FIX for ZoneAlarm & KB951748 issue released

[Leonard Grey]

And then the fourth stage: "What were we thinking?!"

---
Leonard Grey
Errare humanum est

Kayman wrote:
> On Fri, 18 Jul 2008 10:20:55 GMT, Root Kit wrote:
>
>> On Fri, 18 Jul 2008 15:24:04 +0700, Kayman
>> wrote:
>>
>>> In fact, whenever B.Nice (aka Straight Talk and now Root Kit) was touching
>>> this issue he was attacked from left, right and center, incl. MVP's; They
>>> were over him like a bad rash!
>> "All truth goes through three stages. First it is ridiculed. Then it
>> is violently opposed. Finally, it is accepted as self-evident."
>> -Schoepenhouer
>
> Very true indeed

 

[Kayman]

On Fri, 18 Jul 2008 10:02:00 -0400, Leonard Grey wrote:

> And then the fourth stage: "What were we thinking?!"

I wouldn't know, now would I?
Do you consider your thoughts to be important?
Do organized beliefs of a group or individual supercede facts?

 

[Root Kit]

On Thu, 17 Jul 2008 06:24:00 -0700, "Kerry Brown"
wrote:

>The flaw was in the way DNS worked. The fact that your 3rd party application
>couldn't deal with the fact that an OS update changed some system files says
>a lot about how well it's programmed.

Indeed.

 

[John John (MVP)]

Kayman wrote:

> On Thu, 17 Jul 2008 21:35:36 -0300, John John (MVP) wrote:
>
>
>>Kayman wrote:
>>
>>
>>>On Thu, 17 Jul 2008 17:39:08 -0500, Shenan Stanley wrote:
>>>
>>>
>>>
>>>>Conversation in entirety:
>>>>http://groups.google.com/group/microsoft.p...3486be8412ee2af
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>This is one of those debates like *nix vs. Windows vs. OS X.
>>>>
>>>>Nothing is proven on any side, examples abound (some truthful and realistic
>>>
>>>>from the single instance, some not so much) and nothing but emotions and
>>>
>>>>egos get exposed.
>>>>
>>>>Personal experience and outside articles are quoted a lot. Some good for
>>>>that single instance in time, others pulled from myth and legend and still
>>>>others might actually hold up over scrutiny (the latter is often over-looked
>>>>in the debate and glossed over at every turn by those opposed to the topic.)
>>>>
>>>>Ideas like "outbound only catches the stuff you already have and who says
>>>>the application in question did not just change your outbound rules as you
>>>>installed it so you still don't know you have it?" and "I like to know when
>>>>something attempts to 'call home'" seem to cover most of the arguments.
>>>>(Sound like "Windows has more security holes than other OSes" and "Macs just
>>>>don't get viruses"...? Yeah - same type of arguments. heh)
>>>>
>>>>In the end - both are right, both are wrong. It's a personal preference.
>>>>It's a way of computing, a mind-set, a need. I know many people who have
>>>>ran many different OSes for many many years without a single instance of
>>>>infection/infestation and they run no antivirus software and no antispyware
>>>>software. They continuously (when someone finds out) get questions like
>>>>"how do you know you actually don't have a virus or spyware/adware if you
>>>>don't run anythign to prevent/check for it?"
>>>>
>>>>In the end - I just go by the idea that making things more complicated is
>>>>seldom the proper course of action... Simplistic solutions are usually the
>>>>most effective and the most eloquent.
>>>>
>>>>So which way do _I_ lean? Doesn't matter.
>>>>
>>>>Each person has their own reasoning behind whatever it is they do. I have
>>>>used many different solutions (I do like to try things - see what I can
>>>>learn and find) - and I do offer advice on the ones I tried that seemingly
>>>>did their jobs without _over-complicating_ my life just to keep it working.
>>>>However - I know that will be different for each person, and I cannot say
>>>>which is less complicated for any one of them. Advice: Try each solution
>>>>*if* this whole topic has any importance to you.
>>>>
>>>>All anyone here can offer is that someone practice some common sense. The
>>>>world is dangerous - your computer gives you options the rest of the world
>>>>does not (I cannot backup my car so that when I get in a wreck, I just
>>>>reload for near instant recovery) - use them. Protect yourself when you can
>>>>(Equate each of these to something on your computer: lock your doors to make
>>>>it harder for intruders to get in while you are there *or* away, wear a coat
>>>>when it is cold, wear sunglasses to protect your eyes, put on sunscreen to
>>>>protect your skin, brush your teeth to prevent cavities, pick up 'your
>>>>room', take out the garbage, cover your face when you cough/sneeze, store
>>>>copies of important documents(life insurance, will, deeds, etc) far away
>>>
>>>>from the originals, etc.)
>>>
>>>>I know someone could pull one (or more) argument for one side or the other
>>>>out of those - I could do it right now. heh
>>>>
>>>>The point - if the solution for everyone was obvious and one-sided - there
>>>>would be no discussion. Being that each person is unique with differing
>>>>experiences and external facts that help support their own experiences - the
>>>>discussion is never-ending. Not one person here can definitively win their
>>>>argument (even if you get rid of every actual 'crazy argument' -- although
>>>>who decides that is yet another debate. hah)
>>>>
>>>>Interesting that a discussion about a particular patch that exasperated a
>>>>problem in a particular piece of software could spawn a conversation along
>>>>these lines... And the subject line stays the same through out. Amazing
>>>>really.
>>>>
>>>
>>>
>>>Well, I don't think the discussion is about a particular software per se.
>>>Rather the requirement of 'outbound control' after the introduction of NT.
>>>Jesper M. Johansson wrote educational articles about this subject
>>>extensively. It's an important security subject and the message is not easy
>>>to convey, especially if one is blinded by the hype created by the makers
>>>of 3rd party software.
>>
>>Before Windows XP what were people using?
>
>
> I don't know but *I* was using a 3rd party (so-called) firewall application
> and (incidentally) Registry Cleaner

What do registry cleaners have to do with firewalls? Why are you even
mentioning them here, if only as a feeble attempt to muddle the issue?
If third party firewalls are only "so-called firewalls" then the Windows
XP firewall is no different, it too is nothing more than a personal
firewall.


