Windows 2000 patch broke firewalls

Several popular firewall products rendered ineffective by a Windows 2000 fix are back on the job, with patches from the manufacturers.

          Several popular firewall products rendered ineffective by a Windows 2000 fix are back on the job, with patches from the manufacturers.

          Zone Labs ZoneAlarm 2.1 and Network ICE's BlackICE Defender 2.1 are among the firewalls that would not function properly when used with a service pack update to Microsoft Windows 2000, released earlier in August.

          Firewall vendors released patches of their own within days of Microsoft's shipment of Windows 2000 service pack 1 (SP1).

          "It's really a communication issue," says Gregor Freund, president of Zone Labs. He says Zone Labs received Microsoft's final code only the day before SP1 shipped. Microsoft had provided an earlier version of the SP1, but apparently changed it "just ever so slightly," which caused an error with the ZoneAlarm driver.

          The SP1 sent the firewall into "safe mode," which closes off all access to the Internet, Freund says. "If we see something we don't understand, we just shut down," he adds.

          Patches Posted Promptly

          Zone Labs posted a patch for ZoneAlarm on its Web site within two days. BlackICE Defender also failed to work properly after the SP1 upgrade, and Network ICE rushed to complete its own patch within 48 hours, and it has posted a download on its Web site.

          Network ICE representatives characterize Microsoft's change in the SP1 code as quite substantial.

          "Once the problem was turned over to the engineering team, they identified that there was a change to the Service Pack that was significantly different than the code Microsoft provided in their Developer's Kit," says John Myung, a Network ICE representative.

          Symantec reports its Norton Personal Firewall and Norton Internet Security 2000 did not experience any difficulties after the upgrade. The company did not get advance warning of the final SP1 code, representatives say.

          "We became aware of SP1 on August 1, when it was made publicly available," says Tom Powledge, senior product manager for Symantec. "In the past, we have received the service pack beforehand."

          Both ZoneAlarm and BlackICE are named as Best Buys in PC World's recent review of personal firewalls.

          Paul Thurrott, editor of the WinInfo newsletter, issued a scathing rebuke of Microsoft for not alerting firewall developers of the changes in SP1.

          But representatives of the affected companies are more conciliatory. "Microsoft has called to apologise," says Zone Labs' Freund, "and we're pretty confident [this problem] won't happen again."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments