On Mon, 14 Jul 2008 11:09:12 -0400, "H.S."

<hs.samREMOVEMEix@google.com> wrote:

>Root Kit wrote:

>

>> security enhancements of Vista. Outbound control on an XP platform as

>> a security measure against malware is still utter nonsense.

>>

>

>I am not sure I understand the above statement. I am curious what it

>really means. Could you please explain and give an example or two.

 

The windows platform was designed with usability in mind providing all

kinds of possibilities for e.g. inter-process communication. This

together with the very high probability that the user is running with

unrestricted rights makes it impossible to prevent malware allowed to

run and determined to by-pass any outbound "control" (which, of course

modern malware is) from doing so. It's simply too unreliable to

qualify as a security measure.

 

Malware must be stopped at the front door and *not* allowed to run

believing that its behavior can be somehow "controlled". In a

multi-purpose OS like windows with all programs running with

unrestricted rights, if program A can control program B, what prevents

program B from controlling program A (or C which A has already granted

permission for that matter)?

Root Kit wrote:

> On Mon, 14 Jul 2008 11:09:12 -0400, "H.S."

> <hs.samREMOVEMEix@google.com> wrote:

>

>> Root Kit wrote:

>>

>>> security enhancements of Vista. Outbound control on an XP platform as

>>> a security measure against malware is still utter nonsense.

>>>

>> I am not sure I understand the above statement. I am curious what it

>> really means. Could you please explain and give an example or two.

>

> The windows platform was designed with usability in mind providing all

> kinds of possibilities for e.g. inter-process communication. This

> together with the very high probability that the user is running with

> unrestricted rights makes it impossible to prevent malware allowed to

> run and determined to by-pass any outbound "control" (which, of course

> modern malware is) from doing so. It's simply too unreliable to

> qualify as a security measure.

>

> Malware must be stopped at the front door and *not* allowed to run

> believing that its behavior can be somehow "controlled". In a

> multi-purpose OS like windows with all programs running with

> unrestricted rights, if program A can control program B, what prevents

> program B from controlling program A (or C which A has already granted

> permission for that matter)?

 

Hence the rule that one should not be logged in with administrative

rights for day to day usage of Windows unless doing computer maintenance

tasks. Your reasoning above just proves that this makes perfect sense.

The users who are logged in with admin privileges and not *extremely*

careful about their browsing habits get what they ask for when their

computer is hosed due to malware.

 

On the other hand, if Windows demands that it be always run with admin

rights, it is just not designed properly then. But to be fair, I don't

think any sane person even at Redmond will suggest using Windows with

full admin rights always in today's internet world.

On Tue, 15 Jul 2008 12:01:59 -0400, "H.S."

<hs.samREMOVEMEix@google.com> wrote:

>Hence the rule that one should not be logged in with administrative

>rights for day to day usage of Windows unless doing computer maintenance

>tasks. Your reasoning above just proves that this makes perfect sense.

>The users who are logged in with admin privileges and not *extremely*

>careful about their browsing habits get what they ask for when their

>computer is hosed due to malware.

 

I'd like to clarify that there are tricks that still work perfectly

well for a malware running with restricted rights. It just rules out

some of the options.

"Shenan Stanley" wrote:

 

> What would have been the 'thing to do' with all these variables in place, in

> your opinion?

>

> --

> Shenan Stanley

> MS-MVP

> --

> How To Ask Questions The Smart Way

> http://www.catb.org/~esr/faqs/smart-questions.html

 

I think that the obvious things that MS could have been doing, given the

known disruptive effect KB951748 could have had on Internet connections, are:

- making KB951748 NOTinstalling automatically and without warning (as it

occured to all of the computers I look after ... and which were all blocked

in succession until we discovered what was going on ...)

- to clealy state, during the installation procedure, that the user had to

check for potential incompatibilities with some firewals ... and to see

her/his administrator in case of doubt.

 

In our case, this would have prevented us from loosing several hours to

determine the cause of the problem...

 

Note: as result of this situation, all our computers are now set to no

longer automatically install Microsoft updates until these are tested on one

computer ... To some extent, MS killed it-self the process of automatic

updating...

 

Paul

>

>

>

"Root Kit" wrote:

> On Mon, 14 Jul 2008 11:09:12 -0400, "H.S."

> <hs.samREMOVEMEix@google.com> wrote:

>

> >Root Kit wrote:

>

> Malware must be stopped at the front door and *not* allowed to run

> believing that its behavior can be somehow "controlled". In a

> multi-purpose OS like windows with all programs running with

> unrestricted rights, if program A can control program B, what prevents

> program B from controlling program A (or C which A has already granted

> permission for that matter)?

 

I'll give a simple example where outbound control would have prevented what

was nearly a disaster. One of our computer was inadvertently infected by a

malware that used the Outlook address book of the user and start sending

e-mails to all addressees... If ZA would have been installed, this would not

have happened because it can be configured to block the sending of mass

e-mails. Outbound protection may not catch everythig and is not perfect, but

why not using it if you can ?

>

"Root Kit" wrote:

> On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival)

> <PaulBornival@discussions.microsoft.com> wrote:

> > (I did so after seeing my unprotected WinXP computers so easily

> >attacked ...).

>

> This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.

> Pre SP2, all you needed to do was turn the FW on, or even better -

> shut down unnecessary network services, which MS unfortunately has a

> bad habit of having running by default.

 

The sucessfull attacks on WinXP computers I was were before the introduction

of SP2. This was completely and effectively avoided after installing ZA.

When SP2 was introduced, I compared ZA with the SP2 firewall, and found that

ZA was eventually easier to adjust to our needs. This is why I remained

faithfl to ZA (and I'm not the only one...). Note that turning off WinXP

network services was not possible (or largely unpractical) given our needs of

communication between computers.

On Wed, 16 Jul 2008 00:07:46 -0700, Paul (Bornival)

<PaulBornival@discussions.microsoft.com> wrote:

>The sucessfull attacks on WinXP computers I was were before the introduction

>of SP2. This was completely and effectively avoided after installing ZA.

 

True - but could easily have been avoided by shutting down unnecessary

services, adding a simple packet filter or activating the build-in

one.

>When SP2 was introduced, I compared ZA with the SP2 firewall, and found that

>ZA was eventually easier to adjust to our needs. This is why I remained

>faithfl to ZA (and I'm not the only one...).

 

I wonder what your needs are.

>Note that turning off WinXP network services was not possible (or largely

>unpractical) given our needs of communication between computers.

 

How do you expect ZA to protect services you need to make available?

On Wed, 16 Jul 2008 00:04:54 -0700, Paul (Bornival)

<PaulBornival@discussions.microsoft.com> wrote:

>I'll give a simple example where outbound control would have prevented what

>was nearly a disaster.

 

Would have? - So it was a disaster?

>One of our computer was inadvertently infected by a

>malware that used the Outlook address book of the user and start sending

>e-mails to all addressees...

 

The key issue here is:

 

How did this malware get in? - and why was it allowed to run in the

first place? Because that part is security related. The rest is just

damage control based on blind luck.

> If ZA would have been installed, this would not

>have happened because it can be configured to block the sending of mass

>e-mails.

 

Sure. Unfortunately, it can be configured to do a lot of nonsense.

>Outbound protection may not catch everythig and is not perfect, but

>why not using it if you can ?

 

For the same reason you don't constantly wear a helmet just in case

someone drops something from an aero plane.

 

Outbound protection (host based) is not for free. It comes at a cost

which can be hard for layman to asses. The added system complexity of

installing a bunch of potentially vulnerable code of questionable

quality and functionality and the cons that follow from that, must be

weighed against the possible pros.

 

You make a computer secure by removing unnecessary stuff and fixing

what is broken - not by adding further potentially vulnerable code to

an already insecure code base.

On Wed, 16 Jul 2008 00:07:46 -0700, Paul (Bornival) wrote:

> "Root Kit" wrote:

>

>> On Sun, 13 Jul 2008 18:03:01 -0700, Paul (Bornival)

>> <PaulBornival@discussions.microsoft.com> wrote:

>>> (I did so after seeing my unprotected WinXP computers so easily

>>>attacked ...).

