WinXP update kills Zone Alarm

vbimport

#1

Just installed the most recent WinXP-SP2 security update and it completely killed the ZoneAlarm firewall. The only way to connect now is to turn ZA off.

I tried removing permissions for all the usual Windows components so they would re-authorize, but no help.

Anyone else seeing this issue?


#2

I am using xp pro sp3 everything is fine here with Zone Alarm.


#3

According to the ZA forums, this is an almost universal issue with the security patch. There are 2 fixes: 1) set ZA “Internet Zone Security” to medium. 2) Uninstall today’s MS security update.

I removed the security update and it fixed the problem. Reportedly, the ZA support staff are looking into this. Maybe there will be a ZA update to fix it.


#4

All the showed today from MS was malicious software removal, you have the security update you got?

update: It seems maybe MS removed it from the updates, I check for updates after your first post, CDan, and it was not there nor was it already on my computer?

Update 2: not listed here either:
http://www.microsoft.com/protect/computer/updates/bulletins/200807.mspx


#5

have seen the Microsoft update notification in the task bar. purposely ignored.

was about to update before i read this thread. i will now wait for more responses before updating. as i use Zone Alarm Free.

fyi…as of July 9th, 2009, 1:30 am CST, Microsoft Windows Update is offering 3 updates:

Windows Malicious Software Removal Tool - July 2008 (KB890830)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)

i have checked both auto update notifications and windows update home.

i do not have my updates set to automatically download or install. only to notify.

please keep us informed of possible Zone Alarm issues.


#6

[QUOTE=troy512;2090630]have seen the Microsoft update notification in the task bar. purposely ignored.

was about to update before i read this thread. i will now wait for more responses before updating. as i use Zone Alarm Free.

[B]fyi…as of July 9th, 2009, 1:30 am CST[/B], Microsoft Windows Update is offering 3 updates:

Windows Malicious Software Removal Tool - July 2008 (KB890830)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)

i have checked both auto update notifications and windows update home.

i do not have my updates set to automatically download or install. only to notify.

please keep us informed of possible Zone Alarm issues.[/QUOTE]huh got to wait a year for them :doh: :bigsmile:


#7

[quote=CDan;2090587]Just installed the most recent WinXP-SP2 security update[/quote]Which update exactly? MS08-037 (DNS client security update (951748))?

and it completely killed the ZoneAlarm firewall. The only way to connect now is to turn ZA off.
Ditch ZA.

http://www.kb.cert.org/vuls/id/800113 -> uninstalling the MS patch in order to stick with ZA doesn’t seem to be a good idea :eek:


#8

I’ve run Zonealarm with no problem in WinXP SP2. The inability to go online using Zonealarm is most likely due to Zonealarm blocking address for modem and/or router. There’s an easy fix which is to add address for modem and/or router to “Trusted sites” in the Zonealarm “Firewall” settings. This is likely true of other software firewalls, and there’s nothing wrong with Zonealarm that I’ve found.


#9

[QUOTE=bevills1;2090737]I’ve run Zonealarm with no problem in WinXP SP2. The inability to go online using Zonealarm is most likely due to Zonealarm blocking address for modem and/or router. There’s an easy fix which is to add address for modem and/or router to “Trusted sites” in the Zonealarm “Firewall” settings. This is likely true of other software firewalls, and there’s nothing wrong with Zonealarm that I’ve found.[/QUOTE]

This issue is real.
From the Zonelabs Zonealarm forums…

[B][U]Reported Issue[/U][/B]
http://forums.zonelabs.com/zonelabs/board/message?board.id=cfg&thread.id=52785

[B][U]Posted Fix[/U][/B]
http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727

  • Boot your computer into the Safe Mode
  • Navigate to the c:\windows\internet logs folder
  • Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder
  • Clean the Recycle Bin
  • Reboot into the normal mode
  • ZA will be just like new with no previous settings or data

#10

The security update at fault is KB951748. ZA is currently recommending it be uninstalled in Add/Remove Programs until they find a fix. M$ is also aware of the issue.


#11

thanks CDan and Nemesys,

i am going to update and see how it goes. :bigsmile:

edit//yeah bob, i guess i wont be trying this until next year. :doh:


#12

Updated through Microsoft Windows Update Home

Applied all three available updates:

Windows Malicious Software Removal Tool - July 2008 (KB890830)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)

rebooted computer, could not gain access to internet.

performed these steps:

  • Boot your computer into the Safe Mode
  • Navigate to the c:\windows\internet logs folder
  • Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder
  • Clean the Recycle Bin
  • Reboot into the normal mode
  • ZA will be just like new with no previous settings or data

after coming back up ZA program control was empty and a few windows processes were requesting access.

however could not gain access though any of my programs. ZA was not asking for access permission for the programs i was using.

changed the ZA Internet Security Zone to MEDIUM and i now have access to internet connection.

