ZoneAlarm Pro Privacy Settings break Microsoft Update

Archived from groups: microsoft.public.windowsupdate,comp.security.firewalls (More info?)

There is an issue with the latest update to ZoneAlarm Pro. I have posted
this to a ZoneAlarm user forum:

----------------------------------------------

ZoneAlarm Pro version:6.0.631.003
TrueVector version:6.0.631.003
Driver version:6.0.631.003
Anti-spyware engine version:4.0.9.7
Anti-spyware signature DAT file version:01.200508.111
Windows XP Home

If I set any privacy options, this prevents Microsoft Update from working.
Instead it fails with error number 0x80072F76.

Note that it doesn't matter what combination of privacy options is selected
(cookie control, ad blocking, mobile code control). If ANYTHING is set to
"block", Microsoft Update will fail.

There are also [other issues - snipped]

Brian
13 answers Last reply
More about zonealarm privacy settings break microsoft update
  1. Archived from groups: microsoft.public.windowsupdate,comp.security.firewalls (More info?)

    "BrianW" <brian@nospam.net> wrote in message
    news:O0ZNe.8107$914.1855@newsfe6-gui.ntli.net...
    > There is an issue with the latest update to ZoneAlarm Pro. I have
    posted
    > this to a ZoneAlarm user forum:
    >
    > ----------------------------------------------
    >
    > ZoneAlarm Pro version:6.0.631.003
    > TrueVector version:6.0.631.003
    > Driver version:6.0.631.003
    > Anti-spyware engine version:4.0.9.7
    > Anti-spyware signature DAT file version:01.200508.111
    > Windows XP Home
    >
    > If I set any privacy options, this prevents Microsoft Update from
    working.
    > Instead it fails with error number 0x80072F76.
    >
    > Note that it doesn't matter what combination of privacy options is
    selected
    > (cookie control, ad blocking, mobile code control). If ANYTHING is
    set to
    > "block", Microsoft Update will fail.
    >
    > There are also [other issues - snipped]
    >
    > Brian

    As far as I remember, I've always had to turn off Privacy controls to
    get Microsoft Update to work. That's a given. I'm still using
    4.5.594 because of issues with later versions. Win 98 isn't supported
    for later versions anyway. The more bells and whistles, the more
    complications, I've found. As long as my ports are stealth, and it
    blocks the bad stuff, I'm happy.

    charlie R
    >
    >
  2. Archived from groups: microsoft.public.windowsupdate,comp.security.firewalls (More info?)

    I am running 5.5.094 and I have cookie control set to custom, ad
    blocking set to high and mobile control set to off and have never had
    problems with either Windows Update or Microsoft Update.


    On Sun, 21 Aug 2005 09:15:34 -0500, "charlie R"
    <welpctSKIPME@psci.net> wrote:

    >
    >"BrianW" <brian@nospam.net> wrote in message
    >news:O0ZNe.8107$914.1855@newsfe6-gui.ntli.net...
    >> There is an issue with the latest update to ZoneAlarm Pro. I have
    >posted
    >> this to a ZoneAlarm user forum:
    >>
    >> ----------------------------------------------
    >>
    >> ZoneAlarm Pro version:6.0.631.003
    >> TrueVector version:6.0.631.003
    >> Driver version:6.0.631.003
    >> Anti-spyware engine version:4.0.9.7
    >> Anti-spyware signature DAT file version:01.200508.111
    >> Windows XP Home
    >>
    >> If I set any privacy options, this prevents Microsoft Update from
    >working.
    >> Instead it fails with error number 0x80072F76.
    >>
    >> Note that it doesn't matter what combination of privacy options is
    >selected
    >> (cookie control, ad blocking, mobile code control). If ANYTHING is
    >set to
    >> "block", Microsoft Update will fail.
    >>
    >> There are also [other issues - snipped]
    >>
    >> Brian
    >
    >As far as I remember, I've always had to turn off Privacy controls to
    >get Microsoft Update to work. That's a given. I'm still using
    >4.5.594 because of issues with later versions. Win 98 isn't supported
    >for later versions anyway. The more bells and whistles, the more
    >complications, I've found. As long as my ports are stealth, and it
    >blocks the bad stuff, I'm happy.
    >
    >charlie R
    >>
    >>
  3. Archived from groups: microsoft.public.windowsupdate,comp.security.firewalls (More info?)