>>

>> This is nonsense. An "unprotected" XP (SP2+) is not easily attacked.

>> Pre SP2, all you needed to do was turn the FW on, or even better -

>> shut down unnecessary network services, which MS unfortunately has a

>> bad habit of having running by default.

>

> The sucessfull attacks on WinXP computers I was were before the introduction

> of SP2. This was completely and effectively avoided after installing ZA.

> When SP2 was introduced, I compared ZA with the SP2 firewall, and found that

> ZA was eventually easier to adjust to our needs. This is why I remained

> faithfl to ZA (and I'm not the only one...). Note that turning off WinXP

> network services was not possible (or largely unpractical) given our needs of

> communication between computers.

 

Educational reading (not only for Vista users).

 

Managing the Windows Vista Firewall

http://technet.microsoft.com/en-us/magazine/cc510323.aspx

ZoneAlarm

 

Do these people not understand that we have NO internet access on the

computers affected. The FIRST PROBLEM is to FIX THAT. Without internet

connection I can't download any patches in any order. The ZoneAlarm fixes

don't work to reconnect to the internet.

 

This problem seems to affect MORE than they are admitting. I don't have the

KB951748 update installed and I'm still having trouble. Uninstalling

ZoneAlarm doesn't solve the problem either.

 

 

 

 

"PA Bear [MS MVP]" wrote:

> [Crossposted to Windows Update, WinXP General, IE General, Security,

> Security Home Users newsgroups]

>

> Resolution [was Workaround] for Sudden Loss of Internet Access Problem

> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

> (revised multiple times since release on 08 July 2008)

>

> NB: Do NOT use Option #2 if at all possible! The vulnerability addressed by

> KB951748 *is* a big deal! See

> http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html

>

> Want to consider other, more highly-rated firewalls?

> http://www.matousec.com/projects/firewall-challenge/results.php

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> AumHa VSOP & Admin http://aumha.net

> DTS-L http://dts-l.net/

>

>

Root Kit wrote:

> On Tue, 15 Jul 2008 12:01:59 -0400, "H.S."

> <hs.samREMOVEMEix@google.com> wrote:

>

>> Hence the rule that one should not be logged in with administrative

>> rights for day to day usage of Windows unless doing computer maintenance

>> tasks. Your reasoning above just proves that this makes perfect sense.

>> The users who are logged in with admin privileges and not *extremely*

>> careful about their browsing habits get what they ask for when their

>> computer is hosed due to malware.

>

> I'd like to clarify that there are tricks that still work perfectly

> well for a malware running with restricted rights. It just rules out

> some of the options.

 

Using a computer with admin rights by an average Joe user is, well, not

a smart thing to do (being very polite here).

 

If an OS demands that its users run as admins all the time, the OS is

poorly designed.

Re: ZoneAlarm

 

CharlieG wrote:

> Do these people not understand that we have NO internet access on

> the computers affected. The FIRST PROBLEM is to FIX THAT.

> Without internet connection I can't download any patches in any

> order. The ZoneAlarm fixes don't work to reconnect to the internet.

>

> This problem seems to affect MORE than they are admitting. I don't

> have the KB951748 update installed and I'm still having trouble.

> Uninstalling ZoneAlarm doesn't solve the problem either.

 

If you do not have the Microsoft patch (KB951748 ) installed nor do you have

Zone Alarm installed and you still cannot connect to the Internet - your

problem is certainly different and probably unrelated other than by

coincidental timing...?

 

--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html

Re: ZoneAlarm

 

CharlieG wrote:

>Do these people not understand that we have NO internet access on the

>computers affected. The FIRST PROBLEM is to FIX THAT. Without internet

>connection I can't download any patches in any order. The ZoneAlarm fixes

>don't work to reconnect to the internet.

>

>This problem seems to affect MORE than they are admitting. I don't have the

>KB951748 update installed and I'm still having trouble. Uninstalling

>ZoneAlarm doesn't solve the problem either.