We also still stand by our current workaround that you should uninstall the MS update KB951748

And do not set your ZA internet security level to Medium. By setting to Medium you potential expose your computers to a huge number of other threats than just the one that this patch from MS fixes.

Forum Moderator

http://forums.zonelabs.com/zonelabs/board/message?board.id=cfg&message.id=52860


#13

See http://www.vnunet.com/vnunet/news/2221138/microsoft-fix-kills-web for more on this problem. I doubt the posted link fix in post #9 will work. I’ve uninstalled and reinstalled Zonealarm, and the problem persists. Link given here says they’re working on the problem and recommends uninstalling KB951748 until it’s fixed. I don’t want to lower internet security settings without knowing what kind of risk might be incurred by doing that. I’m not too concerned about spoofing anyway since I have SpoofStick installed and would much rather do without KB951748 until Zonealarm finds a fix.


#14

Did you execute the rest of the steps in the instructions as outlined in the posted link?

First posted…

  • Boot your computer into the Safe Mode
  • Navigate to the c:\windows\internet logs folder
  • Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder
  • Clean the Recycle Bin
  • Reboot into the normal mode
  • ZA will be just like new with no previous settings or data

The instructions continue further…

Once this is finished, reboot back into the normal mode and in the new network found windows, set the new network to Trusted.
Then do this to ensure the ZA is setup properly:

Make sure your DNS and DHCP server IP’s are in your Firewall’s Trusted zone. Finding DNS and DCHP servers, etc

  1. Go to Run and type in command and hit ‘ok’, and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
  2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
  3. Click OK and Apply. Then do the same for the DHCP server.
  4. The localhost (127.0.0.1) must be listed as Trusted.
  5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm’s Program’s list must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

The author of these quotes speculates…

If the windows update changed the usual needed files for networking/internet, then the ZA will not see the changes and continue to use the previously known files and ignore the newer files. Even though the file names and locations are still the same from before, now the file size and checksums no longer match.

To solve this, just reset the ZA database and the ZA will be “fresh” as when it was first installed:

I cannot confirm or deny the effectiveness of the above solutions as I stopped using ZoneAlarm many years ago when it became too obtrusive.

My protection is now hardware based with SPI and there is no software issue that I cannot recover from in 20 minutes.


#15

I think uninstalling and reinstalling Zonealarm would do all the posted fix does and maybe more. troy512 said he had to lower internet security setting to get it to work after running the fix. Perhaps just lowering internet security settings might fix it too without posted fix steps, but there’s no telling what risk may be incurred which is a risk I don’t want to take. It makes more sense to me to await fix from Zonealarm.

Once I disabled Zonealarm as suggested by ISP tech while trouble shooting another problem. I was online without Zonealarm for less than a minute and acquired a virus. I will no longer go online without Zonealarm or firewall of some kind. BTW I’m using a router too, and hardware protection alone is obviously insufficient.


#16

Deleted duplicate.


#17

Hardware protection such as routers do not protect against virus infections, neither do any other standalone firewall.

A firewall, software or hardware, is simply security measures designed to prevent unauthorized electronic access to a networked computer system.

There are coded scripts designed to infiltrate unprotected networks, but these are not virus related. These exploits are malware usuaually of the worm or trojan nature.


#18

Nemesys,

thanks for the clarification of the appropriate full procedure.
http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727

Just to let anyone reading this know. i was still unable to access internet with the Security Level Set to HIGH.

so i will uninstall Security Update for Windows XP (KB951748)


#19

[QUOTE=bevills1;2090938]I think uninstalling and reinstalling Zonealarm would do all the posted fix does and maybe more. troy512 said he had to lower internet security setting to get it to work after running the fix. Perhaps just lowering internet security settings might fix it too without posted fix steps, but there’s no telling what risk may be incurred which is a risk I don’t want to take. It makes more sense to me to await fix from Zonealarm.

Once I disabled Zonealarm as suggested by ISP tech while trouble shooting another problem. I was online without Zonealarm for less than a minute and acquired a virus. I will no longer go online without Zonealarm or firewall of some kind. BTW I’m using a router too, and hardware protection alone is obviously insufficient.[/QUOTE]

I also did a clean install of ZA, and it did nothing for the issue. That’s not to say that ZA wasn’t still using old registry data for the NIC, it just depends on how thorough the ZA uninstall routine is.

IMHO, the MS update isn’t critical, certainly not as critical as having a competent firewall in stealth mode.


#20

I guess here is everything posted to fix the problem:

http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html