Results 1 to 14 of 14
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    This is a true story, and a cautionary tale for Windows users, everywhere.

    How would you feel, on booting Windows (XP Pro) one day, if you got no Windows? Instead, you got a strange, never-before-seen system error message “You probably are missing a necessary root certificate”.

    The experience surprised me, but I really should not have been. As a user, I have many years of experience with Windows machines behaving like Windows machines. But this was different-- I was unaware of the source of the message, and the message, itself, was less than helpful.

    Immediately, I began a web search for the message text, hoping to find information. During that process, all FTP, SMTP and POP3 connections were normal but port 80 (HTTP) was not. I was unable to reach more than a single URL per session. Once I had searched a website for information, I had to reboot, and resume my web search.

    Over the next few hours, I managed to restore everything to normal-- but not before I learned about root certificates and fixed the problem for good.

    Here is how I 'fixed" my problem-- and a brief background. Three or four years earlier, I had purchased the "Pro" version of a firewall product called ZoneAlarm, and unlike some applications, I had no immediate plans to update ZoneAlarm, so long as it served my needs. After all, a firewall is ... a firewall. So, I modified until my firewall ran as smoothly as I could wish, and turned my attention elsewhere.

    But in 2009, that did not make CheckPoint software very happy. CheckPoint had just bought ZoneLabs, and soon it was clear the ZoneLabs customer definitely came last. ZoneLabs continued to send so many nagscreen messages about updating-- none of them with any features I needed-- that I finally used ZoneAlarm, itself, to block the ZoneLabs messages. As a customer with a paid license, I wanted to be left alone, and should have been, if ZoneLabs had any chance at all of keeping me as a customer.

    ZoneLabs' continued harassment to upgrade was the next-to-last straw, but what became the last was when I finally discovered ZoneLabs, itself, had caused the problem that effectively crashed my system. ZoneLabs had revoked the root certificate for ZoneAlarm Pro-- or that was what the message seemed to indicate. A later visit to the ZoneLabs website confirmed my suspicion, and a ZoneLabs rep confirmed the message “You probably are missing a necessary root certificate” came from ZoneLabs. He was sorry, of course, but he had no other information except that I would have to upgrade my product. I no longer could use my paid, unlimited-term license for Zone Alarm Pro.

    Sales harassment by ZoneLabs of its paid customer base was bad enough, but what was most damning for the company was it apparently used a back door in its code to disable my ZoneAlarm Pro-- this, with no prior notice, or basis for doing so. In other words, while ZoneLabs assured prospective upgraders about security of its products, it routinely denied users complete control over their own systems.

    So, having resolved the mysterious origin of the screen message, I immediately moved on to a better firewall and AV combination (paid license), and lived happily ever after. But now that it is clearer than ever Windows is a vending machine for software companies, what is the recommended approach to using software whose root certificate-- for any reason, known or unknown-- appears not to work?

    Even after purchase and installation of a duly licensed product, is my Windows perpetually at the whim of every software vendor whose product runs on Windows? Meaning, if I do not in any way extend my license by an "update" or "upgrade", could the same thing happen again?

    I use Windows, not to be captive of a Windows software vendor, but aspire to better results-- like controlling my own system. Is that too much to ask of a Windows machine?.

    At this point, I would welcome reader suggestions about a good policy and standard operating procedure for all Windows users facing root certificate and other product control issues. Such user-to-user solidarity is important-- you could find yourself in the same situation, or already have.

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    371
    Thanked 1,457 Times in 1,326 Posts
    This is clearly a case of vote with your $! I'd write to the president of the company, reference this post, making it clear that they have lost a customer for life and that a very visible record of their policy toward their customers is online and will be read by a very large and influential group of Windows users.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Let's try a little sarcastic humor this time around...
    (I am not speaking as a mod or representative of the Lounge, but as a user such as yourself)

    I use Windows, not to be captive of a Windows software vendor, but aspire to better results-- like controlling my own system. Is that too much to ask of a Windows machine?.
    Yes, you are asking too much

    Zone Alarm, once upon a time, was a very decent firewall, and from a very decent company.
    But things change and this is no more. Recognize this and move on, almost everyone else has.
    It's good that you have recognized this but are a few years late, shame on you.


    If you want an example of what is not a vending machine for software try moving to the MAC.
    Motto: Our way or the highway, and you don't get to decide anything.
    If you want near absolute control over software & your operating system, try one of the traditional Linux distros.
    Motto: We take all the fun out of computing and reserve it exclusively for only the geeks among you.
    Windows: Windows is like the wild west, anything goes, and you are just a heartbeat from being hosed, hacked, cracked, or otherwise
    violated by just about any one with a want or need, including software vendors. Live with it and learn to enjoy your next clean install,
    because that is the only way you will ever enjoy any measure of peace.