>

>

>

>

>>

>>

Get rid of ZoneAlarm completely because you don't need it for two reasons:

 

1) MS has already given you a free software based FIREWALL

 

2) If you are using a broadband to connect to the net, then you must be

using a modem or a router which already has its own, harware based,

FIREWALL

 

Now you don't need another firewall for the sake of it being given away

for free. There is no such thing as free lunch. What they have given

you is a software that is not capable of cohabiting with MS OS. You

have to decide whether you want to use another OS which works with

ZONEALARM or you simply stay with MS OS. The choice is yours.

 

Hope this helps.

Re: ZoneAlarm

 

Hi Charlie,

 

It appears there may be varying degrees of the connection problem since some

people (me included) could get internet access merely by changing the

settings on ZA and thus could download the fix which totally cured the

problem.

 

--

Regards

 

Ron Badour

MS MVP

Windows Desktop Experience

 

 

"CharlieG" <CharlieG@discussions.microsoft.com> wrote in message

news:5BBF7DB9-ADE2-4836-9B3D-B33DFE04F39C@microsoft.com...

> Do these people not understand that we have NO internet access on the

> computers affected. The FIRST PROBLEM is to FIX THAT. Without internet

> connection I can't download any patches in any order. The ZoneAlarm fixes

> don't work to reconnect to the internet.

>

> This problem seems to affect MORE than they are admitting. I don't have

> the

> KB951748 update installed and I'm still having trouble. Uninstalling

> ZoneAlarm doesn't solve the problem either.

>

>

>

>

> "PA Bear [MS MVP]" wrote:

>

>> [Crossposted to Windows Update, WinXP General, IE General, Security,

>> Security Home Users newsgroups]

>>

>> Resolution [was Workaround] for Sudden Loss of Internet Access Problem

>> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

>> (revised multiple times since release on 08 July 2008)

>>

>> NB: Do NOT use Option #2 if at all possible! The vulnerability addressed

>> by

>> KB951748 *is* a big deal! See

>> http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html

>>

>> Want to consider other, more highly-rated firewalls?

>> http://www.matousec.com/projects/firewall-challenge/results.php

>> --

>> ~Robear Dyer (PA Bear)

>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

>> AumHa VSOP & Admin http://aumha.net

>> DTS-L http://dts-l.net/

>>

>>

No offense PA Bear, but that's a pretty arrogate attitude if that 3rd party

application is reviewed by the IT industry time and time again as a much

better product than Windows version of a firewall.

 

Meanwhile users of the Windows operating system suffer because of a decision

made by Microsoft to make this a update. Anyone else think they (MS) knew

this was going to happen besides myself?

 

Meanwhile, I sure do have a lot of new work on computers these days thanks

to this little gem.

 

"PA Bear [MS MVP]" wrote:

> So Windows must be compatible with ZA and any other third-party application,

> not the other way around?

>

> Get real.

>

>

> xxexbushpig wrote:

> > Well it might have been a "dimbulb" (which is a great new word BTW), but

> > it

> > wasn't as big a dimbulb as the Microsoft person who issued the KB951748

> > update that screwed up millions of people!

>

>

Re: ZoneAlarm

 

I think you are right. I have been able to disable ZoneAlarm on two

machines and when I uninstalled 748 internet connection was restored. But on

a third machine I don't have 748 installed, but I do have 749 and even

UNINSTALLING ZoneAlarm I am still not able to get internet reestablished.

There were 5 MS updates installed at the same time on this machine:

 

0749, 1698, 823-v3, 760 1376-v2, and 0762 Should I uninstall ALL of those?

If I should try one at a time what is the order of the ones to be removed?

 

In response to another post here if two computers go out at the same time it

might be coincidence, but if both of those have a software problem and both

have the same software installed that is creating the problem ..........

 

 

Thanks

 

"Ron Badour" wrote:

> Hi Charlie,

>

> It appears there may be varying degrees of the connection problem since some

> people (me included) could get internet access merely by changing the

> settings on ZA and thus could download the fix which totally cured the

> problem.

>

> --

> Regards

>

> Ron Badour

> MS MVP

> Windows Desktop Experience

>

>

> "CharlieG" <CharlieG@discussions.microsoft.com> wrote in message

> news:5BBF7DB9-ADE2-4836-9B3D-B33DFE04F39C@microsoft.com...

