ZoneAlarm fix for DNS death released

Author: Gareth Halfacree
Published: 11th July 2008

Users of the ZoneAlarm suite will need to patch it before applying Tuesday's Windows DNS patch.

A Windows patch designed to fix a security hole in the Internet's DNS resolution system left a swathe of customers without 'net access this Tuesday.

The issue was caused by a bizzare incompatibility between the patched Windows system files and the popular – if a little Fisher-Price – ZoneAlarm personal firewall package. Any users running ZoneAlarm and installing Microsoft's MS08-037 patch, released as part of the regular Patch Tuesday update cycle, will have found themselves cut off from the 'net after rebooting their systems.

According to CNet a patch has been created by CheckPoint Software, the company behind ZoneAlarm, which restores connectivity in affected systems. There's only one teeny little snag – you have to download it.

Workarounds to ensure that you can grab the patch – aside from downloading it somewhere else – include switching ZoneAlarm from 'high' to 'medium' security, uninstalling the MS08-37 patch and then reinstalling again after updating ZoneAlarm, or temporarily switching to the built-in Windows firewall until the update is applied.

The Microsoft patch that prompted this issue, which only affects ZoneAlarm installations, was part of a massive effort on behalf of a large number of networking companies addressing a security flaw in the domain name resolution system used to turn friendly domain names into IP addresses. Before the hole was plugged, it was theoretically possible for a malicious individual to point browsers to fake websites without ever needing to compromise their PC and router. Thanks to the companies involved, including Microsoft, this issue has been resolved – albeit not without a few hiccoughs along the way.

Any ZoneAlarm users had a few issues since Tuesday and only now finding out why? Perhaps you're still having issues – in which case you won't be able to read this? Does the fault for this problem lie with Microsoft for not testing the patch with a popular firewall package, or with CheckPoint for doing something weird with the Windows system files that no other firewall vendor does? Share your thoughts over in the forums.