Quoted post from jvmorris, and certainly worthwhile:

{QUOTE-> This is just for informational purposes.

Until such time as Symantec sees fit to provide a 'fix' for their screwup in NIS 4.03, I will not be providing technical support for NIS/NPF.

This 'fix' involves a change in one (or at most two) lines of code and Symantec has indicated that they know what has needed to be corrected for over a week now. Symantec has 'delayed' issuing the necessary patch on the grounds that 'other people' have had problems with using their browsers with the NIS/NPF 4.03 update. Despite repeated (and public) requests for information on these problems, Symantec has apparently received no inputs of substance and has therefore been unable to provide any solutions. Yet we have no 'fix' for a well-known and major problem in the interim.

I don't really intend to be a major pain in the ass, but there's absolutely no reason why Symantec can't issue a response to a major problem and then (later) issue a response for a minor problem that affects even fewer people.

They've apparently made their decision; I've made mine. If the patch for 4.03 is not issued by 1800 PST on Monday 4 March, 2002, then I'm switching firewalls. At that point, I will no longer provide tech support (which should rightfully be provided by Symantec in the first place) for NIS/NPF. <-QUOTE}

A serious and good advice, IMO.

regards.

paul

Do you know what the problem is?

Hi Wade * ;)

The problem has been described by Joseph over in thits thread:

http://www.security-pro.co.uk/yabb/YaBB.pl?board=security;action=display;num=1014426564

regards.

paul

I have two reports that the patch (at least the one to reinstate Log Viewer) has now been released and is available via LiveUpdate. *It still displays as 4.03, but symurl.dll and iamevent.dll now show builds of 4.0.3.105.

However, I have seen no formal acknowledgement from Symantec.

Looks like time to get back to work. *I've found the saddle, but . . . . has anyone seen the horse I rode in on?

Hi Joseph,

I've checked the two files you mentioned, but apparently they haven't come around to doing anything about the Dutch language version yet.

Can it still be relied on, and/or do you have any further information about this issue?

Tony,
No, haven't heard anything new about it. *Just that it's out and seems to work. *I think Ben Hallert indicated that the basic fix (to get back Log Viewer support) involved no more than a simple fix to at most two lines of code.

I was about to say I wasn't aware that there would be a Dutch version necessary, but then I suppose there'd be other code in the DLLs that would be language specific.

Might try bhallert at symantec for additional information -- or ask about Dutch Version of NIS 2002 in the DSL Reports Security Forum.

Thanks Joseph, I may do that.

Reason I said that because, upon checking the version of the two dlls you mentioned, *I saw that my version of symurl.dll is 4.0.0.82, and Iamevent.dll's is 4.0.1.91.

So what does that tell you?

Do you think there simply is no Dutch language *version of NIS 4.03, and if not, is the problem not even there in my version of NIS?

{QUOTE-> . . . .
Reason I said that because, upon checking the version of the two dlls you mentioned, *I saw that my version of symurl.dll is 4.0.0.82, and Iamevent.dll's is 4.0.1.91. ...
<-QUOTE}
Tony, Hmmm, from http://service2.symantec.com/SUPPORT/nip.nsf/pfdocs/2000020411153436?OpenDocument&ExpandSection=5#_Section5 , symurl.dll 4.0.0.82 is common to NIS/NPF 4.0, 4.01, 4.02, but version/build 4.03 goes to 4.0.3.105. *As for iamevent.dll, that shows
4.0.0.82 for NIS/NPF 4.0; 4.0.1.91 for NIS/NPF 4.01; *4.0.2.96 for NIS/NPF 4.02; and *4.0.3.105 for NIS/NPF 4.03. *So, it looks to me like you've still primarily got NIS/NPF 4.01 on your machine.

The 'bad' versions were 4.0.3.104, if I recall correctly. *Obviously, Symantec simply slipstreamed the upgrade (to build 105) into the download available via LiveUpdate. (Hmmm, and there doesn't seem to be any way to get it except through LiveUpdate.)

The problem here is that there's no roll-back functionality with LiveUpdate updates. *

Let me see, I can think of several possibilities here if you're feeling experimental. *But, before messing around I would do four things under any circumstances.
Run Albert's NIS Settings and document all your basic configuration settings and your file versions, etc -- hard copy, Run Albert's NIS Rules Viewer and use the Backup Registry entries tab to save off a backup copy of the registry, just in case you need to do a restore later on. Run Albert's NIS Rules Viewer and document all your existing firewall rules, and Make a complete copy of your Symantec directory (not just the NIS directory) using whatever backup software you might preferThis should at least give you some (still chancy) capability to restore the hard way, since you might then be able to replace your current registry and file entries by the old brute force method, if that should prove necessary.

The problem with the 4.03 update is that it's cumulative, i.e., it incorporates the 4.01 and 4.02 update (and I can't find a separate copy of the 4.02 update). *Well, wait a minute . . . . *Well, I don't know if that's such a good idea or not. *I see that there's a lot of Applications data (for both LU and NIS/NPF) under various headings in the \%win%\ directory here.

{QUOTE-> . . . .
Do you think there simply is no Dutch language *version of NIS 4.03, and if not, is the problem not even there in my version of IE? <-QUOTE}
Tony,
I don't know the answer to this one. *You might e-mail Albert and see if he ever saw one. *(I know he had some version of NIS/NPF 4.0x up at one time; just not sure which one.) *Alternatively, you might e-mail Sven; sometimes he seems to know a bit more about the nitty gritty details than the rest of us. *
I believe that shortly after the US-English version of 4.0.3.105 was released that Ben stated the other language-dependent versions would be out shortly (but then they said the same thing about the leaktest-patch for NIS 1.0 -- which I certainly never saw released).

Joseph,

Thanks for your extensive replies

{QUOTE-> if you're feeling experimental... <-QUOTE}

Well, I concede I may just choose to chicken out, and wait and see what updates Symantec may come up with in the near future.

However, thanks for bringing this issue to our attention, and I'll certainly be following this thread and others on the subject with great interest.