> > Do these people not understand that we have NO internet access on the

> > computers affected. The FIRST PROBLEM is to FIX THAT. Without internet

> > connection I can't download any patches in any order. The ZoneAlarm fixes

> > don't work to reconnect to the internet.

> >

> > This problem seems to affect MORE than they are admitting. I don't have

> > the

> > KB951748 update installed and I'm still having trouble. Uninstalling

> > ZoneAlarm doesn't solve the problem either.

> >

> >

> >

> >

> > "PA Bear [MS MVP]" wrote:

> >

> >> [Crossposted to Windows Update, WinXP General, IE General, Security,

> >> Security Home Users newsgroups]

> >>

> >> Resolution [was Workaround] for Sudden Loss of Internet Access Problem

> >> http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

> >> (revised multiple times since release on 08 July 2008)

> >>

> >> NB: Do NOT use Option #2 if at all possible! The vulnerability addressed

> >> by

> >> KB951748 *is* a big deal! See

> >> http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html

> >>

> >> Want to consider other, more highly-rated firewalls?

> >> http://www.matousec.com/projects/firewall-challenge/results.php

> >> --

> >> ~Robear Dyer (PA Bear)

> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> >> AumHa VSOP & Admin http://aumha.net

> >> DTS-L http://dts-l.net/

> >>

> >>

>

>

>

Re: ZoneAlarm

 

CharlieG wrote:

> Do these people not understand that we have NO internet access on

> the computers affected. The FIRST PROBLEM is to FIX THAT.

> Without internet connection I can't download any patches in any

> order. The ZoneAlarm fixes don't work to reconnect to the internet.

>

> This problem seems to affect MORE than they are admitting. I don't

> have the KB951748 update installed and I'm still having trouble.

> Uninstalling ZoneAlarm doesn't solve the problem either.

 

Ron Badour wrote:

> It appears there may be varying degrees of the connection problem

> since some people (me included) could get internet access merely by

> changing the settings on ZA and thus could download the fix which

> totally cured the problem.

 

CharlieG wrote:

> I think you are right. I have been able to disable ZoneAlarm on two

> machines and when I uninstalled 748 internet connection was

> restored. But on a third machine I don't have 748 installed, but I

> do have 749 and even UNINSTALLING ZoneAlarm I am still not able to

> get internet reestablished. There were 5 MS updates installed at

> the same time on this machine:

>

> 0749, 1698, 823-v3, 760 1376-v2, and 0762 Should I uninstall ALL of

> those? If I should try one at a time what is the order of the ones

> to be removed?

>

> In response to another post here if two computers go out at the

> same time it might be coincidence, but if both of those have a

> software problem and both have the same software installed that is

> creating the problem ..........

 

However - you inferred only a single machine in your original posting. You

made no explicit mention of multiple machines in your case. I pretty much

would ignore coincidence if two computers get the same changes and both have

the same problem. Especially if I can test a third system without the

changes and everything is fine.

 

Yes - general troubleshooting always seem to start the same way...

 

1) List things that changed between 'things working as expected' and 'things

not working as expected'.

2) Remove the changes and revert to pre-change state.

 

** If the problem disappears - continue this line of troubleshooting...

** If the problem does not disappear - either you missed a change or the

removal did not complete OR the problem is unrelated to the changes.

 

3) Perform the changes you just undid one at a time - checking for the

problem you are trying to resolve after each trial. (In the case of a

computer - reboot a couple of times to ensure the change is complete.)

* Do not rush into it - perform ONE change at a time and reboot - be

consistent and diligent.

 

--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html

Re: ZoneAlarm

 

On Wed, 16 Jul 2008 10:26:11 -0700, CharlieG

<CharlieG@discussions.microsoft.com> wrote:

> Do these people not understand that we have NO internet access on the

> computers affected. The FIRST PROBLEM is to FIX THAT. Without internet

> connection I can't download any patches in any order.

 

 

You can fix that easily in any of three ways:

 

1. Lower the settings in ZA temporarily (not a great idea, in my view,

but it works. I prefer the other choices)

 

2. Turn off ZA temporarily (long enough to download the new version)

and use the Windows firewall instead.

