Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does Kb951748 Effect Zonealarm Free 6.5.737?


  • Please log in to reply
11 replies to this topic

#1 bloomcounty

bloomcounty

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 15 July 2008 - 09:59 AM

Hi,

I've read about the problems with KB951748 and ZoneAlarm. I use ZA Free 6.5.737 (with Windows XP SP2, AVG Free 7.5, Firefox 2.0.0.15, and IE 6.5). Does KB951748 cause problems with my version of ZA? I wanted to make sure what the situation was with this exact version before doing any Windows Updates. I do not with to update my ZA to a newer version, so I need to figure out if I'll be installing this Windows Update or not. (I did a search and did not find this information listed anywhere...)

Also, any issues caused by KB951376 (the other MS Critical Update offered)?

Any help is appreciated -- thanks!

:thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

BC AdBot (Login to Remove)

 


#2 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 15 July 2008 - 10:09 AM

According to the ZA board, 6.5.737 *is* also screwed up by the update. Gah...

So how bad is it to not install the MS update? I normally only use dial-up, so I'm not sure how much it would effect me. What exactly can happen if you don't do the update?

Any thoughts or help? Thanks again!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#3 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:09 AM

Posted 15 July 2008 - 10:14 AM

See this helpful information:
http://www.bleepingcomputer.com/forums/t/157247/guide-on-fixing-connectivity-problems-for-users-running-zonealarm/
You should be able to update Z/A first, and then install the MS patch and not have any problems.
Cheers,
John

Edited by jgweed, 15 July 2008 - 10:46 AM.

Whereof one cannot speak, thereof one should be silent.

#4 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 15 July 2008 - 11:08 AM

Thanks for the reply. I saw that thread, and right now, I'm actually in the boat of considering Option #3. I really don't want to update to the newest version of ZA because I've read a number of problems with it (plus it's huge and comes with a bunch of stuff that is just "turned off" in the free version, which can lead to issues as well). That's why I chose to install the older 6.5.737 version. I have read that this version is also effected. So now I'm trying to figure out what *exactly* this MS update is fixing and how it effects me specifically. While I understand it's always better to have the MS Critical Updates, I need to weigh the amount of actual realistic harm it could to do my computer with my specific set-up by not installing it. Know what I mean?

I use dial-up for the most part, with occasionally using the free wi-fi at the local library. What would I be at risk with by not installing this update and how exactly would the harm be done?

Any further help is appreciated -- thanks!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 15 July 2008 - 01:11 PM

You can find technical details for the update here--MS doesn't make these easy to find anymore:
http://www.microsoft.com/technet/security/...n/ms08-037.mspx

Scroll down to the FAQ's and expand it and categories beneath it for the most relevant details. It's a DNS vulnerability. What i key on is this quote in the workaround section:

Microsoft has not identified any workarounds for this vulnerability.


That means it is better to get the update than to do without it and is why the latter is not recommended. Even tho I would think clearing DNS cache would help. If you don't want the use latest version of ZoneAlarm then your next option would be to ditch ZoneAlarm. Quoting MSMVP Mpw Green:

It is fast becoming the Norton of firewalls ... incompatible with Windows

http://www.bleepingcomputer.com/blogs/mowg...?showentry=1332

There are plenty of other firewalls out there--research each one before installing:
http://www.matousec.com/projects/firewall-...roduct-list.php

Edited by Papakid, 15 July 2008 - 11:41 PM.
Corrected last link.

The thing about people

is they change

when they walk away.--Mipso


#6 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 15 July 2008 - 01:44 PM

Thanks for the reply. I have read reports that while 7.x and 6.5.x are effected, older versions are not. So another option is to uninstall ZA 6.5.x and revert back to 6.1.x or older. I may do that.

I also read the blog link you provided and I am wondering if the fix that was included there (originally posted by Oldsod on the ZA forums) was still valid? Or does that not take care of the issue?

Thanks again!

:thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#7 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:09 PM

Posted 15 July 2008 - 09:36 PM

It is fast becoming the Norton of firewalls ... incompatible with Windows

I disagree with the implication here. OK, so I like ZA, always did, but I have seen other firewalls and still think this is the best, well perhaps the old Kerio 2.1.5 is still fabulous :thumbsup:
ZA and other excellent firewalls respond to the built-in, designed, and implemented insecurity of Windows (full of holes)
They do it the best way appropriate to the conditions.
When MS finally decides that oooops we've got a hole big as a Mac truck and issues a patch, a conflict is inevitable. JMO.

bloomcounty, very old ZA free versions such as 5.5 or 6.1 have no conflict with this last MS patch. But they are somewhat less secure than 6.5 or 7. I still think 5.5 was the best.
Or take a look at Comodo. It's free, and a lot of people love it and it protects well. A bit rough to setup really tightly but is very effective. And as papakid suggested, read the suggestions on this forum for the selection.

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 15 July 2008 - 11:35 PM

I disagree with the implication here.

Hehe, I disagree that there is any implication at all--sounds like a straightforward denunciation to me. :flowers: And remember those aren't my words-like Will Rogers, all I know is what I read in the papers. :thumbsup: The bottom line is that as far as we know at this point, ZA is the only software of any kind that has a conflict with this patch. So how does it follow that Windows is to blame? Let's not bash either--Windows has patched a hole and ZA came out with a patch to fix the conflict in a timely manner.

When it comes to security the best practice is to keep Windows and your security tools as up to date as possible. I run older versions of other software, but not security software. You are taking a chance and thus increasing your risk by not keeping up to date and patched. Some people think that just because it is a frewall that doesn't depend on defintions then updating it isn't critical. But there are attackers out there that always look for ways to defeat firewalls, so how to defeat the older versions is probably already known. My favorite firewall was Sygate before it was acquired and killed by Symantec--I ran it for a long time but finally gave it up--which was like burying an old friend.

So I can understand loyalty. I just think bloomcounty shold do what's best for his own security and not let loyalty get in the way of that. In my opinion, the best thing to do is to install the update to Windows and either use the latest version of ZA that is compatible with it or switch to something else. Simple as that.

As far as ZA being the best, that's a matter of perspective and opinion and you've stated yours. I try to be scientific and as objective as possible--I think we should be critical of security software considering what's at stake. There is only one site that I know of that does independent analyses of firewalls and other security software that isn't influenced by the marketing arm of any of the vendors being tested: matousec.com.

According to their extensive leak tests, ZoneAlarm Pro 7.0.473.000 is rated poor. The only free firewalls that are recommended are Comodo and Online Armor.
http://www.matousec.com/projects/firewall-...nge/results.php

Bear in mined that this is just leak tests. I tested Online Armor myself and it has the same type of drawbacks as ZoneAlarm, a deleterious effect on the system as a whole. In other words, the version I tested had a bug that caused Windows Explorer to encounter a problem so that it needed to close on a fairly consistent basis and and sometimes parts of the start menu were duplicated. So it is no longer installed on my system and I haven't been able to find out if these bugs are fixed yet--I checked at one point and the Start menu issue was fixed in the beta of the next version, and the Windows Explorer issue may or may not be fixed in the free (or paid) version.

The site also has an interesting article on firewall and other security softeware driver vulnerabilites: http://www.matousec.com/info/articles/plag...are-drivers.php

Of the firewalls tested, only the latest versions (at the time of the tests) of Comodo and Sunbelt/Kerio firewalls are not vulnerable. Zone Alarm, with only two vulnerable functions, did pretty well compared to some of the others--but it is still vulnerable.

More proof that you don't want to look at older versions of firewalls, and Kerio inparticular: http://www.matousec.com/info/advisories/Ke...T-functions.php

Vulnerable software:

* Sunbelt Kerio Personal Firewall 4.3.268
* Sunbelt Kerio Personal Firewall 4.3.246
* Sunbelt Kerio Personal Firewall 4.2.3.912
* probably all versions of Sunbelt Kerio Personal Firewall 4
* possibly older versions of Sunbelt Kerio Personal Firewall

Not vulnerable software:

* Sunbelt Kerio Personal Firewall 4.3.635 and higher

Bottom line is it looks like Comodo is the best choice based on tests at that site. So we do agree on that tos226.