>> What were they using on NT4 and on Windows 2000?
>
>
> I don't know.

That doesn't surprise me.


>>Just because XP got a firewall now anything else has suddenly become
>>unfit for use?
>
>
> Well, these are throwaway words; If you were more open-minded' in relation
> to OS's and read (*and* comprehend) through pertinent write-ups (even in
> this thread), than it'd be obvious to you - and no, I am not a techie

I am more open minded than you are! I have no quibbles about which
firewall people decide to use, if they want to use the Windows firewall
that is fine, the Windows firewall offers protection for what it was
design to do, there is nothing wrong with it at all. If users want to
use other good firewalls that offer different features that is fine too,
many of these other firewalls are also good and they do everything that
the Windows firewall does plus they give users additional features that
users have asked for. That is fine by me, I don't care what they use
providing that they use something! You on the other hand think that you
should dictate your views onto others and that you should be telling
them what to do. You are on a religious zeal to convert the masses.

When users tell you they want other features all you can do is berate
them and try to impose your views on them. The fact is that there is
nothing wrong with many of the third party firewalls out there and if
users want to use them it really is none of your business. You're
attempt to discredit all third party firewalls is plainly misguided, the
facts are that many of these other products are also good products and
many are free.

The bottom line is that you and others in your camp simply cannot back
that notion that you perpetuate that all third party firewalls are
incapable of protecting users. That is untrue, it is a lie, plain and
simple, there is no other way to put it.

John

 

[PA Bear [MS MVP]]

[This has got to be one of the longest & most crossposted 'Threads That Will
Not Die' I've seen in quite some time. Now I wish I'd set the Followup-To
in my original post for alt.zonies.misc_rant newsgroup! ]

 

[Stinger]

"Kerry Brown" wrote:

> "Stinger" wrote in message
> news:B7A45133-F148-4507-85CB-> Bottom line, this update is important since
> it was a gapping hole in Windows
> > for quite some time. Great that Windows decided to do something about it.
> > Bad it renders tried and true helper 3rd party software that has been used
> > for years by the general public trying its best to close that huge hole in
> > Windows (with what is considered "overkill) and at the same time
> > consumers
> > are unable to even get on the internet without a single word of caution
> > from
> > the makers of the operating system. Ironically, they left it up to the
> > geeks
> > of the world to figure it out. Nice from a company that assumes it's the
> > industry leader.
>
>
> You should do a bit of research before you post. The gaping hole was in the
> way DNS worked. It was not Windows specific. Almost every OS was affected.
> In fact almost everything that interacted with DNS in any way was affected.
>
> http://www.securityfocus.com/news/11526
>
> Take a look at some of the affected products.
>
> http://www.kb.cert.org/vuls/id/800113
>
> We can debate the effectiveness of software firewalls all day. I don't think
> at the end of the debate either of us would change their mind. You think
> they're great. I think they're mostly hype and snake oil. There is no
> debating the fact that this flaw in the DNS system needed to be patched and
> it needed to be patched immediately. This has nothing to do with Windows.
> The flaw was in the way DNS worked. The fact that your 3rd party application
> couldn't deal with the fact that an OS update changed some system files says
> a lot about how well it's programmed. It wasn't any changes in the files
> that broke your software. It was just the fact that the files changed that
> broke it. If an application can't deal with the fact that an OS may update
> itself it's not an application I would want on my computer.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
> http://vistahelpca.blogspot.com/
>
>
>
>
>
Simply amazing to me how many of you responders hold such a cavalier
attitude toward security. I challenge any of you to publicly post a static
IP address available you can monitor, turn on that wonderful Windows firewall
(since that's all you believe is needed) and sit back for a few days and
watch what happens. You'll soon discover how vital a security becomes in
your computer world. Do it the right way, like MOST consumers do without the
aid of any router or other bandwidth protectors.

Firewalls are mostly hype and snake oil. Thanks for that little chuckle.
You don't mind if I share that statement with others in the real world
outside of the protection of this forum? Sure, most computer users are small
fish in a big see but not all of us....obviously. I for one would rather be
safe with my firewall protection than to take the word of someone that
discounts security as easliy as the like of this group.

Oh and let's be real honest about something here. Internet Explorer is
"bundled" with Windows, has been for a long time. Windows is also the most
common OS in the world. But IE is nothing more than a GUI for viewing web
pages. Saying the DNS problem wasn't related to Windows (did you really say
that??) is laughable. Perhaps a better understanding of the actual DNS issue
should be on your todo list. And on top of all that even implying a firewall
isn't involved in this DNS issue is blasphemy. What conduit is being used
for this communication between your computer and web pages if it's not via
ports? I'll quote a single line explaining part of the DNS process for those
reading this that are tired of being directed to web sites --> "If the
records are not stored locally, your computer queries (or contacts) your
ISP's recursive DNS servers." Doesn't take a rocket scientist to understand
the Windows operating system does indeed have a major stake in this DNS
problem. If you still are riding on the boat down the river of denial, ask
yourself one question.... Why was the patch even produced by MS if there
wasn't a "problem" with the OS, hmm?

Yea, firewalls are all hype and snake oil. That's an instant classic!

You folks need to get out of the Microsoft world and step intto the real
world every once in a while or you're limiting yourself.

 

[Root Kit]

On Fri, 18 Jul 2008 13:20:01 -0700, Stinger
wrote:

>Simply amazing to me how many of you responders hold such a cavalier
>attitude toward security. I challenge any of you to publicly post a static
>IP address available you can monitor, turn on that wonderful Windows firewall
>(since that's all you believe is needed) and sit back for a few days and
>watch what happens.

So - what's going to happen? Please enlighten us.

>You'll soon discover how vital a security becomes in
>your computer world.

I don't recall anyone claiming security isn't important.

>Do it the right way, like MOST consumers do without the
>aid of any router or other bandwidth protectors.
>
>Firewalls are mostly hype and snake oil. Thanks for that little chuckle.

Do you have any technical arguments to prove otherwise, or are you
just babbling?

>You don't mind if I share that statement with others in the real world
>outside of the protection of this forum?

Feel free.