    The advantage or disadvantage of root certificates is that they are implicitly trusted.
    The interesting and intriguing point to be made is this transitive trust is generally taken for granted. There is no practical way to ensure that the entire certification chain is error free.
    Most web users have no choice but to live with this potential hazard as long as most of the certification authorities prefer to follow the X.509 certification chain model.
    The root certificate system isn't exactly infallible, nor are the folks who write your programs, nor are the program users themselves.
    So in otherwords, you don't have much control over anything, and to believe otherwise is a delusion. In which case you should seek professional
    mental health help, which sadly is... fallible.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  4. #4
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've long held ZoneAlarm, the Norton Suites (not the pure antiivral portion) and McAfee with equal disdain and at the bottom of the list...none of them ever get near one of my Windows PCs and if they come preinstalled on anything, first to go even before first run. Guess how many security problems I've had?...Well, its one because about 6-8 months ago something in Threatfire was interacting badly with MSE on one system, but other than that, zero for forever.

    Over time, one develops a core of excellent and trusted software programs and in total, that changes very little, and any program that trickles off center a little from that group is an anomoly, so for me at least Windows is almost exactly what I want it to be amost all the time. Yes, there is an avalanche of software junk out there for Windows but also some of the best software imaginable, some of it even free or low price.

    You're actually asking for better ZoneAlarm behavior, which seems to be out of your control. Good alternatives abound.

    You could even install SteadyState on an XP system and not run a stitch of security software...unless you're one of those worryworts about what software is trying to connect to what home server for a chat about updates or something like that.

  5. #5
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts
    For some reason I am reminded of the Shakespearean quotation, "The laddie doth protest too much, methinks." Hamlet, Act III, Scene II (lightly amended).

    Problems happen in all walks of life, including computing, and even in Windows! The aim is to deal with them with equanimity...
    BATcher

    Time prevents everything happening all at once...

  6. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    This is another reason why I use the free MS MSE AV, and the free firewall that comes with Win 7 (yes I graduated from XP a year ago and have never looked back) Free apps never have expiration dates, and to date MS has not once nagged me to purchase a paid product to replace these free alternatives. Now mind you this is MS, the evil giant (or many want to believe) offering free apps, that seem to actually work very well and are both very highly rated. Go Figure!
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. #7
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Clint Rossmere View Post
    Let's try a little sarcastic humor this time around...
    (I am not speaking as a mod or representative of the Lounge, but as a user such as yourself)


    Yes, you are asking too much

    Zone Alarm, once upon a time, was a very decent firewall, and from a very decent company.
    But things change and this is no more. Recognize this and move on, almost everyone else has.
    It's good that you have recognized this but are a few years late, shame on you.


    If you want an example of what is not a vending machine for software try moving to the MAC.
    Motto: Our way or the highway, and you don't get to decide anything.
    If you want near absolute control over software & your operating system, try one of the traditional Linux distros.
    Motto: We take all the fun out of computing and reserve it exclusively for only the geeks among you.
    Windows: Windows is like the wild west, anything goes, and you are just a heartbeat from being hosed, hacked, cracked, or otherwise
    violated by just about any one with a want or need, including software vendors. Live with it and learn to enjoy your next clean install,
    because that is the only way you will ever enjoy any measure of peace.



    The root certificate system isn't exactly infallible, nor are the folks who write your programs, nor are the program users themselves.
    So in otherwords, you don't have much control over anything, and to believe otherwise is a delusion. In which case you should seek professional
    mental health help, which sadly is... fallible.

    Clint, I had higher hopes for you than this raft of preening cynicism. My principal, first and major point is unless users continue to insist on higher standards, nothing will change for the better. As you say, change is inevitable, so why not make that change for the better ?

  8. #8
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Ted Myers View Post
    This is another reason why I use the free MS MSE AV, and the free firewall that comes with Win 7 (yes I graduated from XP a year ago and have never looked back) Free apps never have expiration dates, and to date MS has not once nagged me to purchase a paid product to replace these free alternatives. Now mind you this is MS, the evil giant (or many want to believe) offering free apps, that seem to actually work very well and are both very highly rated. Go Figure!
    Good points-- Ray Ozzie and his widening influence in the Microsoft orbit is a sign Microsoft of old has learned at least a few more user-friendly behaviors. Ballmer is probably nearing retirement (though he may be the last to know), and that will remove the last roadblock to major, even uplifting change at a corporation with enormous potential for doing good-- even if it has realized far less of it over more than two decades, to the detriment of all users..

