Thursday, July 10, 2008

The Microsoft-Zonealarm bug

I've just lost an hour of productive work time trying to fix my son's computer, that has zone alarm on.

Apparently the last range of Microsoft patches combined with the version of ZoneAlarm most people had installed at the time leads to the system, being unable to access the internet.

I discovered this thanks to the BBC !

I'd pinned it down to something with DNS addresses, as I could access IP address OK, and there is the added complication of the use of OpenDNS.org as the DNS server on my Son's machine ( for reason's that are obvious if you know what they do ). I was playing the game of varying setting on my rooter / rebooting everything when I saw the BBC article.

All is now well.

Now I place the blame on this one squarely in Microsoft's court as ZoneAlarm is a very popular product and surely Microsoft should have tested against it before releasing patches in the wild !

5 comments:

Wyrdtimes said...

Blimey! Something useful from the BBC eh!

Anonymous said...

it wasn't Microsoft's fault. Zonealarm is just stupid see:
http://www.heise-online.co.uk/news/ZoneAlarm-internet-access-restored--/111089

and no testing would have prevented the problem. Port randomizing had to be done. Zonealarm is just badly implemented. You should complain to its makers, not Microsoft.

Man in a Shed said...

Anon - thanks for the link.

I have to take a different view however since its quite clear that this Microsoft fix would cause mayhem for many PC users, without their being aware it would do so.

In effect I would expect thousands, maybe tens of thousands of man hours of peoples time to have been lost by the carelessness of Microsoft.

How they should have proceeded is:

1) Test patch against well known machine configurations ( which means Zone Alarm ).
2) Modified the patch or informed the vendors with the problem of what was going to happen ( allowing them to role out their own automatic updates before the patch is issued ). At worst they should issue a warning to PC users that certain software is not compatible.

These are just common sense measures and basic professionalism. The fact they didn't do this for a vendor with whom they are a key competitor has to lead to further questions.

Anonymous said...

phdjggI have disabled the ms security update feature and will never use it again. Such a blatant error tells me that ms cannot be doing much for security. I'll rely on an aftermarket system handle security needs!

Man in a Shed said...

I have the update on manual approval. What worries me is that the Microsoft automatic update system has to be a massive target for hostile or criminal organisations.

Just imagine crippling most of the worlds PC's in one move.