>Sure, most computer users are small fish in a big see but not all of us..
>..obviously. I for one would rather be safe with my firewall protection
>than to take the word of someone that discounts security as easliy as the
>like of this group.

No one here forces you to stop using pseudo-security software.

>Oh and let's be real honest about something here. Internet Explorer is
>"bundled" with Windows, has been for a long time.

Really? - I guess that comes as a major chock to all of us...

>Windows is also the most common OS in the world.

It is? - You continue to surprise...

>But IE is nothing more than a GUI for viewing web
>pages.

Well... it's also an ActiveX rich web client if you ask me.

>Saying the DNS problem wasn't related to Windows (did you really say
>that??) is laughable.

I don't honestly think you understood what he said.

>Perhaps a better understanding of the actual DNS issue
>should be on your todo list. And on top of all that even implying a firewall
>isn't involved in this DNS issue is blasphemy.

Blasphemy? - Holy sh...

>What conduit is being used for this communication between your computer and web pages if it's not via
>ports? I'll quote a single line explaining part of the DNS process for those
>reading this that are tired of being directed to web sites --> "If the
>records are not stored locally, your computer queries (or contacts) your
>ISP's recursive DNS servers." Doesn't take a rocket scientist to understand
>the Windows operating system does indeed have a major stake in this DNS
>problem.

Do you even understand the problem?

>If you still are riding on the boat down the river of denial, ask
>yourself one question.... Why was the patch even produced by MS if there
>wasn't a "problem" with the OS, hmm?
>
>Yea, firewalls are all hype and snake oil. That's an instant classic!
>
>You folks need to get out of the Microsoft world and step intto the real
>world every once in a while or you're limiting yourself.

It's hard to avoid MS products also in the real world ;-)


BTW, what you provided here lacks any technical arguments which makes
you sound more like a salesman than anything else. So what security
software company do you represent?

 

[Kerry Brown]

"Stinger" wrote in message
news:64031966-D4CF-4748-8D5D-A691A4F4D6C3@microsoft.com...
>
>
> "Kerry Brown" wrote:
>
>> "Stinger" wrote in message
>> news:B7A45133-F148-4507-85CB-> Bottom line, this update is important
>> since
>> it was a gapping hole in Windows
>> > for quite some time. Great that Windows decided to do something about
>> > it.
>> > Bad it renders tried and true helper 3rd party software that has been
>> > used
>> > for years by the general public trying its best to close that huge hole
>> > in
>> > Windows (with what is considered "overkill) and at the same time
>> > consumers
>> > are unable to even get on the internet without a single word of caution
>> > from
>> > the makers of the operating system. Ironically, they left it up to the
>> > geeks
>> > of the world to figure it out. Nice from a company that assumes it's
>> > the
>> > industry leader.
>>
>>
>> You should do a bit of research before you post. The gaping hole was in
>> the
>> way DNS worked. It was not Windows specific. Almost every OS was
>> affected.
>> In fact almost everything that interacted with DNS in any way was
>> affected.
>>
>> http://www.securityfocus.com/news/11526
>>
>> Take a look at some of the affected products.
>>
>> http://www.kb.cert.org/vuls/id/800113
>>
>> We can debate the effectiveness of software firewalls all day. I don't
>> think
>> at the end of the debate either of us would change their mind. You think
>> they're great. I think they're mostly hype and snake oil. There is no
>> debating the fact that this flaw in the DNS system needed to be patched
>> and
>> it needed to be patched immediately. This has nothing to do with Windows.
>> The flaw was in the way DNS worked. The fact that your 3rd party
>> application
>> couldn't deal with the fact that an OS update changed some system files
>> says
>> a lot about how well it's programmed. It wasn't any changes in the files
>> that broke your software. It was just the fact that the files changed
>> that
>> broke it. If an application can't deal with the fact that an OS may
>> update
>> itself it's not an application I would want on my computer.
>>
>> --
>> Kerry Brown
>> MS-MVP - Windows Desktop Experience: Systems Administration
>> http://www.vistahelp.ca/phpBB2/
>> http://vistahelpca.blogspot.com/
>>
>>
>>
>>
>>
> Simply amazing to me how many of you responders hold such a cavalier
> attitude toward security. I challenge any of you to publicly post a
> static
> IP address available you can monitor, turn on that wonderful Windows
> firewall
> (since that's all you believe is needed) and sit back for a few days and
> watch what happens. You'll soon discover how vital a security becomes in
> your computer world. Do it the right way, like MOST consumers do without
> the
> aid of any router or other bandwidth protectors.
>
> Firewalls are mostly hype and snake oil. Thanks for that little chuckle.
> You don't mind if I share that statement with others in the real world
> outside of the protection of this forum? Sure, most computer users are
> small
> fish in a big see but not all of us....obviously. I for one would rather
> be
> safe with my firewall protection than to take the word of someone that
> discounts security as easliy as the like of this group.
>
> Oh and let's be real honest about something here. Internet Explorer is
> "bundled" with Windows, has been for a long time. Windows is also the
> most
> common OS in the world. But IE is nothing more than a GUI for viewing web
> pages. Saying the DNS problem wasn't related to Windows (did you really
> say
> that??) is laughable. Perhaps a better understanding of the actual DNS
> issue
> should be on your todo list. And on top of all that even implying a
> firewall
> isn't involved in this DNS issue is blasphemy. What conduit is being used
> for this communication between your computer and web pages if it's not via
> ports? I'll quote a single line explaining part of the DNS process for
> those
> reading this that are tired of being directed to web sites --> "If the
> records are not stored locally, your computer queries (or contacts) your
> ISP's recursive DNS servers." Doesn't take a rocket scientist to
> understand
> the Windows operating system does indeed have a major stake in this DNS
> problem. If you still are riding on the boat down the river of denial,
> ask
> yourself one question.... Why was the patch even produced by MS if there
> wasn't a "problem" with the OS, hmm?
>
> Yea, firewalls are all hype and snake oil. That's an instant classic!
>
> You folks need to get out of the Microsoft world and step intto the real
> world every once in a while or you're limiting yourself.