    My experience with ZA 4.5.594 is similar - no problems from this source -
    although I only use the Ad blocking Banner and Popups. However FWIW, I
    _have_ found that the Delayed Popup blocker in AdShield3 will interfere with
    http://update.microsoft.com/microsoftupdate/v6/ and must be unchecked for it
    to Scan. Using Win2kSP4R1|IE6.

    --
    Regards, Jim Byrd, MS-MVP
    My Blog, Defending Your Machine, here:
    http://defendingyourmachine.blogspot.com/

    "Jerome M. Katz" <jerrymkatz@NOSPAM@yahoo.com> wrote in message
    news:1e5hg15isro67eark5l27hvuuqlfvi7377@4ax.com
    > I am running 5.5.094 and I have cookie control set to custom, ad
    > blocking set to high and mobile control set to off and have never had
    > problems with either Windows Update or Microsoft Update.
    >
    >
    > On Sun, 21 Aug 2005 09:15:34 -0500, "charlie R"
    > <welpctSKIPME@psci.net> wrote:
    >
    >>
    >> "BrianW" <brian@nospam.net> wrote in message
    >> news:O0ZNe.8107$914.1855@newsfe6-gui.ntli.net...
    >>> There is an issue with the latest update to ZoneAlarm Pro. I have
    >>> posted this to a ZoneAlarm user forum:
    >>>
    >>> ----------------------------------------------
    >>>
    >>> ZoneAlarm Pro version:6.0.631.003
    >>> TrueVector version:6.0.631.003
    >>> Driver version:6.0.631.003
    >>> Anti-spyware engine version:4.0.9.7
    >>> Anti-spyware signature DAT file version:01.200508.111
    >>> Windows XP Home
    >>>
    >>> If I set any privacy options, this prevents Microsoft Update from
    >>> working. Instead it fails with error number 0x80072F76.
    >>>
    >>> Note that it doesn't matter what combination of privacy options is
    >>> selected (cookie control, ad blocking, mobile code control). If
    >>> ANYTHING is set to "block", Microsoft Update will fail.
    >>>
    >>> There are also [other issues - snipped]
    >>>
    >>> Brian
    >>
    >> As far as I remember, I've always had to turn off Privacy controls to
    >> get Microsoft Update to work. That's a given. I'm still using
    >> 4.5.594 because of issues with later versions. Win 98 isn't
    >> supported for later versions anyway. The more bells and whistles,
    >> the more complications, I've found. As long as my ports are
    >> stealth, and it blocks the bad stuff, I'm happy.
    >>
    >> charlie R
  4. Archived from groups: comp.security.firewalls (More info?)

    charlie R <welpctSKIPME@psci.net> wrote:
    > As long as my ports are stealth

    Nothing is stealth. Your ports are filtered, and everybody, who uses
    nmap -P0 i.e., will see that.

    Your "Personal Firewall" just violates the Internet Protocol by nor
    sending RST (see RFC 793 / STD 0007, section 3.4), nor sending ICMP
    Destination Unreachable Message with code 3 (port unreachable, see
    RFC 792 / STD 0005).

    http://www.rfc-editor.org

    Say: your "Personal Firewall" has a broken implementation of the
    Internet Protocol, but this is not resulting in making anything
    "stealth".

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  5. Archived from groups: comp.security.firewalls (More info?)

    "Volker Birk" <bumens@dingens.org> wrote in message
    news:430891da@news.uni-ulm.de...
    > charlie R <welpctSKIPME@psci.net> wrote:
    > > As long as my ports are stealth
    >
    > Nothing is stealth. Your ports are filtered, and everybody, who uses
    > nmap -P0 i.e., will see that.
    >
    > Your "Personal Firewall" just violates the Internet Protocol by nor
    > sending RST (see RFC 793 / STD 0007, section 3.4), nor sending ICMP
    > Destination Unreachable Message with code 3 (port unreachable, see
    > RFC 792 / STD 0005).
    >
    > http://www.rfc-editor.org
    >
    > Say: your "Personal Firewall" has a broken implementation of the
    > Internet Protocol, but this is not resulting in making anything
    > "stealth".
    >
    > Yours,
    > VB.

