go harass them for being closed-source instead?

Re:And this is a bad thing how?

[snoyberg]

I think his main argument is just against proprietary (ie, non-open source) software, meaning that regardless of who's to blame here, this is an example of why FOSS is better.

Re:other workaround

[Anonymous Coward]

Don't you think it's hard to take a security product seriously when its settings are "high", "medium", and "low"?

Not that other products are any better...

Par For the Course

[vtcodger]

OK. Microsoft has once again put a bunch of users off the air -- tying up the clever and the lucky for a few minutes, and probably crippling many users for days. Not the first time. Won't be the last.

And what do Slashdot readers have to say? In about equal numbers:

1. Blame Microsoft
2. Blame the "Application"
3. That old favorite -- Blame the user.

OK geniuses. What, realistically, is the industry supposed to do in order to stop doing this sort of thing?

I don't know what the answer is. If I did, I'd be lining up staffing, capital, etc. But I'm 100% sure that it is not:

1. Install Ubuntu
2. Don't worry, be happy
3. Blame the User

Re:And this is a bad thing how?

[hyperquantization]

Agreed, but only when the corporation who owns the source is incompetent. So to blanket all proprietary software, IMHO, is rather unfair. Either way, unless you're spending your own time developing the software, you're trusting somebody; if not a single corporation, then the Open Source Community. The point is, it's really just up to you, the user, to decide who you trust more.

Re:Software FW..sigh, hold bridge of nose, shake h

[Elrond, Duke of URL]

The may be a big headache for somebody at an ISP who needs to help out users, but as somebody who uses ZoneAlarm, I find it to be very useful.

I've got an actual firewall in my router, but that only protects me from what comes in. And I run Linux, so that counters most other random garbage. But, on occasion, I use Windows and ZoneAlarm is very handy because it alerts me when any program is trying to send data out.

*This* is where software firewalls in Windows shine. So many programs in Windows phone home or access the Internet for completely unknown reasons. So, I block it. If it breaks and I really need that particular program, I can unblock it. It's hard to measure how much this really helps, and, of course, I'm sure there are ways to transmit in Windows without the firewall knowing about it. Still, it's nice to be able to say apps X and Y, you get to access the Net. Everybody else has to ask first.

Re:And this is a bad thing how?

[jeebusroxors]

So MS has to test their updates with EVERY piece of software that _may_ be used? It seems more likely that this is a ZA problem. Plus I'm willing to bet that the Windows firewall alone (that's still included right?) works just fine.