My apologies, I intended to post matousec.com's extensive list of firewall products in my earlier post. Here it is again and I'll edit the other post as soon as I send this.
http://www.matousec.com/projects/firewall-...roduct-list.php

The thing about people

is they change

when they walk away.--Mipso


#9 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 16 July 2008 - 11:25 AM

When I go to ShieldsUp! (https://www.grc.com/x/ne.dll?bh0bkyd2) and run their test on ZA Free 6.5.737 Firewall -- it passes 100% as far as I can tell. It says my computer is invisible. That's when I run it on dial-up.

When I'm on the free wi-fi at the local library, the results were all pass as well, except for this:

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Ping Reply: RECEIVED (FAILED) Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

All Service Ports
Solicited TCP Packets: RECEIVED (FAILED) As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection.


And I think it was just one port... I don't remember...

So doesn't that seem pretty good...?
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 16 July 2008 - 12:47 PM

ZA has always been excellent at stealthing your computer. I have no issue with that. My main issue with it has always been its affect on the system as a whole--that it often causes problems when installed on certain systems. Isn't that why you don't want to use the newest version?

Shields Up tests a different ability of your firewall than the tests conducted by matousec.com that I discussed above. Shields Up tests against incoming vulnerabilities. But that is not the only main purpose of a firewall. The other primary function of a firewall is to filter outgoing packets. In fact nowdays that is more important than incoming protection. Leak Tests are designed to determine if you are losing private information to someone else by answering the question, does your firewall leak? That is really the main purpose of having a third party firewall installed, otherwise you could get by on the Windows firewall that protects you pretty well against incoming attacks.

The grc.com site also has a leak tester:
http://www.grc.com/lt/leaktest.htm

I imagine ZA will pass that one OK. The matousec.com researchers run firewalls thru a battery of leak tests and the chart published is the results of those tests. And the recommendations are based on the results.

List of Leak Tests at matousec.com: http://www.matousec.com/projects/firewall-...level.php?num=1

Why is this important? It is very common now for infected systems to send out/leak your private data. It is also much more common that these infections did not get in because the firewall failed to block a port--they use "social engineering tricks" and exploits<--there's that unpatched hole again. In other words, it is less likely a hacker will force its way in, more likely that a person is tricked into opening a door voluntarily to a trojan or is too busy to close and lock doors they discovered to be open.

The other tests I mentioned were for a specific driver vulnerability.

The thing about people

is they change

when they walk away.--Mipso


#11 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:09 PM

Posted 16 July 2008 - 02:56 PM

papakid, I like your civilised response. Lots of nice info.

bloomcounty, ANY decent firewall will stealth your ports. Papakid discusses leak tests, where you permit something to run when the firewall alerts, and then you endup having to do damage control.

Matousec site is questionable in its motives (sells the info to the vendors) but it's the only game in town and IMO quite valuable. I had a laptop once with the pre-Sygate Kerio 2.1.5 - tightly setup, leaktests couldn't touch it. But it is not, IMO, a function of firewall to stop leaktests.

There was a long discussion about leak tests over at Wilders. Opinions are divided.

That said, there are multiple ways to a layered approach. Any old firewall tightly setup to control applications and their use of ports (which in ZA free you can't do), plus antispyware plus a dedicated host intrusion prevention system such as Antihook or SSM, plus an up to date hosts file plus a strong antivirus plus your watchful eye plus a router -- can't go wrong :thumbsup:
If you do permit something or other unexpected to start, for instance, Internet Explorer, well, it maybe taken over, but then HIPS should stop the next step, that of sending information out.
Incicentally, Comodo has HIPS built in their recent versions.

#12 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 16 July 2008 - 04:45 PM

I think I'm sticking with my older ZA Free and AVG Free and SAS Free -- I'm not constantly on-line and I feel pretty secure with all that.

tos -- I sent you a PM reply... just a heads up! :flowers:

:thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users