    Ah, Volker, what has a good Firewall ever done to you to make you hate
    them so? I'll just keep on using mine, in the hopes that it's "better
    than nothing", if you don't mind. I'm just on dial-up. Highspeed
    internet might make me a lot more paranoid.

    charlie R
  6. Archived from groups: comp.security.firewalls (More info?)

    In article <dear01$s2c$1@pscinews.psci.net>, welpctSKIPME@psci.net
    says...
    >
    > "Volker Birk" <bumens@dingens.org> wrote in message
    > news:430891da@news.uni-ulm.de...
    > > charlie R <welpctSKIPME@psci.net> wrote:
    > > > As long as my ports are stealth
    > >
    > > Nothing is stealth. Your ports are filtered, and everybody, who uses
    > > nmap -P0 i.e., will see that.
    > >
    > > Your "Personal Firewall" just violates the Internet Protocol by nor
    > > sending RST (see RFC 793 / STD 0007, section 3.4), nor sending ICMP
    > > Destination Unreachable Message with code 3 (port unreachable, see
    > > RFC 792 / STD 0005).
    > >
    > > http://www.rfc-editor.org
    > >
    > > Say: your "Personal Firewall" has a broken implementation of the
    > > Internet Protocol, but this is not resulting in making anything
    > > "stealth".
    > >
    > > Yours,
    > > VB.
    >
    > Ah, Volker, what has a good Firewall ever done to you to make you hate
    > them so? I'll just keep on using mine, in the hopes that it's "better
    > than nothing", if you don't mind. I'm just on dial-up. Highspeed
    > internet might make me a lot more paranoid.
    >

    You probably don't even need one for dial-up. I went for 3-4 years on
    dial-up with no firewall and never had one problem of any kind..

    --
    Kerodo
  7. Archived from groups: comp.security.firewalls (More info?)

    charlie R <welpctSKIPME@psci.net> wrote:
    > Ah, Volker, what has a good Firewall ever done to you to make you hate
    > them so?

    Nothing. Why do you think that? I'm just recalling facts, as you can
    proof yourself, if you'll read the mentioned sources.

    > I'll just keep on using mine, in the hopes that it's "better
    > than nothing", if you don't mind.

    Oh, please, do what you want ;-) No problem for me.

    > I'm just on dial-up. Highspeed
    > internet might make me a lot more paranoid.

    It's a good idea then to think about security, you're right. I just
    wanted to remind, that a good security concept is much better than
    believing in placebo effects and advertisment ;-)

    Unfortunately it's not so easy, that security can be bought in boxes.

    If you're interested, I would be pleased to explain, what I think what
    would be a good security concept for a single PC on a high-speed line.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  8. Archived from groups: comp.security.firewalls (More info?)

    Volker Birk wrote:

    > charlie R <welpctSKIPME@psci.net> wrote:
    >
    >>I'm just on dial-up. Highspeed
    >>internet might make me a lot more paranoid.
    >
    > It's a good idea then to think about security, you're right. I just
    > wanted to remind, that a good security concept is much better than
    > believing in placebo effects and advertisment ;-)
    >
    > Unfortunately it's not so easy, that security can be bought in boxes.
    >
    > If you're interested, I would be pleased to explain, what I think what
    > would be a good security concept for a single PC on a high-speed line.


    Since you know so much about these things, so go ahead.


    I would be interested especially how to secure Windows 2000 at lowest
    possible system overhead using firewall program and firewall box combo.
    In 100 Mbps Ethernet connection. I already run F-Secure Anti-Virus
    Client Security 5.55 in Windows 2000, containing a software firewall
    (F-Secure Internet Shield). Are there any good sources of tweaking
    instructions to it? I also have run Kerio 2.1.5 in Windows 98SE,
    and have adjusted its behaviour.


    While at it, could you and others too give opinion of following
    router/firewall boxes? They all seem be available here at affordable
    prices. I would be interested of their ability to provide a reliable
    connection to a small *n*x web server, besides 1-2 Windows 98SE/2000
    PC:s.

    D-Link DI-604
    Linksys BEFSX41
    ZyXel Prestige 334
    ZyXel Prestige 335
    SMC Barricade 7004VBR
    SMC Barricade Plus BR14VPN


    DI-604 (Rev. B 1.82) seems to require occasional power cutout between
    couple of days, in this network, possibly because it gets confused of
    network overload or some other reason, who knows. It seems not to be
    the most stable choice here.


