Can’t read this? Or anything else on the ‘net? Have a ZoneAlarm firewall? Oh snap!

Carole's Windows laptop suddenly refused to surf the web last night, right in the midst of her prolific flurry of blog postings. I started down my normal diagnostic checklist:

  1. Can you view my blog on the spare bedroom server? Yes, so the wireless is hunkey-dorey.
  2. Can you ping the IP of the WHTV NorthwesTel gateway downtown? Yes, so our cable connection is A-OK.
  3. Can you view the College's website? No, so something beyond downtown is bolloxed.
  4. Can you ping the IP of one of the College's servers? Yes, so DNS is also kaput.

But my Ubuntu laptop had no trouble surfing the entirety of the webosphere. So how could DNS be the problem, since we both resolve domain names using the same service (WHTV's name servers, proxied by dnsmasq in the spare bedroom)?

Given that we're working with Windows here, rebooting seemed a sensible tactic, but to no avail. Other random technical incantations produced no better mojo. I finally hit on the idea of disabling the ZoneAlarm firewall.

Presto-changeo, Alakazaam, Walla Walla Washington: it works!

Visiting ZoneAlarm's site revealed a largish confirmation of this particular gremlin:


Apparently a recent Microsoft Windows update (KB951748) conflicts rather dramatically with ZoneAlarm, effectively shutting down all internet access (via something to do with DNS).

ZoneAlarm's suggestion is to uninstall the update, which does work, but leaves a sour aftertaste. I may try the free Comodo Pro firewall as a more permanent solution.

Mac and Linux users, perhaps the only ones who can read this given ZoneAlarm's popularity, can continue to rest easy, although an operating system-independent flaw in DNS will mean patches for everyone.

(I'm not of the generation that can convincingly declare "oh snap", but I sure do enjoy pretending.)