I live in the real world. I manage networks for a living. This includes
managing the network security for a government contractor who gets audited
for security yearly. I use real firewalls (not software firewalls) every
day. The networks I manage use many products and OS's, other than
Microsoft's, that do DNS lookups. Here's what happened with the DNS changes.
Windows was using DNS as it was supposed be used. A flaw was found in the
way DNS communications work. This flaw had nothing to do with Windows. All
of the major networking hardware and software developers were made aware of
this and as a group decided to make a change in the way DNS communications
worked to close this possible exploit. This change in the way DNS
communications worked meant some low level system files in Windows needed to
be updated. FWIW my Linux computers and some of the hardware firewall
appliances I manage also had some low level changes because of this as well.
The change was made and some Windows files were updated via Windows Updates.
At this point some versions of Zone Alarm barfed. I don't use Zone Alarm so
the rest of the story I gleaned from reading Zone Alarm forums and official
announcements. The Zone Alarm application noticed that some Windows files
had changed and decided not to allow these files to communicate to the
Internet. It wasn't anything in the way the files worked, merely that they
had changed, that caused the problem. Because these are system files Zone
Alarm doesn't ask about them. Clearing the Zone Alarm database so that it
would not think the files were changed fixed the problem. How is an OS
supposed to update itself if it can't change files? The way that Zone Alarm
monitors and responds to system file changes is flawed.

You have misquoted me. I never said "firewalls are all hype and snake oil".
I said "We can debate the effectiveness of software firewalls all day."
followed by "I think they're mostly hype and snake oil." Of course not all
firewalls are hype and snake oil. Software firewalls that advertise they can
stop malicious outbound traffic are. If you want to quote me anywhere,
including this forum, please quote me verbatim without changes.

Oh and by the way, I know of of many people using both XP and Vista with
only the Windows firewall running on their computer. What am I supposed to
see happen? They have no more problems with malware than anyone else. In
fact the ones that I set up have almost no malware problems at all. Many of
them don't have a router (i.e. dialup) yet they don't have any problems with
malware. How will your preferred firewall solution help protect them better
than they are now? Maybe you could tell us exactly how their security will
be improved by using a different software firewall?

--
Kerry Brown
Microsoft MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/

 

[Stinger]

"Root Kit" wrote:

>
> BTW, what you provided here lacks any technical arguments which makes
> you sound more like a salesman than anything else. So what security
> software company do you represent?
>

The same "software company" that includes common sense as part mission
statement Root Kit. Try reading the entire thread before you jump in taking
things out of context. It's boring when people do that.

Read back through the entire post before challenging my quotes from others.

Here's EXACTLY what Kerry said earlier word for word...
"There is no debating the fact that this flaw in the DNS system needed to be
patched and it needed to be patched immediately. This has nothing to do with
Windows."

Nothing to do with Windows??????????

Why didn't you copy and paste the most important part of my last post Root
Kit? You know the one...

"Why was the patch even produced by MS if there wasn't a "problem" with the
OS?"

PS - don't see you posting a static IP yet Root Kit...

 

[Kerry Brown]

"Stinger" wrote in message
news:88C199ED-4893-4EB2-81F3-1053114DB96A@microsoft.com...
>
>
> "Root Kit" wrote:
>
>>
>> BTW, what you provided here lacks any technical arguments which makes
>> you sound more like a salesman than anything else. So what security
>> software company do you represent?
>>
>
> The same "software company" that includes common sense as part mission
> statement Root Kit. Try reading the entire thread before you jump in
> taking
> things out of context. It's boring when people do that.
>
> Read back through the entire post before challenging my quotes from
> others.
>
> Here's EXACTLY what Kerry said earlier word for word...
> "There is no debating the fact that this flaw in the DNS system needed to
> be
> patched and it needed to be patched immediately. This has nothing to do
> with
> Windows."
>
> Nothing to do with Windows??????????

I stand by the statement. The flaw iself had nothing to do with Windows. It
was a flaw in the DNS communications protocol. Windows was using the
existing protocol which was flawed. This meant that Windows had to be
changed to work with the new protocol or it would be vulnerable. How is this
a Windows problem? It's a DNS problem that all developers that make products
that communicate with DNS servers have had to deal with.

I agree with Root Kit. You havn't provided technical details of how a
software firewall that does outbound monitoring improves security over the
Windows firewall. You haven't tried to refute the fact that Zone Alarm's
monitoring of and reaction to system file changes is flawed. You obviously
misunderstand what caused Microsoft to update the DNS client in Windows. I'm
done with the conversation unless you can provide us with some technical
reasons that back up your assertions. I like a good debate as much as
anybody but it's pointless unless you at least try to back up your
statements.

--
Kerry Brown
Microsoft MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/

 

[Root Kit]

On Fri, 18 Jul 2008 15:10:03 -0700, Stinger
wrote:

>Why didn't you copy and paste the most important part of my last post Root
>Kit? You know the one...

You mean the one where you avoided answering what would happen to the
machine protected with "just" the windows firewall?

 

[Stinger]

"Kerry Brown" wrote:

> "Stinger" wrote in message
> news:88C199ED-4893-4EB2-81F3-1053114DB96A@microsoft.com...
> >
> >
> > "Root Kit" wrote:
> >
> >>
> >> BTW, what you provided here lacks any technical arguments which makes
> >> you sound more like a salesman than anything else. So what security
> >> software company do you represent?
> >>
> >
> > The same "software company" that includes common sense as part mission
> > statement Root Kit. Try reading the entire thread before you jump in
> > taking
> > things out of context. It's boring when people do that.
> >
> > Read back through the entire post before challenging my quotes from
> > others.
> >
> > Here's EXACTLY what Kerry said earlier word for word...
> > "There is no debating the fact that this flaw in the DNS system needed to
> > be
> > patched and it needed to be patched immediately. This has nothing to do
> > with
> > Windows."
> >
> > Nothing to do with Windows??????????
>
> I stand by the statement. The flaw iself had nothing to do with Windows. It
> was a flaw in the DNS communications protocol. Windows was using the
> existing protocol which was flawed. This meant that Windows had to be
> changed to work with the new protocol or it would be vulnerable. How is this
> a Windows problem? It's a DNS problem that all developers that make products
> that communicate with DNS servers have had to deal with.
>
> I agree with Root Kit. You havn't provided technical details of how a
> software firewall that does outbound monitoring improves security over the
> Windows firewall. You haven't tried to refute the fact that Zone Alarm's
> monitoring of and reaction to system file changes is flawed. You obviously
> misunderstand what caused Microsoft to update the DNS client in Windows. I'm
> done with the conversation unless you can provide us with some technical
> reasons that back up your assertions. I like a good debate as much as
> anybody but it's pointless unless you at least try to back up your
> statements.
>
> --
> Kerry Brown
> Microsoft MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
> http://vistahelpca.blogspot.com/
>
>
>
>

And I've yet to see anyone answer the most important question, you include
Kerry..

