Blunder Dome Sighting  
privacy 
 
 
 

Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.



Click for Blog Feed
Blog Feed

Recent Items
 
All Right, Now What?

This page is powered by Blogger. Isn't yours?
  

Locations of visitors to this site
visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

2004-06-20

 

What Do You Do When Security Software Cocks-It-Up?

Note to Spanner Wingnut: We must remember to document the silly consequences of installing Norton Antivirus 2004 under Norton SystemWorks 2003.  Well, it sort-of worked. Note to Orcmid: Yes, there's enough more material for a why-I-hate-Blogger post, but how do you move it from whining to some sort of positive action? Wingnut?  Wingnut, do you hear me??  When can I have an atom feed button and a change from "Previous" to "Recent" posts?  I'm waiting, young man.  Oh, and there's the double-title business.  ...

What Do You Do When Security Software Cocks-It-Up?

Synopsis:
   1. Upgrading to ZAPro 5.0 made it impossible for me to access or update my developer website on my local machine.
   2. I couldn't find any human technical support on this, and the on-line support is inapplicable.
   3. The uninstall of 5.0 said it was fine, but now reinstall of 4.5 fails on a DLL entry-point problem.
   4. Now I have either no software firewall or no web-site development work until I get to the bottom of this.  And no way, no how, does the computer leave the shelter of my residential firewall until this is resolved.
   5. The test of any customer relationship is when something goes wrong.  My moments-of-truth alarm is hooting.  "Dive, Dive, ..., Load forward tubes, Mr. Wingnut."
I like Zone Alarm Pro (ZAPro).  I installed it just before I was taking the Compagno laptop to a geek-schmooz that was going to use an open-to-the-internet LAN.  The LAN, rigged at UCSD, was for interoperability testing of WebDAV clients and servers.  I had been warned that the mean-time-to-compromise was about 30 seconds, so I knew I wasn't traveling without a decent firewall.  In the year since, I have purchased a wireless card and I want strong firewall protection when running wireless too (for darn sure).  The firewall is also indispensable in curbing mobile code, adware, and malware while surfing to sites that exceed my trust tolerance.  The software firewall provides another layer of Swiss cheese before Internet Explorer's permissions can expose too much. I also prohibit automatic updates on my system.  I check for updates manually when I am ready and poised to work through whatever the consequences might be.  (So why does the Symantec LiveUpdate COM Server want to access the internet every time I start my machine when I have said don't do anything automatically?  Good question.)

Weekly Update Time: Saturday, June 19

An Update Is Available.  Yesterday, I am signed-on to my computer as administrator to do some periodic cleaning, along with my weekly antivirus updates.  I use the ZAPro check-for updates feature while there, and by golly, they have a version 5.0 update waiting for my eager installation. Uneventful update.  I download ZAPro 5.0.590.015, saving it to disk with my collection of updates.  I install the update over the previous 4.5.594.000 version.  The update preserves my settings, password, and everything else but the color scheme, which I always need to reset.  I think of that as a little reminder that I am running with a newly-updated version. Routine Operation.  I continue through my day, mostly fretting way too long over a blog post about the API War that Microsoft is supposed to have lost.  It is time to do real work and create some web-site material. Uh Oh, no service at that address.  On bringing up FrontPage 2000, I learn that it can't find my local machine's web server.  The suggestion is that FrontPage extensions might not be installed.  When I get more details, I find that FrontPage can't find a web server on the local machine.  That's scary, so I use my browser to access my local site.  404 Error.  Hmm, IE can't see the web server either.  But why 404?  I login to the administrator account and see if that makes any difference.  Nope.  But the Management Console IIS plug-in says that the web server is running. It's the Firewall!.  Still in the administrator account, I shut down ZAPro.  By golly, now everything works.  So I log out of administrator and start up as my lowly super-user least-privilege self.  Oh, I can't shutdown ZAPro fully from my non-administrator account.  Crap. The Update Must Go.  The web server is already on a trusted LAN, but I did everything else I could figure out to have ZAPro not block web access to http://compagno, my local machine's web port.  Nothing works.  It has always worked without any fuss before. Seeking Technical Support.  I use the support link in ZAPro to go to the vendor's site.  I read that there are some issues with the new feature set of 5.0, but my particular problem is not mentioned.  There is 900-number fee-for-call West-Coast business-hours service, but this is the weekend and why should I pay to handle this kind of problem?  There is also an Instant Support function which looks like it might be on-line chat with a technical support person.  That page doesn't come up (it looks like the firewall is blocking some sort of mobile code there) so I close the web pages and ponder. Backing Out the Update.  For the other problems people are having with 5.0, it is recommended that the update be fully uninstalled and the previous version re-installed.  This is a we-will-lose-all-your-settings course of action, and that is a terrible idea.  I didn't save my settings in 4.5 before I updated, so now I save them in 5.0 and pray that 4.5 can reload them.  The settings are saved in some sort of XML format, so there's a chance that this will all work.  Then I attempt to run the version 4.5 install without removing 5.0 first, just in case.  There's no joy there: 4.5 is too smart, refusing to install over a later version.  So I initiate a full uninstall of 5.0. Backdoor to Support.  The uninstall process invites me to complete a survey of people who are terminating their use of ZAPro.  I hope I am not doing that, but I feel like an old fart who calls the 411 lady for companionship.  I do the survey and tell them that I am about to downgrade and that I don't have anyone but "her" to give me any sympathy.  I also mention that not finding technical support in an urgent-for-me moment would be a reason to leave forever, if I ultimately choose to do that.  Then I click Continue on the uninstall. All Your DLL Are Mine?  The uninstall appears to be uneventful.  A successful-removal message pops-up on my display.  Having saved every updated since I subscribed, I initiate the install program for ZAPro 4.5.594.000.  Uh oh, what's this?
zlclient.exe entry point tvGetIntegrityUserName
could not be located in dynamic link
library VSUBAPI.dll
I click OK and allow the install to complete.  It says it has installed successfully.  On startup of ZAPro to see what I have, I get the same message and ZAPro 4.5 never starts. Back to the Drawing Board.  Well, fine.  I uninstall the 4.5 version, since there is no use there.  I get another invitation to explain why I am leaving forever, and I tell the nice form page that no, I am just looking at how to get back to a version that works.  I hop over to the support page to check on the versions of the 5.0 and 4.5 they have for download there.  The Instant Support page comes up (I am defenseless now, remember), and it is one of those gawdawful someone-thinks-this-is-AI page of radio buttons with multiple choices none of which fit my situation.  At least this is easier than the telephone version where you have to listen to the list to realize that you're 3-levels down the wrong rat-hole and there's no escape but to recall the number and start over.  I click none-of-the-above enough times that it offers me a link to an e-mail page.  Hurrah!  Oh, oh, now what?
Error - a runtime error just occurred
Line: 617
Error: Expected '{'
Do you want to debug?
I said no.  The mail form came up, so I filled it out, whining away about my difficulty with the update and would someone please help me? Thinking it over.  I find the update information again and start downloads of the 5.0 versions and the 4.5 versions that they have available.  Oh, those are exactly the ones I already have.  So, then I am thinking that I will just work back through my previous versions until I find one that installs successfully.  And it's late, so I will go to bed and work it out in the morning.

