Auto update screwed me up!

Please help: the only computer at work not affected was off and didn't download an automatic update. I don't even know which update it downloaded (MICROSOFT) but I cannot get to the Internet. I have released and renewed my ipconfig; my little icon shows I'm connected; at home my phone is working (it's VOIP), but I can't get to the 'net or my mail.

Can someone help? Is there buzz on the 'net about how screwed up things are? Is the 'net quieter today because Microsoft users can't connect?

I got the Microsoft update thing, clicked it to install. I believe there were two updates. If I remember, one was initializing the install, and the other was a malicious program removal tool. Well, after the updates had installed, my firewall (Zonealarm) blocked my access to the internet (using Firefox) on my typical settings. At first I couldn't figure out what was going on, so I used system restore to go back to yesterday, thinking it was a problem with Windows Defender blocking access. I uninstalled Windows Defender (with Revo Uninstaller, goes deeper than typical Windows uninstall, free too). I couldn't just turn it off, even though I'm the system administrator on my computer and I should be able to. The program is pretty intrusive and bloated, so I didn't mind getting rid of it.

But I figured out it was the security updates that had messed with my firewall settings, after I changed it to a less secure setting, I connected. Well, this is unacceptable for regular use. So I got rid of Zonealarm, and installed Commodo firewall, which I've been meaning to do for a while anyway cause it's supposedly far better. So far, it's working fine.

Tried to contact Microsoft to drop them an email. Guess what? You can't. They have some support number than costs $60 for a response, but no place where you can just tell them an opinion or experience, other than some user forums. They also have something called a 'connect website', but you have to register and jump through hoops. Screw that. No wonder they don't want to make it easy, they suck. Here's the link though if you want to.

http://connect.microsoft.com/

Hope some of this rambling helps!

So you recommend I make my security less (already paid for it both here and at home, so can't afford to uninstall and put something else on at the moment)?

Should I leave Windows Defender on?

Edit to add: I changed my Zonealarm to medium and it kicked right up. Now, to find out how to circumvent this, as I like to be in stealth mode.

Thank you!!

It used to be a good program, but has gone way down the drain, and seems to cause more problems than it solves. Both Online Armor and Commodo do a very good job, and both are free to non-commercial users.

I uninstalled it and am now back in stealth mode. :)

I knew it was going to be some nonsense like that. That's one of the reasons I don't do automatic updates. I do manual so that if something screws up, I have a better chance of figuring out what happened.

I had the free version of ZoneAlarm, so I didn't mind getting rid of it. I'd been using ZA for years now and I just got used to it, but having used Commodo for a few hours now, it rocks, and it's free as well. This has to have effected millions of people cause ZA is really popular. Good going Microsoft.

Rather than MS! Here's what some poster named docstrange had to say:


"This patch was not designed to patch a Microsoft flaw, but instead a vulnerability in nearly all implementations of DNS (Domain Name System). So far over 100 vendors have patched their products and coordinated the release of this workaround. If zone alarm is broken because of this change they need to adjust their product to work with this change, not the other way around.

I've taken this snippet from: http://isc.sans.org/diary.html?storyid=4687 which explains things in a little more detail. Full details won't be disclosed until Blackhat in vegas this August.

The root cause is a fundamental, well known, weakness in the DNS protocol. DNS uses UDP (User Datagram Protocol), a stateless (not related to previous inquiries) protocol. A DNS server will send a request in a single UDP packet, then wait for a response to come back. In order to match request and response, a number of parameters are checked:

who sent the response? Was it the DNS server we sent the request to?
for this particular response, do we have an outstanding request?
each request uses a unique and random query ID. The response has to use the same query ID.
The response has to be sent to the same port from which the request was sent.
Only if all this matches, the response is accepted. The first valid response wins. If an attacker is able to guess the query id and the source port, the attacker is able to send a fake response, which will be cached by the DNS server."

I'm not pretending to understand all of this, but I think I get the gist of it. And the main point being, it seems as if ZA should have known about this and that this security update is designed to fix a pretty fundamental part of intenet communication, so ZA should get on the ball quickly.

Zone Alarm's vendors couldn't know when Microsoft was going to patch the vulnerability or how since they probably weren't privy to how Microsoft was going to implement their fix.

MS almost always releases patches and security updates to major vendors prior to release. Unless to wait could cause serious vulnerabilities. In fact most vendors are actively engaged or the originator of patches and updates. To blindly lay everything at the feet of MS is really not productive or fair.

Updated Microsoft released four patches - all rated important - as part of its regular Patch Tuesday update cycle, one of which left ZoneAlarm users locked out the internet.

The most significant of the quartet fixes a flaw in Windows' implementations of the Domain Name System protocol (MS08-037.mspx). Multiple vendors are subject to the DNS-spoofing vulnerability, which stems from a fundamental weakness involving a lack of entropy in DNS queries rather than a specific security bug. Successfully exploiting the flaw could allow hackers to spoof DNS replies, creating a means to redirect network traffic or to mount man-in-the-middle attacks.

http://www.theregister.co.uk/2008/07/09/ms_dns_patch_zonealarm_woes/

Don't forget to read the comments. ZoneAlarm did it to themselves.

I'm not one of them, though. It was a hassle, yeah. But it was FREE. That's the point people forget. A company is generous enough to let you have a free product, then you don't get to complain. There's no obligation on their part to offer anything. People have just gotten spoiled. There aren't any guarantees. It actually says so on that lengthy statement that comes on before the product installs itself and you have to click 'I accept'. No one reads it, but it's there.

Now, if I was paying for it, like some on this thread did, that's another story. Then I expect service. But free, you just take your chances and takes your lumps.

The same thing happened to me, but both boxes updated. I reactivated my Net Zero account and discovered on a very obscure board out there that it is a conflict between the update and Zone Alarm that prevents your computer from "seeing" the modem and allowing you to connect.

The buzz is rather subdued but I expect it to develop into a roar as more people figure out just what the problem is.

Now I have to put everything back together after I'd disconnected it all to troubleshoot Microschlock's problem.