"Why was the patch even produced by MS if there wasn't a "problem" with the
OS?"

Windows has to be changed to work with the new protocol? So either there
was something wrong with Windows before or after the new protocol was
invoked...which is it? Can't have it both ways. If everything was fine
before the new DNS protocol was invoked, we're right back to my question
above. You don't need to have technical expertise to see when people dance
cokmpletely around a subject folks.

 

[Jim Carlock]

"PA Bear [MS MVP]" wrote:
: I'm not giving you attitude, I just need you to answer my questions,
: Phyllis. If you'd like to get voluntary or paid assistance elsewhere,
: please so do.
:

I'm pretty satisfied with a 2002 firewall. It's available free of
charge and was made by Kerio (version 2.15). It requires a packet
sniffer to fix up / block incoming bad packets. I believe an MVP
made the packet analyzer (CHX-I) but it's very hard to find these
days. There's a DNS product available, I lost the link recently,
where the CHX-I packet analyzer is supposed to exist. I recently
visited the website in the last couple of weeks, but put it off for
another day. I believe the DNS server that it may come with is an
offshoot of a BIND 8.4 or something like that. You wouldn't happen
to know what I'm talking about, Robert, would you? Oh... it was
treewalkdns.

You wouldn't happen to know anything about the packet analyzing
software that comes with the treewalkdns software, would you? I
bought into ZoneAlarm at one time (2001) and I never was able to
get it to work properly on XP. They released updates like 50 times
a year and I couldn't deal with that kind of product, and thus I
tried Kerio 2.15 out and have been satisfied ever since. Now I
see that Microsoft issued an update which updates tcpip.sys - I
wish I knew what was going on there, because I'm still happy with:

01/28/2006 03:47 PM 359,808 tcpip.sys

There seems to be alot of DNS problems lately. The BIND DNS ng
seems to get a lot of posts lately, especially with 9.50 version.

Jim Carlock
Natural Cure For Pink-Eye (Conjunctivitis)
http://www.associatedcontent.com/article/3...unctivitis.html

 

[Root Kit]

On Fri, 18 Jul 2008 16:00:03 -0700, Stinger
wrote:

>And I've yet to see anyone answer the most important question, you include
>Kerry..
>
>"Why was the patch even produced by MS if there wasn't a "problem" with the
>OS?"

Why should anyone bother answering a question which exists only in
your head?

>Windows has to be changed to work with the new protocol?

Just like all the other platforms.

>So either there was something wrong with Windows before or after the new protocol was
>invoked...which is it? Can't have it both ways. If everything was fine
>before the new DNS protocol was invoked, we're right back to my question
>above.

Seems like you're talking to stay awake.

>You don't need to have technical expertise to see when people dance
>cokmpletely around a subject folks.

That's true. Everyone can see that's what you're doing.

 

[Kayman]

On Fri, 18 Jul 2008 12:43:26 -0300, John John (MVP) wrote:



>>>Before Windows XP what were people using?
>>
>> I don't know but *I* was using a 3rd party (so-called) firewall application
>> and (incidentally) Registry Cleaner
>
> What do registry cleaners have to do with firewalls? Why are you even
> mentioning them here, if only as a feeble attempt to muddle the issue?

John, John (MVP), as I mentioned in a preceding thread, you can't be very
intelligent and your lateral thinking capabilities are vitually not
existent! Prior NT these apps were basically regarded essential tools.
Don't you you know the meaning of *"incidentally"*?

> If third party firewalls are only "so-called firewalls" then the Windows
> XP firewall is no different, it too is nothing more than a personal
> firewall.

The WinXp firewall application is an *integral* part of the OS and deals
with inbound protection and therefore does not give you a false sense of
security. Best of all, it doesn't implement lots of nonsense like
pretending that outbound traffic needs to be monitored. And yes,
technically speaking, 'firewall' is really a misnomer.

>>> What were they using on NT4 and on Windows 2000?
>>
>>
>> I don't know.
>
> That doesn't surprise me.

Why is that, and what is that supposed to mean?
Ah, I recall a statement you made in a previous message:
"*We all know* that the Windows firewall is sufficient and good at it's
job...".
I envy you for having the gift to know thoughts of others. (And my crystal
ball ain't working - bummer).

>>>Just because XP got a firewall now anything else has suddenly become
>>>unfit for use?
>>
>>
>> Well, these are throwaway words; If you were more open-minded' in relation
>> to OS's and read (*and* comprehend) through pertinent write-ups (even in
>> this thread), than it'd be obvious to you - and no, I am not a techie

>
> I am more open minded than you are!

But it seems your comprehension is lacking

> I have no quibbles about which
> firewall people decide to use, if they want to use the Windows firewall
> that is fine, the Windows firewall offers protection for what it was
> design to do, there is nothing wrong with it at all. If users want to
> use other good firewalls that offer different features that is fine too,

Agree, as long it is not a 3rd party software (so-called) firewall!
When starting learning to drive a car I wanted to drive on the 'left' side
of the road because at the time I thought there was nothing wrong with it
all, in fact I thought that driving on the middle of the road is much
safer. Boy am I glad that somebody put me straight!

> many of these other firewalls are also good and they do everything that
> the Windows firewall does plus they give users additional features that
> users have asked for. That is fine by me,

We are talking about 3rd party software (so-called) firewall applications!
The user gets easily blinded by all the hype created by the makers of 3rd
party (so-called) firewalls. Now they believe it (your're one of them) and
if an opportunity presents itself I will continue posting links with
articles saying otherwise in order to create some realistic counterbalance.
Heck, even Sunbelt (the makers of Kerio) concede that outbound controll of
their software is basically a useless POS.
In the end it's the user (not you or I) who'll decide.

