Wednesday, July 09, 2008

Microsoft Buggers ZoneAlarm

Microsoft just caused me a BIG headache. I have the XP automatic update set to ask me before it goes tinkering around with my computer (although that hasn't stopped it before). I rarely have a problem with it, and I only OK security updates. Today, I OK'd the one security update, un-OK'd the malicious software update, let it run, then restarted my computer.

All of a sudden, I couldn't connect to the Internet. I could not figure out what Microsoft had done to my computer, and I was mad. Finally, I called my ISP, thinking they may have some idea. Turns out they've been flooded with calls with people's Internet suddenly not working. Microsoft has buggered up ZoneAlarm. So in order to connect to the Internet, I had to turn ZoneAlarm off, and now I'm open to any malicious, little human rodent to screw around with my computer. Can you imagine a big software company like Microsoft being so dumb? Oh sorry, dumb question with an obvious answer: yes!
"ZoneLabs advises users of ZoneAlarm to remove the Microsoft update as a
workaround until it has created a more satisfactory solution to the problem. The company has set up a forum to help keep users informed." (Robert Jaques,, 9 July 2008)
Uh, how? Apparently resetting the firewall security from High to Medium fixes the problem. Not a great solution but until ZoneAlarm rebuilds the dyke that Microsoft smashed, it'll have to do.


Mark Dowling said...

Not sure I'd blame Microsoft here. That DNS update was important and is happening cross-vendors - I think the more interesting question is whether Zone Labs were shut out of the fairly close-held work to fix DNS.

I would go with option 3

as well as moving my DNS to openDNS. (See

talk talk talk said...

Mark, according to the news article, MS didn't tell firewall manufacturers that they were updating it. Yet my ISP mentioned disabling only ZoneAlarm in order to reconnect to the Net. Shutting Zone Labs out would be a way to move people, especially non-geeks, from the popular ZA to MS's firewall.

Hey, I looked on ZA's home page for some sort of alert about this issue and saw nada. Thanks for alerting me to option 3!

So much for not needing to be a geek to be able to surf the Net safely. I've never heard of openDNS. Guess that's about to change!

Mark Dowling said...

I saw a similar article after posting my comment, but as I said this is a cross-vendor patch - it's not how MS designed DNS support and screwed up but more how DNS is fundamentally insecure by design.

openDNS is nice because it gives some phishing support as well as being arguably more efficient in how it provides DNS resolutions.