Zonealarm Root Certificate Workaround

Symptom: In Windows environment, ZoneAlarm fails to start, giving missing root certificate error.

Although Zonealarm malfunctions are commonly due to malware incursion, this is not one of them.

Zonealarm prior to v.7.0 cannot be started, uninstalled or upgraded past July 15, 2009. This is a severe bug in the program.

The error message on a typical installation is:

C:ProgramFiles\Zone Labs\ZoneAlarm\zlclient.exe

Validation failed for c:\WINDOWS\SYSTEM32\VSINIT.DLL. You probably are missing a necessary root certificate.

Validation failed for c:\WINDOWS\SYSTEM32\VSDATA.DLL. You probably are missing a necessary root certificate.

Your system root certificate is fine.

Zone Labs is aware of this error and recommends installing v.8.0 or later.

However, v.8.0 or later is not useful to us because 1) requires XP SP2 or above and 2) is a partial download (i.e. requires Internet access to install, a period during which a Windows machine can be compromised).

We cannot recommend ZoneAlarm at this time. Due to (1) above, we believe the new version runs on top of dot.net, which is horrible from a security standpoint, the late load at boot time gives a time window for any suppressed malware to send or receive their payloads prior to Zonealarm start. Version 7.0 is compatible with previous versions of Windows and no Internet connection is required for install.

This is the temporary workaround until a new policy is implemented.

Procedure:

1) Download Zonealarm 7.0 here or here.

2) Reset system clock to a date prior to July 15, 2009. It is not possible to uninstall Zonealarm with a date beyond that.

3) Disable internet access.

4) Uninstall existing Zonealarm installation, reboot if necessary.

5) Reset system date to correct time.

6) Install ZoneAlarm 7.0, select free firewall, reboot.

7) Reconnect internet access.

Alternate Procedure: (not recommended, must be performed every reboot)

1) Disconnect Internet access

2) Boot machine

3) Reset system date to any date prior  to July 15, 2009

4) Start>Programs>Zone Labs> ZoneAlarm , Zonealarm will now start

5) Reconnect internet access

6) Reset system date to current

This must be done every restart, the above error is not removed.

All photos and content copyright © 1981-2009 PHOTOSPORT.COM.   All Rights Reserved.

16 JUL 2009