> I don't care what they use...

Nor do I. But *you* should be ashamed of yourself for making such a
statement. As a MVP you should set an example and advise novices and the
uninformed to the best of your ability and in accordance with your vast and
specialized knowledge (isn't that you've got the 'badge' in the first
place?)! And all you can say "I don't care".

> providing that they use something!

(LOL) I refrain from commenting! Except that I sincerely believe that you
must have demonstrated some skills prior being awarded with a MVP badge.
Would you please stick to these particular skills and refrain from
commenting and/or making statements related to Internet Security!
(Embarrasing, really).

> You on the other hand think that you
> should dictate your views onto others and that you should be telling
> them what to do.

Bunk, you don't know what what I am thinking [PERIOD]!
I provide links to educational articles provided by well respected authors
who are highly regarded and respected in the Internet Security Community;
Their credentials are outstanding!
I know you disregard the writings of these authors as 'nonsense'. You do
recall your statement in a previous post:
"I really don't know why you keep spewing this *nonsense* out..."
'Nuff said.

> You are on a religious zeal to convert the masses.

Call it what you wish. Based on what I know, I am eager providing a counter
balance, the accompanied links of my posts speak for themself (if
understood).

> When users tell you they want other features all you can do is berate
> them and try to impose your views on them.

You tried this before. Providing educational links to the uninformed can
hardly be considered 'berating'.
You're some kind of a frustrated individual, to say the least!

> The fact is that there is
> nothing wrong with many of the third party firewalls out there and if
> users want to use them it really is none of your business.

The fact is there are a lot of things wrong with these Illusion ware! You
just don't seem do understand it. I will continue making it my business
providing links to educational article, so what are you going to do about
it? Users can take heed or ignore these write-ups. Heck, it's a free
country and this is usenet.
If you feel so strong about it, why don't you join a moderated forum!

> You're attempt to discredit all third party firewalls is plainly
> misguided, the facts are that many of these other products are also good
> products and many are free.

Since almost all educational and factual write-ups fail to get commercial
support, my effort to provide this material opposing the hype created by
the makers of 3rd party software (so-called) firwall is justified and
right.
Now be honest, which software company do you work for?

> The bottom line is that you and others in your camp simply cannot back
> that notion that you perpetuate that all third party firewalls are
> incapable of protecting users. That is untrue, it is a lie, plain and
> simple, there is no other way to put it.

The bottom line is that 3rd party (so-called) firewall applications
promoting the importance of 'outbound control" are *without exception*
snake oil!
BTW, aside from your MVP badge, what are your credentials?

 

[Kayman]

On Fri, 18 Jul 2008 16:00:03 -0700, Stinger wrote:


>
> And I've yet to see anyone answer the most important question, you include
> Kerry..
> "Why was the patch even produced by MS if there wasn't a "problem" with the
> OS?"
> Windows has to be changed to work with the new protocol? So either there
> was something wrong with Windows before or after the new protocol was
> invoked...which is it? Can't have it both ways. If everything was fine
> before the new DNS protocol was invoked, we're right back to my question
> above. You don't need to have technical expertise to see when people dance
> cokmpletely around a subject folks.

This may clarify things:

http://securosis.com/2008/07/08/dan-kamins...patch-released/


....Mr. Kaminsky immediately reported the issue to major authorities,
including the United States Computer Emergency Response Team (part of the
Department of Homeland Security), and began working on a coordinated fix.
Engineers from *major technology vendors* around the world converged on the
*Microsoft* campus in March to coordinate their response. All of the
vendors began repairing their products and agreed that a synchronized
release, on a single day, would minimize the risk that malicious
individuals could figure out the vulnerability before all vendors were able
to offer secure versions of their products...


"Dan Kaminsky was finally successful in getting the security research
community to back his claims to the design flaw with DNS."
http://tech.blorge.com/Structure:%20/2008/...d-with-dns-bug/

Happy reading

 

[Phyllis]

Been out of town.

Ran Norton Removal tool, no difference.

Reinstalled Windows updates KB951748, 951978, 890830.

My connectivity issues are throughout the day.

I own Netgear MR814 Router, I believe it is 802.11g. I have already decided
it might be my router going bad since it is 3-4 years old, so I have
unhooked everything and am connected now directly to my cable. So far,
everything is staying connected OK, but has only been a few hours. I am
going to watch for the rest of the weekend. If it continues to work OK, I
am buying a new wireless router. Do you have any recommendations for a good
one? Thanks


