| By Susan Bradley |
The new version of Check Point’s ZoneAlarm firewall solves one problem, but Windows Small Business Server 2003 still needs a patch for the DNS patch.
A change in how Windows’ DNS client chooses ports caught ZoneAlarm’s developers — and users — by surprise.
Recent patch woes show why I wait to update
The patches Microsoft released earlier this month continue to plague system administrators. Even though Check Point has issued a fix for the ZoneAlarm firewall, Microsoft’s MS08-037 (953230) DNS patch is also affecting Windows Business Server 2003.
The patch changed the way the DNS (Domain Name System) client service selects the ports it uses to connect to the Internet. ZoneAlarm was not prepared to handle this changed behavior. Check Point’s new versions of the firewall program accommodate this change.
Last week, fellow Windows Secrets contributing editor Woody Leonhard took Microsoft to task for this and other patch screw-ups. I continue to recommend that you wait a few days before deploying any patches. This is particularly the case for any computer that you consider critical, such as your one-and-only computer or server. I never activate a patch until after I’ve seen that its implementation is trouble-free.
Even then, I cannot guarantee that you won’t hit some bumps in the road just because everyone else’s systems patched just fine. As always, have a good backup on hand before you update your operating system. I first learned to be wary of patching back in the NT4 era, and my cautiousness has served me well over the years.
DNS patch gives some servers the bootup blues
It probably won’t make the folks who got walloped by the ZoneAlarm glitch feel any better, but the DNS patch also smacked some Windows Small Business Server 2003 installations. After installing the patch, they found that random services were not starting. The solution is detailed on Microsoft’s SBS blog.