    Sysinternals is responsible for many of the free apps you praise, and Russinovitch's Process Explorer has become a valuable tool for me, especially for "unjamming" a system, and tracing problems to a single app.

  9. #9
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by BATcher View Post
    For some reason I am reminded of the Shakespearean quotation, "The laddie doth protest too much, methinks." Hamlet, Act III, Scene II (lightly amended).

    Problems happen in all walks of life, including computing, and even in Windows! The aim is to deal with them with equanimity...
    My post pleased the gods of equanimity, and roused an entire caste of users, from a part-time prophet of low-wattage despair to one, like yourself, who does not see much of an issue here.

    You have one excellent point-- Windows taught millions of computer users to expect less, not more.

  10. #10
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Byron Tarbox View Post
    I've long held ZoneAlarm, the Norton Suites (not the pure antiivral portion) and McAfee with equal disdain and at the bottom of the list...none of them ever get near one of my Windows PCs and if they come preinstalled on anything, first to go even before first run. Guess how many security problems I've had?...Well, its one because about 6-8 months ago something in Threatfire was interacting badly with MSE on one system, but other than that, zero for forever.

    Over time, one develops a core of excellent and trusted software programs and in total, that changes very little, and any program that trickles off center a little from that group is an anomoly, so for me at least Windows is almost exactly what I want it to be amost all the time. Yes, there is an avalanche of software junk out there for Windows but also some of the best software imaginable, some of it even free or low price.

    You're actually asking for better ZoneAlarm behavior, which seems to be out of your control. Good alternatives abound.

    You could even install SteadyState on an XP system and not run a stitch of security software...unless you're one of those worryworts about what software is trying to connect to what home server for a chat about updates or something like that.
    Thanks for your response, Byron. As you advise, I do have a group of trusted, reliable programs, but am very careful about apps which do not contribute to productivity and introduce needless risk. Adobe, for example, is fond of installs that may bring along other, minor programs from its product line, and complicate the whole process.

    Like you, have found a high level of security despite using apps which do not come from Norton, McAfee or other industry names. Because of bandwidth issues, I have settled in happily enough with Sunbelt Vipre Premium, a good, lean AV and firewall combination which so far, at least, has met every system threat.

    Besides, the omnivorous MS OS eventually attempts to cover all its bases, including firewall and AV. Since we might suppose Microsoft knows its code better than anybody else, MS coders working with such neglected functions may help improve future Windows code even if third-parties continue to do a better job.

  11. #11
    Star Lounger
    Join Date
    Dec 2009
    Posts
    65
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by RetiredGeek View Post
    This is clearly a case of vote with your $! I'd write to the president of the company, reference this post, making it clear that they have lost a customer for life and that a very visible record of their policy toward their customers is online and will be read by a very large and influential group of Windows users.
    Thank you for your post-- I can only hope some vendors actually care about quality, despite the production disincentives, but it runs against nature that the field should be all one, or the other. Occasionally, we find delightful surprises, and should reward these people with word-of-mouth positive comments, at every opportunity.

  12. #12
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by alphaa10 View Post
    Occasionally, we find delightful surprises, and should reward these people with word-of-mouth positive comments, at every opportunity.
    alphaa,
    Hello.... That's why i give a "tip of the hat" to "Norton Internet Security 2011" at every opportunity...It "beats the pants off of "Mickey MSE" and the other "Whinny the Pooh " freebie ones. Regards Fred

    PS: See this link for details http://bro.ws/778580L
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  13. #13
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    371
    Thanked 1,457 Times in 1,326 Posts
    Quote Originally Posted by alphaa10 View Post
    Occasionally, we find delightful surprises, and should reward these people with word-of-mouth positive comments, at every opportunity.
    Alphaa,

    I couldn't agree more.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  14. #14
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    U.K.
    Posts
    113
    Thanks
    0
    Thanked 19 Times in 14 Posts
    Quote Originally Posted by Byron Tarbox View Post
    You could even install SteadyState on an XP system and not run a stitch of security software...unless you're one of those worryworts about what software is trying to connect to what home server for a chat about updates or something like that.
    The good thing about SteadyState is that on restart it should remove yesterdays deposit of trojans etc,
    but that will not eradicate the financial data records which the trojans have already sent home.

    If zone alarm have created a back door to cripple your control of your system,
    then all their technical staff will know how to cripple your system.
    I venture to suggest that malware writers will also know how to cripple any computer that is "protected" by ZoneAlarms.

    ZoneAlarms may cost a license fee to use,
    But use of ZoneAlarms will cost you very much more than a license fee if it allows a hacker to steal vital data.

    Alan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •