RSSCheckPoint issues fix for ZoneAlarm problem after DNS patch
By Scott M. Fulton, III | Published July 11, 2008, 1:20 PM
BetaNews has confirmed through testing that CheckPoint's latest build of ZoneAlarm, issued yesterday in response to a problem arising from a Microsoft patch to a major DNS security problem, fixes a major problem with Internet access.
When Microsoft issued a major fix on Tuesday, to the way it handles the Domain Name System, that fix was necessary in order to avert a possible severe exploit of the entire Internet. Microsoft was cooperating in a joint effort, which also involved Linux distributions, to upgrade the world's DNS servers.
An unfortunate side-effect was that some Windows-based firewalls became problematic, most notably including ZoneAlarm and ZoneAlarm Pro. Windows XP Professional-based systems were reporting inability to access the Internet while the Internet Zone Security setting was on High. BetaNews confirmed this problem.
Last night -- after a thorough cleaning of our virtual Windows XP Professional test platform, on account of damage suffered in an unrelated test -- BetaNews confirmed that CheckPoint's latest build of ZoneAlarm Pro (7.0.483) does address and fix this problem. Web access is now completely restored with Internet Zone Security set back from Medium (which was CheckPoint's suggested workaround setting) to High.
The accessibility problem was most likely not due to an architectural flaw with ZoneAlarm, but rather an unfortunate side-effect of a fundamental change in Windows' handling of DNS, enabling source port randomization so that DNS requests do not always originate from either the same port or a predictable port number.
I have uninstalled the MS patch and installed latest build on ZA Security Suite. I still cannot connect to the internet. Any suggestions on how to fix this problem?
Thanks
Score: 0
|When I discovered the problem with Zonealarm, (via ATT), I uninstalled it, and installed Ghostwall in place of it. Should I reinstall Zonealarm, and uninstall Ghostwall? I have OS 2k as well as XP home. Thanks.
Score: 0
|Installed the Patch from Checkpoint, they issued it fast and it works a treat;)
Score: 0
|Disabling, Zone Alarm, you 'll find resolves it, for proof at least.
Score: 0
|Another fix I have heard about, is to simply re-install Zone Alarm again. Yes a pain, but I've heard it some podcasts saying this will also work.
Score: 0
|Another fix I have heard about, is to simply un-install Zone Alarm again. Yes a pain, but I've heard it some podcasts saying this will also work.
Score: 0
|DNS problem?
Your solution: http://www.opendns.com
Problem solved.
Score: 0
|Used opendns for work and home, and I had no issues with resolving addresses, but I had issues with its "search" service on not finding dns entries. It was very very slow and even the quality of results were terrible.
Score: 0
|I agree the idea of opendns is great and I would love to use it. Unfortunately until that Hong Kong center opens it's quite slow for me.
The Hong Kong datacenter has been planned since 2006. Wonder what is going on there.
Score: 0
|Meanwhile, the less computer savvy are still thinking "why can't i get on the internets" =P
ZoneAlarm should be taken to task for making such a mistake
Score: 0
|Yup my parents called saying microsoft did some patched and their computers wouldn't get on the internet. I figured it was Zonealarm so i had um disable it and now it works.
Score: 0
|The best solution is to uninstall the fix. It blocks port 80 no matter which FW you use.
Score: 0
|Same problem with Windows 2000 SP4. Looks like this effected more than just XP.
Score: 0
|It fixes were in response to the way DNS itself is operates. Windows just pushed out the fixes.
It will be the very odd firewall that it does not affect!
Score: 0
|Let me be the first to make an utterly outrageous speculative gamble.
I predict ....is everyone seated or holding onto something substantial (no, Ghost Buster! I mean something really substantial! You know, as in hard and immobile...)...that ALL of the currently supported effected software firewalls will have fixes made available to address changes made in order to mitigate the DNS poisoning exposure.
How's that for a 'radical prognostication'?
Don't worry Ghost Buster, they will explain it at the next Buffy convention.
Score: 0
|*yawn*
Sure keep making yourself look like the town fool, noone cares :)
Score: 0
|"noone" is not oneword. lol
Score: 0
|And english is not my main language. Welcome to the internet
Score: 0
|Neither is logic, Ghost Buster.
Welcome to the "Internet".
So just who is the no one that is not responding? If they didn't care, there would be no response. But you might consider becoming one. We won't miss you.
I bet those Buffy posters you have all over your bedroom walls in your parents house are 'really cool'! LOL!
Score: 0
|"Neither is logic, Ghost Buster"
Says the man who failed logic while trying to insult me in a previous thread?
Sad sad man
Score: 0
|