 

3. Download the new version of ZA on a friend's computer and bring it

to yours on a CD.

 

 

> The ZoneAlarm fixes

> don't work to reconnect to the internet.

>

> This problem seems to affect MORE than they are admitting. I don't have the

> KB951748 update installed and I'm still having trouble. Uninstalling

> ZoneAlarm doesn't solve the problem either.

>

>

>

>

> "PA Bear [MS MVP]" wrote:

>

> > [Crossposted to Windows Update, WinXP General, IE General, Security,

> > Security Home Users newsgroups]

> >

> > Resolution [was Workaround] for Sudden Loss of Internet Access Problem

> > http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

> > (revised multiple times since release on 08 July 2008)

> >

> > NB: Do NOT use Option #2 if at all possible! The vulnerability addressed by

> > KB951748 *is* a big deal! See

> > http://blog.washingtonpost.com/securityfix/2008/07/patch_the_entire_internet_tues_1.html

> >

> > Want to consider other, more highly-rated firewalls?

> > http://www.matousec.com/projects/firewall-challenge/results.php

> > --

> > ~Robear Dyer (PA Bear)

> > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

> > AumHa VSOP & Admin http://aumha.net

> > DTS-L http://dts-l.net/

> >

> >

 

--

Ken Blake, Microsoft MVP - Windows Desktop Experience

Please Reply to the Newsgroup

Re: ZoneAlarm

 

I see how you could reach that assumption. I was afraid that this would be

the answer.

 

Another poster seems concerned about me turning off ZoneAlarm. But on this

FINAL machine with problems I uninstalled ZoneAlarm completely so that is NOT

a consideration.

 

 

 

 

"Shenan Stanley" wrote:

> CharlieG wrote:

> > Do these people not understand that we have NO internet access on

> > the computers affected. The FIRST PROBLEM is to FIX THAT.

> > Without internet connection I can't download any patches in any

> > order. The ZoneAlarm fixes don't work to reconnect to the internet.

> >

> > This problem seems to affect MORE than they are admitting. I don't

> > have the KB951748 update installed and I'm still having trouble.

> > Uninstalling ZoneAlarm doesn't solve the problem either.

>

> Ron Badour wrote:

> > It appears there may be varying degrees of the connection problem

> > since some people (me included) could get internet access merely by

> > changing the settings on ZA and thus could download the fix which

> > totally cured the problem.

>

> CharlieG wrote:

> > I think you are right. I have been able to disable ZoneAlarm on two

> > machines and when I uninstalled 748 internet connection was

> > restored. But on a third machine I don't have 748 installed, but I

> > do have 749 and even UNINSTALLING ZoneAlarm I am still not able to

> > get internet reestablished. There were 5 MS updates installed at

> > the same time on this machine:

> >

> > 0749, 1698, 823-v3, 760 1376-v2, and 0762 Should I uninstall ALL of

> > those? If I should try one at a time what is the order of the ones

> > to be removed?

> >

> > In response to another post here if two computers go out at the

> > same time it might be coincidence, but if both of those have a

> > software problem and both have the same software installed that is

> > creating the problem ..........

>

> However - you inferred only a single machine in your original posting. You

> made no explicit mention of multiple machines in your case. I pretty much

> would ignore coincidence if two computers get the same changes and both have

> the same problem. Especially if I can test a third system without the

> changes and everything is fine.

>

> Yes - general troubleshooting always seem to start the same way...

>

> 1) List things that changed between 'things working as expected' and 'things

> not working as expected'.

> 2) Remove the changes and revert to pre-change state.

>

> ** If the problem disappears - continue this line of troubleshooting...

> ** If the problem does not disappear - either you missed a change or the

> removal did not complete OR the problem is unrelated to the changes.

>

> 3) Perform the changes you just undid one at a time - checking for the

> problem you are trying to resolve after each trial. (In the case of a

> computer - reboot a couple of times to ensure the change is complete.)

> * Do not rush into it - perform ONE change at a time and reboot - be

> consistent and diligent.

