ZoneAlarm & KB951748 - My Fix Works!

  • Thread starter Thread starter ju.c
  • Start date Start date
I clearly wrote, "(Before the latest ZoneAlarm update)"

"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:#atBgmB5IHA.776@TK2MSFTNGP04.phx.gbl...
> ju.c wrote:
>> ZoneAlarm & KB951748 - Where's my internet?
>>
>> My solution that actually works after trying all those below and on
>> every other post, and you can keep all your other settings alone:
>>
>> 1. Open ZoneAlarm's 'Firewall' tab.
>> 2. Click the 'Custom' button under 'Internet Zone Security'.
>> 3. On the 'Internet Zone' section scroll down to 'Allow outgoing UDP
>> ports'.
>> 4. Check it and enter "80-3000", click 'Apply' button.
>> 5. Do the same for 'Allow outgoing TCP ports'.
>> 6. Click OK.
>>
>> * The range "80-3000" is just a guess on my part, if anyone knows a
>> better range please post it.
>>
>> Please post success or failure, thank you.
>>
>>
>> ZoneAlarm is investigating the issue with Microsoft update KB951748:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&thread.id=52785
>>
>> To solve this, just reset the ZA database and the ZA will be
>> "fresh" as when it was first installed:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
>>
>> ZoneAlarm Customer Care How to Perform a Clean Install:
>> http://www2.nohold.net/noHoldCust542/Prod_1/Articles55646/clean_install.html
>>
>> MS update KB951748 and ZoneAlarm:
>> http://www.dslreports.com/forum/r20759839-MS-update-KB951748-and-ZoneAlarm-PROBLEM
>>
>> *** Where the real blame lies!!!
>> Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor
>> Patch Released:
>> http://securosis.com/2008/07/08/dan...ue-in-dns-massive-multivendor-patch-released/
>>
>> To find out if the DNS server you use is vulnerable:
>> http://doxpara.com/

>
> Gis Bun wrote:
>> You don't want to open up ports as it opens up a can of worms. Your
>> suggestion opens around 2920 TCP and UDP ports.
>>
>> Take ZoneAlarms section option. It is the most secure.

>
> ju.c wrote:
>> I've asked this question a few times before, how is it possible to
>> be so dumb?
>>
>> What ports are opened?

>
> Gis Bun wrote:
>> Now I'm not a network security expert, but I do know [and probably
>> obvious] that the less you enable to the Internet, the better.
>>
>> When someone tries to hack into your system [all this of course is
>> an example], they will use a utility to scan ports to see which are
>> accessible. Once the port is open, they could have access to your
>> PC.
>> Alternatively, if your PC was infected with a trojan and you opened
>> a bunch of ports, the trojan may be programmed well enough to exit
>> your PC through an open port.

>
> ju.c wrote:
>> I'm going to enlighten you once and for all, you stupid fool, Gis
>> Bun!
>> (Before the latest ZoneAlarm update)
>>
>> Option 1
>> What to do - Move the slider from Stealth to Medium.
>> What it does - Enables all outgoing ports. (and more)
>>
>> Option 2
>> What to do - Uninstall KB951748.
>> What it does - Leaves you vulnerable.
>>
>> Option 3
>> What to do - Uninstall ZoneAlarm and use the Windows firewall.
>> What it does - Keep KB951748. Loose ZoneAlarm. No outgoing port
>> control.
>> My Option 4
>> What to do - Only allow limited outgoing ports.
>> What it does - Keeps ZoneAlarm on Stealth. You keep KB951748. Only
>> a few outgoing opened ports. Almost full security maintained.

>
> I am happy you found a solution (work-around) for the problem - but as you implied
> yourself (above) - it is a moot point now. Zone Alarm admitted and repaired their issue
> by releasing an update.
>
> What the last sentence says to me is, "everything else done prior to the update (your
> solution included) was not the optimum solution and now there *is* an optimum solution
> for those who feel they need something like Zone Alarm to 'protect' their system - which
> is to update to the latest version."
>
> There actually was a 'more secure option' than any of the ones listed above (before the
> patch - again this is a moot point) available out there...
>
> -----
> Add your DNS servers to trusted zone
>
> 1. From the "Overview" panel, select the "Firewall" panel then click on the "Zones" tab
> 2. Click "Add", then select "IP address" from the shortcut menu. The Add IP Address
> dialog appears. Select "trusted" from the Zone drop-down list
> 3. Type the IP address and a description in the boxes provided, then click "OK"
> 4. If you are not sure what IP addresses to add:
> - Click the Start Menu
> - Click on Run. Type "cmd.exe"
> - In the command prompt type: "ipconfig /all". Look for DNS Server(s)
> in the output of the command.
> - For each IP address listed, navigate to the "Zones" panel of the
> "Firewall" tab, add the IP address, select "Trusted Zone", and
> press "Apply"
> 5. After you are done adding DNS servers click the "Apply" button
> -----
>
> But again - all a moot point now.
>
> If someone feels they need the 'protection' that Zone Alarm gives them over that of the
> Windows SP2 Firewall - then their best course of action is to apply the latest version
> of Zone Alarm as suggested by the manufacturer themselves. I hope that anyone still out
> there experiencing this issue and searching for an answer that happens across this
> conversation first does *that* suggestion above all others (but - they are welcome to do
> the rest - their life.)
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
 
And I also clearly said, "My solution that actually works after trying all those below and
on every other post."

"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:#atBgmB5IHA.776@TK2MSFTNGP04.phx.gbl...
> ju.c wrote:
>> ZoneAlarm & KB951748 - Where's my internet?
>>
>> My solution that actually works after trying all those below and on
>> every other post, and you can keep all your other settings alone:
>>
>> 1. Open ZoneAlarm's 'Firewall' tab.
>> 2. Click the 'Custom' button under 'Internet Zone Security'.
>> 3. On the 'Internet Zone' section scroll down to 'Allow outgoing UDP
>> ports'.
>> 4. Check it and enter "80-3000", click 'Apply' button.
>> 5. Do the same for 'Allow outgoing TCP ports'.
>> 6. Click OK.
>>
>> * The range "80-3000" is just a guess on my part, if anyone knows a
>> better range please post it.
>>
>> Please post success or failure, thank you.
>>
>>
>> ZoneAlarm is investigating the issue with Microsoft update KB951748:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&thread.id=52785
>>
>> To solve this, just reset the ZA database and the ZA will be
>> "fresh" as when it was first installed:
>> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
>>
>> ZoneAlarm Customer Care How to Perform a Clean Install:
>> http://www2.nohold.net/noHoldCust542/Prod_1/Articles55646/clean_install.html
>>
>> MS update KB951748 and ZoneAlarm:
>> http://www.dslreports.com/forum/r20759839-MS-update-KB951748-and-ZoneAlarm-PROBLEM
>>
>> *** Where the real blame lies!!!
>> Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor
>> Patch Released:
>> http://securosis.com/2008/07/08/dan...ue-in-dns-massive-multivendor-patch-released/
>>
>> To find out if the DNS server you use is vulnerable:
>> http://doxpara.com/

>
> Gis Bun wrote:
>> You don't want to open up ports as it opens up a can of worms. Your
>> suggestion opens around 2920 TCP and UDP ports.
>>
>> Take ZoneAlarms section option. It is the most secure.

>
> ju.c wrote:
>> I've asked this question a few times before, how is it possible to
>> be so dumb?
>>
>> What ports are opened?

>
> Gis Bun wrote:
>> Now I'm not a network security expert, but I do know [and probably
>> obvious] that the less you enable to the Internet, the better.
>>
>> When someone tries to hack into your system [all this of course is
>> an example], they will use a utility to scan ports to see which are
>> accessible. Once the port is open, they could have access to your
>> PC.
>> Alternatively, if your PC was infected with a trojan and you opened
>> a bunch of ports, the trojan may be programmed well enough to exit
>> your PC through an open port.

>
> ju.c wrote:
>> I'm going to enlighten you once and for all, you stupid fool, Gis
>> Bun!
>> (Before the latest ZoneAlarm update)
>>
>> Option 1
>> What to do - Move the slider from Stealth to Medium.
>> What it does - Enables all outgoing ports. (and more)
>>
>> Option 2
>> What to do - Uninstall KB951748.
>> What it does - Leaves you vulnerable.
>>
>> Option 3
>> What to do - Uninstall ZoneAlarm and use the Windows firewall.
>> What it does - Keep KB951748. Loose ZoneAlarm. No outgoing port
>> control.
>> My Option 4
>> What to do - Only allow limited outgoing ports.
>> What it does - Keeps ZoneAlarm on Stealth. You keep KB951748. Only
>> a few outgoing opened ports. Almost full security maintained.

>
> I am happy you found a solution (work-around) for the problem - but as you implied
> yourself (above) - it is a moot point now. Zone Alarm admitted and repaired their issue
> by releasing an update.
>
> What the last sentence says to me is, "everything else done prior to the update (your
> solution included) was not the optimum solution and now there *is* an optimum solution
> for those who feel they need something like Zone Alarm to 'protect' their system - which
> is to update to the latest version."
>
> There actually was a 'more secure option' than any of the ones listed above (before the
> patch - again this is a moot point) available out there...
>
> -----
> Add your DNS servers to trusted zone
>
> 1. From the "Overview" panel, select the "Firewall" panel then click on the "Zones" tab
> 2. Click "Add", then select "IP address" from the shortcut menu. The Add IP Address
> dialog appears. Select "trusted" from the Zone drop-down list
> 3. Type the IP address and a description in the boxes provided, then click "OK"
> 4. If you are not sure what IP addresses to add:
> - Click the Start Menu
> - Click on Run. Type "cmd.exe"
> - In the command prompt type: "ipconfig /all". Look for DNS Server(s)
> in the output of the command.
> - For each IP address listed, navigate to the "Zones" panel of the
> "Firewall" tab, add the IP address, select "Trusted Zone", and
> press "Apply"
> 5. After you are done adding DNS servers click the "Apply" button
> -----
>
> But again - all a moot point now.
>
> If someone feels they need the 'protection' that Zone Alarm gives them over that of the
> Windows SP2 Firewall - then their best course of action is to apply the latest version
> of Zone Alarm as suggested by the manufacturer themselves. I hope that anyone still out
> there experiencing this issue and searching for an answer that happens across this
> conversation first does *that* suggestion above all others (but - they are welcome to do
> the rest - their life.)
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
 
ju.c wrote:
> ZoneAlarm & KB951748 - Where's my internet?
>
> My solution that actually works after trying all those below and on
> every other post, and you can keep all your other settings alone:
>
> 1. Open ZoneAlarm's 'Firewall' tab.
> 2. Click the 'Custom' button under 'Internet Zone Security'.
> 3. On the 'Internet Zone' section scroll down to 'Allow outgoing UDP
> ports'.
> 4. Check it and enter "80-3000", click 'Apply' button.
> 5. Do the same for 'Allow outgoing TCP ports'.
> 6. Click OK.
>
> * The range "80-3000" is just a guess on my part, if anyone knows a
> better range please post it.
>
> Please post success or failure, thank you.
>
>
> ZoneAlarm is investigating the issue with Microsoft update KB951748:
> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&thread.id=52785
>
> To solve this, just reset the ZA database and the ZA will be
> "fresh" as when it was first installed:
> http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
>
> ZoneAlarm Customer Care How to Perform a Clean Install:
> http://www2.nohold.net/noHoldCust542/Prod_1/Articles55646/clean_install.html
>
> MS update KB951748 and ZoneAlarm:
> http://www.dslreports.com/forum/r20759839-MS-update-KB951748-and-ZoneAlarm-PROBLEM
>
> *** Where the real blame lies!!!
> Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor
> Patch Released:
> http://securosis.com/2008/07/08/dan...ue-in-dns-massive-multivendor-patch-released/
>
> To find out if the DNS server you use is vulnerable:
> http://doxpara.com/


Gis Bun wrote:
> You don't want to open up ports as it opens up a can of worms. Your
> suggestion opens around 2920 TCP and UDP ports.
>
> Take ZoneAlarms section option. It is the most secure.


ju.c wrote:
> I've asked this question a few times before, how is it possible to
> be so dumb?
>
> What ports are opened?


Gis Bun wrote:
> Now I'm not a network security expert, but I do know [and probably
> obvious] that the less you enable to the Internet, the better.
>
> When someone tries to hack into your system [all this of course is
> an example], they will use a utility to scan ports to see which are
> accessible. Once the port is open, they could have access to your
> PC.
> Alternatively, if your PC was infected with a trojan and you opened
> a bunch of ports, the trojan may be programmed well enough to exit
> your PC through an open port.


ju.c wrote:
> I'm going to enlighten you once and for all, you stupid fool, Gis
> Bun!
> (Before the latest ZoneAlarm update)
>
> Option 1
> What to do - Move the slider from Stealth to Medium.
> What it does - Enables all outgoing ports. (and more)
>
> Option 2
> What to do - Uninstall KB951748.
> What it does - Leaves you vulnerable.
>
> Option 3
> What to do - Uninstall ZoneAlarm and use the Windows firewall.
> What it does - Keep KB951748. Loose ZoneAlarm. No outgoing port
> control.
> My Option 4
> What to do - Only allow limited outgoing ports.
> What it does - Keeps ZoneAlarm on Stealth. You keep KB951748. Only
> a few outgoing opened ports. Almost full security maintained.


Shenan Stanley wrote:
> I am happy you found a solution (work-around) for the problem - but
> as you implied yourself (above) - it is a moot point now. Zone
> Alarm admitted and repaired their issue by releasing an update.
>
> What the last sentence says to me is, "everything else done prior
> to the update (your solution included) was not the optimum solution
> and now there *is* an optimum solution for those who feel they need
> something like Zone Alarm to 'protect' their system - which is to
> update to the latest version."
> There actually was a 'more secure option' than any of the ones
> listed above (before the patch - again this is a moot point)
> available out there...
> -----
> Add your DNS servers to trusted zone
>
> 1. From the "Overview" panel, select the "Firewall" panel then
> click on the "Zones" tab
> 2. Click "Add", then select "IP address" from the shortcut menu.
> The Add IP Address dialog appears. Select "trusted" from the Zone
> drop-down list 3. Type the IP address and a description in the boxes
> provided,
> then click "OK"
> 4. If you are not sure what IP addresses to add:
> - Click the Start Menu
> - Click on Run. Type "cmd.exe"
> - In the command prompt type: "ipconfig /all". Look for DNS
> Server(s) in the output of the command.
> - For each IP address listed, navigate to the "Zones" panel of the
> "Firewall" tab, add the IP address, select "Trusted Zone", and
> press "Apply"
> 5. After you are done adding DNS servers click the "Apply" button
> -----
>
> But again - all a moot point now.
>
> If someone feels they need the 'protection' that Zone Alarm gives
> them over that of the Windows SP2 Firewall - then their best course
> of action is to apply the latest version of Zone Alarm as suggested
> by the manufacturer themselves. I hope that anyone still out there
> experiencing this issue and searching for an answer that happens
> across this conversation first does *that* suggestion above all
> others (but - they are welcome to do the rest - their life.)


ju.c wrote:
> I clearly wrote, "(Before the latest ZoneAlarm update)"


ju.c wrote:
> And I also clearly said, "My solution that actually works after
> trying all those below and on every other post."


I never said your solution did not work (for you or anyone else).

I quoted everything you had said in this conversation thread.

My "I am happy you found a solution (work-around) for the problem - but as
you implied yourself (above) - it is a moot point now." was confirming what
you had said ("Before the latest ZoneAlarm update") and pointing out you
knew what your solution meant now (the real solution has been released, a
work-around is unnecessary.)

In my opinion, you saying, "My solution that actually works after trying all
those below and on every other post" means very little unless you specify
the posts and what you have tried - after all - who knows what you see in
comparison to what I see on these newsgroups (depends on how your news
server synchronizes, what news server you use, when you check for new posts,
how often, how your newsreader is configured, etc.)

I gave the (now moot) solution I did because in your list of options (a
later post of yours, quoted above) - you did not include the solution I
quoted as one of the options being compared to. It was - actually - a more
secure option than the one you provided and confirmed to work by many
people.

In other words - I had/have no argument with you, congratulated you on
finding a solution that worked for you, gave an additional (now moot)
solution and made sure anyone reading this thread knew there was an official
fix and that nothing in this thread really mattered beyond that anymore.

Anyone searching for a solution to 'no internet after patching' that uses
Zone Alarm should do this:
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
 
Back
Top