Bad Kaspersky! (RE:Windows Update KB944533)
This is a follow-up to this post.
I believe I have finally found a fix to the issue with KB944533 that breaks IE for some people running Kaspersky Internet Security (KIS).
The Problem:
So what I believe to be the scenario that triggers the problem is if you have KIS (perhaps limited to version 7 but this I do not know) installed but disable the firewall, you will run into the problems reported in this post. It is important to note the part about the firewall as that appears to be the problem.
An MS MVP said here:
Given other related threads here, I would not recommend attempting to disable the firewall in Kaspersky Internet Security in favor of using the Windows Firewall unless you can figure out how to completely disable the former. If you manage to do it, please let us know how.
I can now vouch for this – disabling KIS’s firewall causes problems!
The Fix:
The fix is simply to re-enable the firewall while you install the patch AND keep it enabled until at least the next time you run IE. When you do, KIS Firewall will open a prompt mentioning that the IE executable has been modified. Once you allow this, then voila – you’re done and you have this patch installed correctly and working. At this point you MIGHT be free to disable the KIS firewall again. Since installing the patch, I have yet to turn it off because I have been prompted 2-3 times with the dialog stating that the executable has been changed and I keep clicking on the allow option. I don’t plan to turn the firewall off again until after a few reboots of no prompts.
My Rant:
Bad Kaspersky! Obviously when I disable the firewall, it only disables parts of it. Bad! Bad! Bad! And I think it gets worse too, but I’ll wait a bit for that part.
What appears to me is going on here is that some portion of KIS is realizing that the executable has been modified. Because of this modification, I assume Kaspersky is intercepting DNS requests for whatever reason. Obviously the prompt to allow these sorts of DNS requests is isolated in the firewall, but also obvious is that the engine’s check for these DNS requests is NOT isolated to just the firewall. So this means that in order to allow these sorts of exceptions (i.e. make your system less secure in a sense), you must ENABLE the firewall! That makes absolutely no sense at all!
Now all of this has been a headache for me and many other people, but I think it gets worse. Reconsider everything that has gone on here and ignore the annoyance. Let me recap:
- IE’s executable gets modified.
- IE attempts to connect to the internet via domains and is blocked but when attempting by IP is not blocked
- KIS Firewall does the blocking because it realizes the executable has been changed
Now reconsider #2 and #3 together – the firewall blocks internet access to protect you, right? Nope! It only kinda partly blocks internet access. If the program is connecting via IP address, then the firewally lets it do anything it wants! So if somebody finds an exploit in IE to modify the executable so it sends all of your personal data to the internet, Kaspersky firewall does NOTHING to block that data transmission if it is sending it to an IP address, it only blocks it if it needs to resolve a domain name.
My Conclusion:
Bad Kaspersky! Go to your room and fix it!
No Mr Kaspersky, not “Bad Kaspersky”, but “Sloppy MicroSlob” coding practices, brought on by rush to market junior middle management under the replacement gun of senior management who are only serving the stockholders. Now having said this the same issue is happening to me and I don’t really want to run a firewall at all but if you are slipped a Internet Security Suite by a Baby Bell like they used to Shanghai sailors by slipping then a Micky or clubbing the poor slobs with a sap (a lead ball in a leather holder), then you are probably correct is saying “Bad Monopoly”. But my issue stems from Adelphia’s excellent cable operations being taken over by Time Warners lackluster RoadRunner. To protest I am using Verizon’s DSL and they installed a firewall without my permission and when I uninstalled it and called billing they were happy to still charge me 7.98 a month, but when I complained, they quickly reversed the charge, but I’ll bet they didn’t clean up any stray registry entries left over by their award winning Internet Security Suite. If you are willing to accept Bill Gates throttle hold on our wallets and still want to blame yourself for not wanting to go through complicated procedures to help them shill even more immature products then that is your right and not a privilege. I’ve been a software engineer for thirty three years and I am still using techniques I learned when I muscled big iron around the computer room – less brawn more brain. Software designed by bored rooms of overpaid CIO’s wanting bigger golden parachutes is never going to replace creativity and intelligence no matter how many wunderkids think Google has replaced Microsoft as the new paradigm.
Now I’ve been through this before, a patch or rollup patch that wants to keep installing itself and we want to blame it on ourselves because Bill is so nice. So you read and follow the trail through the KB articles and uninstall and reinstall and it keeps happening and finally after calls to support and googleing various phrases you find the two or three direct registry entries you need to make to keep Bill and the kids happy. Ain’t debugging fun. I never backup the registry and as for my data and programs, I love to reinstall from the original disk that has a soda can stuck to it.
Okay that’s my rant, your’re welcome to your opinion, but I still have my Commodore 64 monitor, although I don’t want to try to find a way to use it as a third monitor for my hand-built PC, but it’s still an excellent video monitor but the new wave of digital cabling will shorten it’s shelf life.
(No) Thanks Peter, for your personal history of your disgruntled life. The funny thing is, on several other machines with NO Kaspersky, I have no problems at all… I suppose Norton, McAfee, and all other Internet Security publishers banded together with Microsoft to screw over Kaspersky, right!?
BACK to the issue at hand, I’m fighting with this exact problem and didn’t read this thread until I uninstalled Kaspersky (along with numerous other suspect firewalls, etc).
Has anyone had luck resolving this issue with Kaspersky completely uninstalled or will it be necessary to reinstall or mess with some registry entries?
Kaspersky is the best Anti-Virus program i have ever used. it is way better than Mc Affe and Norton Antivirus.
i have used Kaspersky and it is a good anti-virus, my only complain about Kaspersky is that it uses more memory compared to other anti-virus like Avast..