    --
    S.Suikkanen
  9. Archived from groups: comp.security.firewalls (More info?)

    S.T. Suikkanen <ei.posti@osoitetta.notvalid> wrote:
    > I would be interested especially how to secure Windows 2000 at lowest
    > possible system overhead using firewall program and firewall box combo.

    For lowest overhead, just use Torsten's script, and switch off any
    listening server. This means: no overhead at all. Then you don't need
    filtering at all. http://www.ntsvcfg.de/ntsvcfg_eng.html

    Then abandon to use Internet Explorer; just use any other browser.

    The problem with Internet Explorer is not that it has security holes -
    every browser has this from time to time; OK, Internet Explorer had
    unfixed holes for years, this is worst case. But also Mozilla from time
    to time are not perfect in security, to say the minimum. The problem is
    the ActiveX technology, Internet Explorer uses as the plugin concept.
    The problem with this is, that ActiveX / COM is a system wide concept
    without any security if a control is running. There is no sandbox concept,
    and, once marked "scripting sage", any control in the complete system
    is a possible flaw, which can be abused. The unfortunate zone concept
    of Internet Explorer was refitted, it's a flub, one could say.

    Keep your software up to date. Use Windows-Update, and keep any
    other software up to date, which you're using in the Internet.

    When you're installing new software, don't forget to use netstat -an
    to check, if there are new servers started, you should stop again.

    > I already run F-Secure Anti-Virus
    > Client Security 5.55 in Windows 2000

    It is a good idea to use an AV software regulary. Please keep in mind,
    that AV software only works good, if it's malware signatures are bleeding
    edge. Unfortunately, the heuristics to detect unkown malware are not
    functioning very well.

    And keep in mind, that the best AV software is your brain - no-one
    wants to make your dick longer, no-one want's to offer pr0n for free
    by mail, and no bank sends you login or password request by mail ;-)

    Unfortunately, AV software is not reliable - that means, it can help,
    it's useful, but you should not bank on it.

    And: if you're detecting an infection, please have a look on the type
    of malware - if it's loading code through the Internet or if it's
    offering access to your box for somebody in the Internet, it's im-
    possible to get a clean box again, but with flatten and setup the
    system again.

    See: http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    > containing a software firewall
    > (F-Secure Internet Shield). Are there any good sources of tweaking
    > instructions to it? I also have run Kerio 2.1.5 in Windows 98SE,
    > and have adjusted its behaviour.

    I don't know, if you need tweeking a port filter. I don't know, if you
    need a port filter at all.

    > D-Link DI-604
    > Linksys BEFSX41
    > ZyXel Prestige 334
    > ZyXel Prestige 335
    > SMC Barricade 7004VBR
    > SMC Barricade Plus BR14VPN

    I know the D-Link and the Linksys devices. Both seem to be OK.

    If you're using such a router, don't forget to configure it for
    filtering. NAT is not enough, because NAT primary is not a security
    feature, so usually, the NAT implementations are not secure.

    Especially, filter away any packet, which reaches your router at the
    outside interface, but has a source IP adress, which seems to be
    inside (say: source 0.0.0.0/8, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8,
    172.16.0.0/12 and non-used blocks like 169.254.0.0/16, 192.0.2.0/24 or
    192.168.0.0/16, see RFC 3330).

    If your router is filtering, perhaps it's not so important any more,
    if your box uses a port filter or not ("firewall") or even is offering
    servers or not.

    And beware of mail attachements ;-) Think about it.

    > DI-604 (Rev. B 1.82) seems to require occasional power cutout between
    > couple of days, in this network, possibly because it gets confused of
    > network overload or some other reason, who knows. It seems not to be
    > the most stable choice here.

    Hm... had no problems with this device so far. Perhaps another hardware
    revision?

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  10. Archived from groups: comp.security.firewalls (More info?)