Sunday, June 20

Think Again.  I have an auto-responder message that says they have my support request, with the official subject "Tech Support Ticket: More Information - AA ISSUE=295804 PROJ=4".  They warn me not to even think of replying to this message, because it will only delay my support further.  They then tell me that paying customers (which I am) can expect support in two business days.  This reminds me of the Pyra labs messages when I was trying to tell them about a security breakdown on the Blogger site, so I figure that maybe these guys are about to be acquired by Google, you know?  Who is the role model for this crap?  The morning is not going well, and recording this narrative is taking too long.  Then I have this thought.  I wonder what happens if I reinstall 5.0.  What will that show me about that mystery file, VSUBAPI.dll?  I fear the worst. Some Time Later ... .  I did the smart thing, I re-installed the version 5.0 update and restored my settings. I can even see that IIS is running and listening on the right TCP ports by looking in ZAPro.  But I can't access it with Internet Explorer or FrontPage 2000.  We seem to be back where we started except for one thing ... Where's that DLL?  When Version 5.0 installed, there were no warnings or complaints.  Afterwards, I did a search of my hard drive for VSUBAPI.dll and it is nowhere to be found.  So, whatever it is, version 5.0 doesn't use it and version 4.5 doesn't install it, but needs it.  So much for that roll-back strategy. Now What?  Well, I have a functioning firewall and some funky business to go through for whenever I want to work on my web-development site.  I can shop for firewall software too, but it is not such a panic now.  Maybe it should be.  I will deal with all of that after I have mowed the lawn.  Just another day at Castle Clueless.
Talking with:
My son Doug called from Portland and wished me Happy Father's Day.  I don't think about that so I am always surprised and delighted when he calls.  We planned his visit for around the 4th of July when my sister Carol is here from Minnesota.  That was the high point of the day so far.  I did promise I would go outside, shake off all this geek stuff, and mow some grass.  OK, I'm outa here. -- orcmid
[dh:2004-06-23-16:47Z I am reposting because the use of <pre> elements for computer text is forcing the division to be too wide and the right-column blurbs are forced to the bottom of the page.  Also, there is an inbalanced <small> tag that is infecting all following material on the current page and on the archive page carrying this entry.  Some interesting lessons.  Wingnut, are you listening? Fix that!!
 
Follow-Up Entries.  The saga of cluelessness continues with the June 24 posting, Do We Have A Firewall or a Development Web?  That is followed by the June 25 post on Button, Button, Where's the Update?The outcome at that point is that I am continuing to operate with the ZoneAlarmPro 5.0.590.015 update and using workarounds (described in the posts) to edit my web site without taking down the firewall.  Another workaround is used to have my Norton Antivirus virus-definition updates download properly.

The concerns I have at this point are:

1. Norton Antivirus no longer scans my e-mail while it downloads, apparently because of an interaction with the firewall software.

2. I have to take down the software firewall momentarily to update virus definitions once each week (although I still have protection with my residential router and firewall).

3. I still have no way to revert to an earlier version of ZoneAlarmPro because of a missing VSUBAPI.dll file that those versions require.

4. It is a litttle peculiar that ZoneAlarmPro reports that my version is current when I know there is a later (and apparently still buggy) version that I have downloaded but not installed.

I am also a little disturbed by a scary experience with Microsoft Installer and the uninstall of Microsoft Office Extensions on my machine that came up in the course of troubleshooting the ZoneAlarmPro configuration.  It is just ducky to be reminded of my level of cluelessness in this situation.
 
 
I have the same problems. By the way, I believe you mean "VSPUBAPI.DLL", which you should be able to find, not "VSUBAPI.DLL". However, even though I find the file as mentioned, I also don't know yet how to avoid the same tvGetIntegrityUserName error. I have emailed them to get some information on how to proceed, meanwhile no firewall.
 
 
So I have the same problem: I can't use the latest
ZoneAlarm Pro 5.0 nor 4.5. What's the answer? Did you end up buying a new firewall?
 
 
Hello, Edwin.  I did end up running 5.0 anyhow, and I recently upgraded to ZAPro 5.1.011 after curing some other pressing problems.

ZAPro 5.1.011 still interferes with my Symantec LiveUpdate, also Spybot Search&Destroy update (!), but Norton Antivirus 2004 is running again over both incoming and outgoing e-mail and I now have a good two-lines of defense in that regard.  The interference with my local IIS 5.1 and FrontPage extensions is sporadic (but still more there than not, so I continue to use a workaround).

I am willing to continue with ZAPro (I had renewed my update subscription shortly before all of this happened) simply because I realize I have no idea how to tell how well any software firewall is actually working, and ZAPro is easy to use (though who knows how effective).

I will look further after I complete the upgrade of all of my systems to XP SP2.  The outgoing control that ZAPro provides is important to me, and I continue to gain value from that along with the privacy protections.