>

> --

> Shenan Stanley

> MS-MVP

> --

> How To Ask Questions The Smart Way

> http://www.catb.org/~esr/faqs/smart-questions.html

>

>

>

Re: ZoneAlarm

 

CharlieG wrote:

> Do these people not understand that we have NO internet access on

> the computers affected. The FIRST PROBLEM is to FIX THAT.

> Without internet connection I can't download any patches in any

> order. The ZoneAlarm fixes don't work to reconnect to the internet.

>

> This problem seems to affect MORE than they are admitting. I don't

> have the KB951748 update installed and I'm still having trouble.

> Uninstalling ZoneAlarm doesn't solve the problem either.

 

Ron Badour wrote:

> It appears there may be varying degrees of the connection problem

> since some people (me included) could get internet access merely by

> changing the settings on ZA and thus could download the fix which

> totally cured the problem.

 

CharlieG wrote:

> I think you are right. I have been able to disable ZoneAlarm on two

> machines and when I uninstalled 748 internet connection was

> restored. But on a third machine I don't have 748 installed, but I

> do have 749 and even UNINSTALLING ZoneAlarm I am still not able to

> get internet reestablished. There were 5 MS updates installed at

> the same time on this machine:

>

> 0749, 1698, 823-v3, 760 1376-v2, and 0762 Should I uninstall ALL of

> those? If I should try one at a time what is the order of the ones

> to be removed?

>

> In response to another post here if two computers go out at the

> same time it might be coincidence, but if both of those have a

> software problem and both have the same software installed that is

> creating the problem ..........

 

Shenan Stanley wrote:

> However - you inferred only a single machine in your original

> posting. You made no explicit mention of multiple machines in your

> case. I pretty much would ignore coincidence if two computers get

> the same changes and both have the same problem. Especially if I

> can test a third system without the changes and everything is fine.

>

> Yes - general troubleshooting always seem to start the same way...

>

> 1) List things that changed between 'things working as expected'

> and 'things not working as expected'.

> 2) Remove the changes and revert to pre-change state.

>

> ** If the problem disappears - continue this line of

> troubleshooting...

> ** If the problem does not disappear - either you missed a change

> or the removal did not complete OR the problem is unrelated to the

> changes.

>

> 3) Perform the changes you just undid one at a time - checking for

> the problem you are trying to resolve after each trial. (In the

> case of a computer - reboot a couple of times to ensure the change

> is complete.) * Do not rush into it - perform ONE change at a time

> and reboot - be consistent and diligent.

 

CharlieG wrote:

> I see how you could reach that assumption. I was afraid that this

> would be the answer.

>

> Another poster seems concerned about me turning off ZoneAlarm. But

> on this FINAL machine with problems I uninstalled ZoneAlarm

> completely so that is NOT a consideration.

 

So Zone Alarm is *uninstalled* and all the patches released/installed this

month are uninstalled on this Windows XP (Professional, Home, Media Center,

Tablet PC or x64?) with Service Pack (2 or 3?) machine and you are not

getting any network traffic?

 

Tried...?

 

Start button --> RUN --> type in...

 

CMD /K NETSH FIREWALL RESET

 

--> Click on OK.

 

Also...

 

Start button --> RUN --> type in...

 

NETSH DIAG GUI

 

--> Click on OK. --> Scan your system.

 

You may also want to uninstall your network card hardware device driver and

reboot (allowing it to reinstall.)

 

--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html

On Wed, 16 Jul 2008 14:01:35 -0400, "H.S."

<hs.samREMOVEMEix@google.com> wrote:

>Root Kit wrote:

>> On Tue, 15 Jul 2008 12:01:59 -0400, "H.S."

>> <hs.samREMOVEMEix@google.com> wrote:

>>

>>> Hence the rule that one should not be logged in with administrative

>>> rights for day to day usage of Windows unless doing computer maintenance

>>> tasks. Your reasoning above just proves that this makes perfect sense.

>>> The users who are logged in with admin privileges and not *extremely*

>>> careful about their browsing habits get what they ask for when their

>>> computer is hosed due to malware.

>>

>> I'd like to clarify that there are tricks that still work perfectly

>> well for a malware running with restricted rights. It just rules out

>> some of the options.

