CheckPoint issues fix for ZoneAlarm problem after DNS patch
BetaNews has confirmed through testing that CheckPoint's latest build of ZoneAlarm, issued yesterday in response to a problem arising from a Microsoft patch to a major DNS security problem, fixes a major problem with Internet access.
When Microsoft issued a major fix on Tuesday, to the way it handles the Domain Name System, that fix was necessary in order to avert a possible severe exploit of the entire Internet. Microsoft was cooperating in a joint effort, which also involved Linux distributions, to upgrade the world's DNS servers.
An unfortunate side-effect was that some Windows-based firewalls became problematic, most notably including ZoneAlarm and ZoneAlarm Pro. Windows XP Professional-based systems were reporting inability to access the Internet while the Internet Zone Security setting was on High. BetaNews confirmed this problem.
Last night -- after a thorough cleaning of our virtual Windows XP Professional test platform, on account of damage suffered in an unrelated test -- BetaNews confirmed that CheckPoint's latest build of ZoneAlarm Pro (7.0.483) does address and fix this problem. Web access is now completely restored with Internet Zone Security set back from Medium (which was CheckPoint's suggested workaround setting) to High.
The accessibility problem was most likely not due to an architectural flaw with ZoneAlarm, but rather an unfortunate side-effect of a fundamental change in Windows' handling of DNS, enabling source port randomization so that DNS requests do not always originate from either the same port or a predictable port number.