It is rather startling to realize that vendors of security-related products don't seem to know how to demonstrate the secure operation of their own products, and the support in this area is startlingly bad.  I guess I fell for the facade and the ease-of-install, and I am not ready to do the work to improve my state of cluelessness at this time.  I'd be interested to know if you find a superior solution.  Meanwhile, I shall slowly tighten up my incident reporting and see what I can do to at least escalate awareness at Zone Systems.
 
 
Hi, I have read this as one of the final stops on my long and winding road to resolve the same problem. It is only fair I post the solution.

From what I can gather Zona Alarm leaves these two (among others) files on your computer, they interfere with other programs sometimes, and ironically with the installation of older versions of Zone Alarm. Delete them entirely and old Zone Alarm should install again without a problem.

Here is a list of files that Zone Alarm leaves behind. You probably only have to delete the two, but if necessary you can clean all the remnants of Zone Alarm from your system by removing the following:
(make sure you have folder options in Windows explorer set to view hidden files)

C:\WINDOWS\Start Menu\Programs\Zone Labs
C:\WINDOWS\SYSTEM32\vsdata.dll
C:\WINDOWS\SYSTEM32\Vsdata95.vxd
C:\WINDOWS\SYSTEM32\vsdatant.sys
C:\WINDOWS\SYSTEM32\vsmonapi.dll
C:\WINDOWS\SYSTEM32\vspubapi.dll
C:\WINDOWS\SYSTEM32\vsutil.dll
C:\WINDOWS\SYSTEM32\zllictbl.dat
C:\WINDOWS\SYSTEM32\zlparser.dll
C:\WINDOWS\SYSTEM32\ZoneLabs\Migrate.dll
C:\WINDOWS\SYSTEM32\ZoneLabs\vsdb.dll
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsruledb.dll
C:\WINDOWS\SYSTEM32\ZoneLabs\minilog.exe
C:\WINDOWS\Internet Logs\IAMDB.RDB
C:\WINDOWS\Internet Logs\W98-DHIGHT.ldb
C:\WINDOWS\SYSTEM32\ZoneLabs\html.tdr

You won't find all the files, some are for older versions. Just do a search in the WINDOWS folder, include hidden files, you should be able to find whatever is there. Also go to \Program Files and delete the install folder of Zone Alarm. Note: remember only delete anything after you have uninstalled the program.

Cheers.
 
 
The worst thing I ever did, apart from marrying my ex, LOL was to install Zone Alarm
I have tried evertyhing and at the end it says that they have "blocked" my internet access 'coz the Zone Alarm is NOT working properly...........hey fair go......I've uninstalled, deleted, used DOS to del, surches etc etc etc etc I can't find a thing: BUT there still MUST be some file that allows them to communicate! YUK..NO MORE Zone Alarm for me thanks
 
 
The worst thing I ever did, apart from marrying my ex, LOL was to install Zone Alarm
I have tried evertyhing and at the end it says that they have "blocked" my internet access 'coz the Zone Alarm is NOT working properly...........hey fair go......I've uninstalled, deleted, used DOS etc etc I can't find a thing: BUT there still MUST be some file that allows them to communicate! fair GO...NO MORE Zone Alarm for me. Thanks
 
 
Just to add to my earlier note re: get cut off the internet by Zone Alarm I have since found the proplem, found the files and they are dorment until you open the internet and immediately they communicate that I am online and then......vsmon.exe simply blocks my internet browser. Apart from deleting vsmon.exe you must find and delete the following files using dos commands in the dos mode as the window will NOT delete some of them, so delete these: vsutil.dll, vsinit.dll and vspubapi.dll
 
 
A while back I also had the misfortune of installing ZAPro. It somehow corrupted my computer so badly that i had to go buy another one....
 

 
Construction Structure (Hard Hat Area) You are navigating Orcmid's Lair.

template created 2004-06-17-20:01 -0700 (pdt) by orcmid
$$Author: Orcmid $
$$Date: 10-04-30 22:33 $
$$Revision: 21 $