Update: There is now a fix for this issue, see my blog post: Fix for MS Update KB951748 and ZoneAlarm.
Well, that was a quick break from blogging! Actually, it was my experience with Windows Update and the ZoneAlarm firewall today that’s brought me out from my self-imposed blogging exile this week.
I’ll cut to the chase: ZoneAlarm + Security update for Windows (KB951748) = no internet connection.
This is how ZoneAlarm themselves put it:
Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users.
Basically, this software update is designed to fix vulnerabilities when you’re surfing the Web. It updates a handful of files that are associated with connecting to the internet, including a few to do with TCP/IP which is one of the standard ways that computers can connect to the internet and one another.
Or, here’s how Microsoft put it in Microsoft Security Bulletin MS08-037:
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
And somehow this update has confused the ZoneAlarm firewall into preventing any connection to the Web. Well, not strictly any connection as I could still ping sites, but that quickly gets tiresome.
That’s a bit like wanting to go shopping, but not being allowed out of the house, so instead you just phone round the shops you wanted to visit to find out if they are open.
ZoneAlarm offer three workarounds:
- Uninstall the hotfix (recommended)
- Add your DNS servers to the trusted zone in ZoneAlarm (advanced)
- Reduce Internet Zone Security level to Medium (not recommended)
I wasn’t going to try #3 (although I tested it and it does work); I tried #2 … it didn’t work; so I was left with no option but to uninstall the so-called security fix.
- Click the “Start Menu”
- Click “Control Panel”, or click “Settings” then “Control Panel”
- Click on “Add or Remove Programs”
- On the top of the add/remove programs dialog box, you should see a checkbox that says “show updates”. Select this checkbox
- Scroll down until you see “Security update for Windows (KB951748)”
- Click “Remove” to uninstall the hotfix
Hopefully ZoneAlarm will have a fix soon. I just checked the ZoneAlarm forums and funnily enough it looks quite popular today: “There are currently 132 members online and 22375 guests”.
Still, if you have installed KB951748 — a number that I think I’m now going to see in my sleep tonight; and I’ve been having enough weird dreams this week — and have ZoneAlarm installed, and have rebooted your PC, and you can’t connect to the internet … I do hope you can somehow download this information telepathically.
Such is the irony that the internet contains a whole load of information about how to fix internet connection problems … if only you could connect to it to read that information. There’s a hole in my bucket … !