"PA Bear [MS MVP]" wrote in message
news:u53wtES5IHA.2332@TK2MSFTNGP03.phx.gbl...
> I'm not giving you attitude, I just need you to answer my questions,
> Phyllis. If you'd like to get voluntary or paid assistance elsewhere,
> please so do.
>
>> ...I believe you should know that SP3 became available before July
>> 8, 2008
>
> SP3 was made available via Windows Update website on or about 07 May-08,
> and
> for a very bried period was being offered to *some* users who'd configured
> Automatic Updates (AU) to "Download but notify" and "Notify Only."
>
> SP3 was made available to all users, independent of their AU settings, at
> 17:00 UTC, 10 Jul-08.
>
>> NO, it is not only after standby that it occurs...
>
> Thank you for answering my specific question.
>
>> I cleaned my machine of all files/traces of Norton after I uninstalled
>> via
>> Add/Remove Programs, but will download/run the removal tool that you
>> provided.
>
> Let me know if running the removal tool helps at all. Norton applications
> are notorious for not uninstalling cleanly, Phyllis. The "remainders"
> left
> behind can have an untold number of affects on performance, including
> connectivity.
>
> Phyllis, what's the make & model of your wireless router? Do you own it
> or
> do you lease it from your ISP there in Conway?
>
> Also tell me if the connectivity issues only seem to occur at specific
> times of the day (e.g., only in the early evening; from 5 PM till
> bedtime).
> --
> ~PA Bear
>
>
> Phyllis wrote:
>> My response from my last post: ("Don't remember date of SP3 install, was
>> right after it became available and I got update notification from
>> Automatic
>> Updates.") I believe you should know that SP3 became available before
>> July
>> 8, 2008. I really appreciate all the help, but can do without the
>> "attitude." I know this problem has been overwhelming to deal with and
>> you
>> are probably tired of incompetent people owning computers but none the
>> less
>> we all have them now.
>>
>> NO, it is not only after standby that it occurs. Also answered in last
>> post. (Usually when I FIRST open Internet Explorer I get this box that
>> says
>> "no internet connection available, do you want to work offline or retry."
>> When I click retry it connects right up. My wireless connection doesn't
>> connect at startup and if I do manage to get it connected it drops during
>> standby.) Does this response not answer the question about having the
>> problem only after standby or hibernation? I have my computer set to
>> never
>> hibernate.
>>
>> Outlook Express also exhibits the same problem.
>>
>> I cleaned my machine of all files/traces of Norton after I uninstalled
>> via
>> Add/Remove Programs, but will download/run the removal tool that you
>> provided. I will also install the updates. Thank you very much for your
>> help.
>>
>>
>> "PA Bear [MS MVP]" wrote in message
>> news:e3tHLOK5IHA.4908@TK2MSFTNGP04.phx.gbl...
>>> [Crossposting eliminated]
>>>
>>> Did you or did you not install WinXP SP3 on or after 08 July 2008?
>>>
>>> You explained your connection problems before. I need to know if you
>>> *only* have such problems after resuming the machine from Standby or
>>> Hibernate? If not, please say so.
>>>
>>> Do any of your other applications (e.g., Outlook Express) exhibit these
>>> connection problems or is it just IE7?
>>>
>>> =========================
>>>> ...I have also had Norton Internet Security during 2006 and 2007.
>>>
>>> 1. If anything named Norton or if LiveUpdate is listed in Add/Remove
>>> Programs, please uninstall it/them.
>>>
>>> 2. Now download/run this removal tool and reboot:
>>> http://service1.symantec.com/SUPPORT/tsgen...005033108162039
>>>
>>> 3. Any improvement in the connectivity department?
>>> =========================
>>>
>>>> I did a system restore yesterday and told Automatic Updates to not show
>>>> me
>>>> KB951748 and KB951978 again.
>>>
>>> Please do NOT use System Restore to "undo" updates. Uninstall them via
>>> Add/Remove Programs instead.
>>>
>>> I would STRONGLY recommend that you get KB951748 and KB951978 installed
>>> again ASAP! You've proven that neither of them caused your problem, and
>>> KB951748 especially *is* a big deal! =>
>>> http://blog.washingtonpost.com/securityfix...net_tues_1.html
>>>
>>> And I can assure you that all responsible ISPs consider it a big deal,
>>> too, and are scrambling to make changes to protect against these
>>> vulnerabilities.
>>> --
>>> ~Robear Dyer (PA Bear)
>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>> AumHa VSOP & Admin http://aumha.net
>>> DTS-L http://dts-l.net/
>>>
>>>
>>> Phyllis wrote:
>>>> I am using microsoft.public.security in my Outlook Express to
>>>> view/reply.
>>>>
>>>> Problem started first part of the week after Windows Updates and AVG
>>>> update.
>>>>
>>>> Don't remember date of SP3 install, was right after it became available
>>>> and
>>>> I got update notification from Automatic Updates. Usually when I first
>>>> open
>>>> Internet Explorer I get this box that says "no internet connection
>>>> available, do you want to work offline or retry." When I click retry
>>>> it
>>>> connects right up. My wireless connection doesn't connect at startup
>>>> and
>>>> if
>>>> I do manage to get it connected it drops during standby.
>>>>
>>>> I use Windows Firewall, but have recently had Zone Alarms but didn't
>>>> like
>>>> some things about it and uninstalled via Add/Remove programs. I have
>>>> run
>>>> a
>>>> search and did not find any files associated with Zone Alarms on my
>>>> computer. I have also had Norton Internet Security during 2006 and
>>>> 2007.
>>>>
>>>> I did a system restore yesterday and told Automatic Updates to not show
>>>> me
>>>> KB951748 and KB951978 again. I did install the Malicious Software
>>>> Tool.
>>>> Problem remains. I am wondering if maybe my internet provider may have
>>>> been
>>>> messing with it trying to resolve this problem themselves. I believe
>>>> it
>>>> was
>>>> on Zone Alarms forum that I read where internet providers were having
>>>> to
>>>> make corrections to their servers too. Don't know if that is correct
>>>> or
>>>> not. I have read so much today, I can hardly remember my name at this
>>>> point. I have it all connected right now and has been working fine for
>>>> the
>>>> last couple of hours. Don't know what is going on.
>>>>
>>>> "PA Bear [MS MVP]" wrote in message
>>>> news:%23bqaawG5IHA.1196@TK2MSFTNGP05.phx.gbl...
>>>>>> I have been experiencing problems with my internet
>>>>>> connection all week.
>>>>>
>>>>> "All week" meaning since you installed KB951748, KB951978, and the
>>>>> Malicious Software Removal Tool on or shortly after 08 July 2008?
>>>>>
>>>>> When did you install WinXP SP3? Was AVG running in the background
>>>>> when
>>>>> you installed SP3? Do you only experience such issues after resuming
>>>>> from
>>>>> Standby or Hibernation?
>>>>>
>>>>> You've told us that ZoneAlarm isn't installed. Is another third-party
>>>>> firewall installed or are you using the Windows Firewall?
>>>>>
>>>>> Has a Norton or McAfee application ever been installed on the machine?
>>>>>
>>>>> Lastly, if you uninstall "Security Update for Windows XP (KB951748)"
>>>>> via
>>>>> Add/Remove Programs & reboot, does the behavior persist?
>>>>>
>>>>> PS: Please tell me which newsgroup you're using to view and reply to
>>>>> this
>>>>> thread. I'd prefer that we discontinue the unnecessary crossposting.
>>>>>
>>>>> Phyllis wrote:
>>>>>> Microsoft Windows Updates this week were KB951748 (Security Update
>>>>>> for
>>>>>> XP),
>>>>>> KB951978 (Update for Windows XP), KB890830 (Windows Malicious
>>>>>> Software
>>>>>> Removal Tool). I have been experiencing problems with my internet
>>>>>> connection all week. Sometimes I can't get it to connect at all, or
>>>>>> a
>>>>>> window will come up and say "there is no internet connection
>>>>>> available,
>>>>>> do I
>>>>>> want to work offline or retry." If I click retry it will connect
>>>>>> right
>>>>>> up.
>>>>>> Then at other times it will connect to the cable connection with no
>>>>>> problem,
>>>>>> but then my wireless connection will not connect, it doesn't even
>>>>>> show
>>>>>> a
>>>>>> network available. After fooling with it (disable, re-enable,
>>>>>> repair)
>>>>>> it
>>>>>> will just finally connect up.
>>>>>>
>>>>>> I had already upgraded to AVG 8.0 several weeks ago. The update this
>>>>>> week
>>>>>> was just a part of daily updates, but required restart of my computer
>>>>>> which
>>>>>> it never did before. It says 8.0.138.
>>>>>>
>>>>>>> What other *Windows* updates did you install this week? Exactly
>>>>>>> what
>>>>>>> problems are you experiencing since installing the July 2008
>>>>>>> updates?
>>>>>>>
>>>>>>> Did you upgrade from AVG v7.5 to v8.0, and are you now running
>>>>>>> v8.1.135?
>>>>>>> --
>>>>>>> Phyllis wrote:
>>>>>>>> Sorry about posting in the wrong place, but I was mainly commenting
>>>>>>>> on
>>>>>>>> the
>>>>>>>> fact that there were others with what seemed like the same problem
>>>>>>>> that
>>>>>>>> did
>>>>>>>> not have ZA.
>>>>>>>>
>>>>>>>> XP SP3, IE 7, and my AVG did an update this week that required
>>>>>>>> restart
>>>>>>>> of
>>>>>>>> my
>>>>>>>> computer which has never happened before, so it is possible they
>>>>>>>> made
>>>>>>>> some
>>>>>>>> changes as well. Has anyone complained about that freebie screwing
>>>>>>>> things
>>>>>>>> up? Seems like everything I have on my computer has been wanting
>>>>>>>> to
>>>>>>>> update
>>>>>>>> today and I'm getting a little gun shy. Thanks
>>>>>>>>
>>>>>>>>> No, sorry. It's been a very long week...
>>>>>>>>>
>>>>>>>>> Then again, you did post in a thread about ZoneAlarm and KB951748
>>>>>>>>> instead
>>>>>>>>> of beginning your own thread.
>>>>>>>>>
>>>>>>>>> What's your Windows version (e.g., WinXP SP3) and IE version,
>>>>>>>>> Phyllis?
>>>>>>>>> What other updates did you install this week besides KB951748?
>>>>>>>>> --
>>>>>>>>> Phyllis wrote:
>>>>>>>>>> So this fix works even if you are not running Zone Alarms?
>>>>>>>>>>
>>>>>>>>>>> ZA's had the fix for several days now:
>>>>>>>
>

