by Bernard Golden

Bitten by a Microsoft Patch

Jul 10, 20083 mins
Enterprise Architecture

I am a fanatic about Windows security. Every Windows box has Zone Alarm, ClamAV, and Spybot. I also have autodownload of Windows patches, but always review them before installation. Most of the time I just allow them to be installed, but I want to see them before they’re installed.

I got onto one machine yesterday and found that it had rebooted due to Windows downloading and installing a “high-priority” security patch. Well, I don’t really like that, but what can you do?

Then, later in the day, when I tried to go to the web, I got a “cannot connect” error.

Fine, I assumed it was the wireless router. So I rebooted that. Still no connection.

So, I rebooted the machine. Didn’t help.

Immediate assumption that I would need to reinstall Windows XP.

Now, let me say a word about that. My last two puzzling failures have ended up being hardware issues, not OS ones — but my immediate assumption (and I think I’m pretty typical) is that there must be a Windows issue. That says a lot about the general perception of Microsoft products. So, in these two cases, the perception was incorrect.

However, since I was able to ping out of the machine in question, I didn’t think it was a hardware issue, so concluded an OS reinstall was in order.

Then, fortuitously, I got an RSS feed article about a new Microsoft patch that disabled web access on machines running Zone Alarm. Two fixes were offered: uninstall the security patch, or reduce the security level on Zone Alarm.

I happily removed the patch, and web access immediately started working. Hurrah!

But, I noticed that Microsoft immediately put a new patch alert up in the taskbar.

And this morning, when I went to the machine, it had rebooted and … you guessed it, the patch had been reinstalled.

To avoid a Groundhog Day situation, I reduced the security level on Zone Alarm, and web access once again worked.

However, the fact that I have to disable security to workaround this patch is totally unacceptable, and the fact that there’s no way for me to avoid having this patch automatically installed is unbelievable. And it’s not like Zone Alarm is some obscure use corner case. There are millions of copies of it installed throughout the world.

I’ve always read stories about organizations bitten by Microsoft patches, but never experienced it myself. Now I have. And it sucks.