>

>Using a computer with admin rights by an average Joe user is, well, not

>a smart thing to do (being very polite here).

 

Agreed.

>If an OS demands that its users run as admins all the time, the OS is

>poorly designed.

 

Indeed. Windows doesn't demand that. Anyway, due to the installation

defaults prior to Vista, many *programs* are badly designed - assuming

the user has admin rights.

On Wed, 16 Jul 2008 12:15:02 -0700, Stinger wrote:

> No offense PA Bear, but that's a pretty arrogate attitude if that 3rd party

> application is reviewed by the IT industry time and time again as a much

> better product than Windows version of a firewall.

>

> Meanwhile users of the Windows operating system suffer because of a decision

> made by Microsoft to make this a update. Anyone else think they (MS) knew

> this was going to happen besides myself?

>

 

You're very poorly informed. Can't you read threads in its entirety or do

you have a problem relating to comprehension abilities? It seems you're

just another pisser.

Re: ZoneAlarm

 

On Wed, 16 Jul 2008 13:13:01 -0700, CharlieG wrote:

> I see how you could reach that assumption. I was afraid that this would be

> the answer.

>

> Another poster seems concerned about me turning off ZoneAlarm. But on this

> FINAL machine with problems I uninstalled ZoneAlarm completely so that is NOT

> a consideration.

 

For a complete removal try this:

http://zonealarm.donhoover.net/uninstall.html

Apples & oranges. It's common knowledge that the Windows Firewall (in

WinXP) is a one-way (incoming) firewall.

 

Does the average SOHO user need an outgoing firewall? Maybe, maybe not.

 

But since you brought up reviews of "better products," take a look at

http://www.matousec.com/projects/firewall-challenge/results.php. Your

opinion of ZA may not be the same after you do so.

 

 

Stinger wrote:

> No offense PA Bear, but that's a pretty arrogate attitude if that 3rd

> party

> application is reviewed by the IT industry time and time again as a much

> better product than Windows version of a firewall...

Interesting reply!

 

Admitting a 3rd party firewall actually does more than Windows version, but

in the same breath implying it's overkill. That's akin to saying Windows

built a sufficient firewall and anything that doesn't do exactly the same

thing as it (being the industry leader it likes to hangs it hat on) you

simply dismiss as irrelevant.

 

Again, quite an arrogant stance. Perhaps there's a good reason why quite a

few of these thrid party firewalls have that added outgoing feature.

Perhaps they are taking the inductry lead by going above and beyond what

Microsoft deems as sufficient. Perhaps Microsoft in it's drive to actually

be THE inductry leader should design both an incoming and outgoing firewall

so the general public that uses it's product is better served?

 

BTW Kayman, I read all threads before wasting my bandwidth on a reply. In

fact I do quite a bit more than just read THIS forum for research before as

well. Suggest you do the same. PA Bear, if providing a link is supposed to

hammer home a point, do I really need to post other links that contradict

yours to make my point? There are plenty others available than the same one

you've been providing in this and other threads.

 

Bottom line, this update is important since it was a gapping hole in Windows

for quite some time. Great that Windows decided to do something about it.

Bad it renders tried and true helper 3rd party software that has been used

for years by the general public trying its best to close that huge hole in

Windows (with what is considered "overkill) and at the same time consumers

are unable to even get on the internet without a single word of caution from

the makers of the operating system. Ironically, they left it up to the geeks

of the world to figure it out. Nice from a company that assumes it's the

industry leader.

 

"PA Bear [MS MVP]" wrote:

> Apples & oranges. It's common knowledge that the Windows Firewall (in

> WinXP) is a one-way (incoming) firewall.

>

> Does the average SOHO user need an outgoing firewall? Maybe, maybe not.

>

> But since you brought up reviews of "better products," take a look at

> http://www.matousec.com/projects/firewall-challenge/results.php. Your

> opinion of ZA may not be the same after you do so.

>

>

> Stinger wrote:

> > No offense PA Bear, but that's a pretty arrogate attitude if that 3rd

> > party

> > application is reviewed by the IT industry time and time again as a much

> > better product than Windows version of a firewall...

>

>