 

[Paul (Bornival)]

Intersting comments.
(See details hereunder)

"H.S." wrote:

> Paul (Bornival) wrote:
> >
> > I am amazed by how strongly people linked to MS state that outbound
> > filtering is unecessary or even countreproductive. Yet, other people, not
> > linked to MS, think otherwise. Why is it so ?
> >
>
> Looks like MS does not want to invest time and resources in developing a
> full firewall and is thus marketing and trying to convince its users
> that outbound control is unnecessary.

I giess this is really true and is what I was suspecting.

>
> Historically, MS has wanted their OS to be used by dumb average Joe
> users and thus tuned its system as such. Consequently, they compromised
> on multiuser features, restricted user usage habits and proper computer
> terminology. Result: Almost all users believe Windows must be run in
> admin mode. They do not gain any basic knowledge about computers which
> is commonplace among computer technologists (MS uses its own
> nomenclature, as you mentioned, probably based on recommendations by
> marketing drones). All this leads to significant ignorance of important
> issues related to computer security.


Also a very good point. This habit of MS to give other names to things
already existing under a well known, common name is really annoying. It goes
even from one version of Windows to the next, as seen in Vista for which I
lost a lot of time finding things which I knew rom WinXP but eventually got
other names...

>
> But to be fair, these marketing strategies also resulted in the boom of
> personal computer.


I'am not so sure about that. Marketing people tend to think they (and their
recepes) make the market, but they never conduct real stidies to prove that.
In the case of Windows, I guess the success stems from two elements:
- an open base for software developpers to construct their programs (and
this is actually one oint that is being forgotten by MS ... see the problem
of ZA and KB951748 that spraked all this discussion)
- the rapid incoporation in MS products of the good things from other
programs (see Word, that was clearly inferior to other word processing
packages, but improved ... now, it also got its sucess because MS made
access to Win difficult for other programs when moving from MS-Dos to
Windows)...
>
> Also, the strict control over licenses also played a very important role
> in making Linux what it is today: secure, open source and, these days,
> with better GUI than Windows in many respects. Had Windows been "open",
> maybe there would not have been as much impetus in making Linux distros
> so user friendly. I have myself seen that current version of Ubuntu is
> much more easier to install than Windows!
>
>
>
>
>
>

 

[Harry Johnston [MVP]]

V Green wrote:

> ZA WORKED before the update. The update BROKE it.
> So it's ZA's problem?

Strictly speaking, ZA prevented the update from functioning properly. For the
record, according to my best understanding of the technical details of the
conflict, even if Microsoft had known about the issue there wasn't anything they
could have done about it.

Harry.

 

[Harry Johnston [MVP]]

John John (MVP) wrote:

> When users tell you they want other features all you can do is berate
> them and try to impose your views on them. The fact is that there is
> nothing wrong with many of the third party firewalls out there [...]

Except that they subvert the functionality of the operating system, increasing
the risk of ... well, to choose an example completely at random, losing internet
connectivity after applying a security update.

It's a trade-off. There is some security benefit - provided the malware in
question is carelessly written - but is it worth the costs?

On the whole, the computer security industry spends enough on advertising that I
don't think it hurts to have the occasional person noisily presenting the other
side of the case!

Harry.