    "Kerodo" <loopback@localhost.com> wrote in message
    news:MPG.1d72b7f1447ccf8a989681@news.west.cox.net...
    > In article <dear01$s2c$1@pscinews.psci.net>, welpctSKIPME@psci.net
    > says...
    > >
    > > "Volker Birk" <bumens@dingens.org> wrote in message
    > > news:430891da@news.uni-ulm.de...
    > > > charlie R <welpctSKIPME@psci.net> wrote:
    > > > > As long as my ports are stealth
    > > >
    > > > Nothing is stealth. Your ports are filtered, and everybody, who
    uses
    > > > nmap -P0 i.e., will see that.
    > > >
    > > > Your "Personal Firewall" just violates the Internet Protocol by
    nor
    > > > sending RST (see RFC 793 / STD 0007, section 3.4), nor sending
    ICMP
    > > > Destination Unreachable Message with code 3 (port unreachable,
    see
    > > > RFC 792 / STD 0005).
    > > >
    > > > http://www.rfc-editor.org
    > > >
    > > > Say: your "Personal Firewall" has a broken implementation of the
    > > > Internet Protocol, but this is not resulting in making anything
    > > > "stealth".
    > > >
    > > > Yours,
    > > > VB.
    > >
    > > Ah, Volker, what has a good Firewall ever done to you to make you
    hate
    > > them so? I'll just keep on using mine, in the hopes that it's
    "better
    > > than nothing", if you don't mind. I'm just on dial-up. Highspeed
    > > internet might make me a lot more paranoid.
    > >
    >
    > You probably don't even need one for dial-up. I went for 3-4 years
    on
    > dial-up with no firewall and never had one problem of any kind..
    >
    > --
    > Kerodo

    ZAPRO makes it easy to configure security settings and cookie and ad
    control on a site by site basis. Allow Active X on trusted sites that
    need it, and block for all others. It monitors traffic in and out,
    and blocks when I tell it to. Spyware Blaster provides extra
    security. I stay off dodgy sites and only download free apps
    recommended by MVP's in newsgroups. My AV is updated daily. This
    machine has never been infected or compromised.

    charlie R
  11. Archived from groups: microsoft.public.windowsupdate,comp.security.firewalls (More info?)

    BrianW answered:
    > There is an issue with the latest update to ZoneAlarm Pro. I have posted
    > this to a ZoneAlarm user forum:
    >
    > ----------------------------------------------
    >
    > ZoneAlarm Pro version:6.0.631.003
    > TrueVector version:6.0.631.003
    > Driver version:6.0.631.003
    > Anti-spyware engine version:4.0.9.7
    > Anti-spyware signature DAT file version:01.200508.111
    > Windows XP Home
    >
    > If I set any privacy options, this prevents Microsoft Update from working.
    > Instead it fails with error number 0x80072F76.
    >
    > Note that it doesn't matter what combination of privacy options is selected
    > (cookie control, ad blocking, mobile code control). If ANYTHING is set to
    > "block", Microsoft Update will fail.
    >
    > There are also [other issues - snipped]
    >
    > Brian
    >
    >
    you forgot the BIGGEST issue.. "FOR YOU!!"

    I have ZA 6 pro and everything is working *JUST FINE*. AND I have cookie
    blocking enabled, AND ad blocking enabled. and windows update works JUST
    FINE..

    So the issue is *for you*.
  12. Archived from groups: microsoft.public.windowsupdate,comp.security.firewalls (More info?)

    Jerome M. Katz answered:
    > I am running 5.5.094 and I have cookie control set to custom, ad
    > blocking set to high and mobile control set to off and have never had
    > problems with either Windows Update or Microsoft Update.
    >
    >
    I never did either, AND I have upgraded to the very Latest version of 6
    pro, and STILL have no problems.
  13. Archived from groups: comp.security.firewalls (More info?)

    Jack Zwick <jackzwick@yahoo.com> wrote:
    > I have ZA 6 pro and everything is working *JUST FINE*. AND I have cookie
    > blocking enabled, AND ad blocking enabled. and windows update works JUST
    > FINE..
    > So the issue is *for you*.

    For you and all other Zonealarm users are these issues:

    Zonealarm is vulnerable to the SelfDoS attack.

    It opens Popups with texts, which most users don't understand and
    misinterpret.

    Zonealarm cannot prevent spyware from sending your personal information
    across the Internet; it failed in our tests together with the rest of the
    "Personal Firewalls".

    Zonealarm does not make a PC "invisible" or "stealth" in the Internet, as
    this is not possible at all.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
Ask a new question

Read More

Firewalls Privacy Anti Spyware Microsoft Networking