NIS/NPF issue

Discussion in 'other firewalls' started by Paul Wilders, Mar 4, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Quoted post from jvmorris, and certainly worthwhile:

    A serious and good advice, IMO.

    regards.

    paul
     
  2. FarCry

    FarCry Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    82
    Location:
    Boston, MA
    Do you know what the problem is?
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    I have two reports that the patch (at least the one to reinstate Log Viewer) has now been released and is available via LiveUpdate.  It still displays as 4.03, but symurl.dll and iamevent.dll now show builds of 4.0.3.105.

    However, I have seen no formal acknowledgement from Symantec.

    Looks like time to get back to work.  I've found the saddle, but . . . . has anyone seen the horse I rode in on?
     
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Hi Joseph,

    I've checked the two files you mentioned, but apparently they haven't come around to doing anything about the Dutch language version yet.

    Can it still be relied on, and/or do you have any further information about this issue?
     
  6. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Tony,
    No, haven't heard anything new about it.  Just that it's out and seems to work.  I think Ben Hallert indicated that the basic fix (to get back Log Viewer support) involved no more than a simple fix to at most two lines of code.

    I was about to say I wasn't aware that there would be a Dutch version necessary, but then I suppose there'd be other code in the DLLs that would be language specific.

    Might try bhallert at symantec for additional information -- or ask about Dutch Version of NIS 2002 in the DSL Reports Security Forum.
     
  7. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Thanks Joseph, I may do that.

    Reason I said that because, upon checking the version of the two dlls you mentioned,  I saw that my version of symurl.dll is 4.0.0.82, and Iamevent.dll's is 4.0.1.91.

    So what does that tell you?

    Do you think there simply is no Dutch language  version of NIS 4.03, and if not, is the problem not even there in my version of NIS?
     
  8. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Tony, Hmmm, from http://service2.symantec.com/SUPPORT/nip.nsf/pfdocs/2000020411153436?OpenDocument&ExpandSection=5#_Section5 , symurl.dll 4.0.0.82 is common to NIS/NPF 4.0, 4.01, 4.02, but version/build 4.03 goes to 4.0.3.105.  As for iamevent.dll, that shows
    4.0.0.82 for NIS/NPF 4.0; 4.0.1.91 for NIS/NPF 4.01;  4.0.2.96 for NIS/NPF 4.02; and  4.0.3.105 for NIS/NPF 4.03.  So, it looks to me like you've still primarily got NIS/NPF 4.01 on your machine.

    The 'bad' versions were 4.0.3.104, if I recall correctly.  Obviously, Symantec simply slipstreamed the upgrade (to build 105) into the download available via LiveUpdate. (Hmmm, and there doesn't seem to be any way to get it except through LiveUpdate.)

    The problem here is that there's no roll-back functionality with LiveUpdate updates.  

    Let me see, I can think of several possibilities here if you're feeling experimental.  But, before messing around I would do four things under any circumstances.
    • Run Albert's NIS Settings and document all your basic configuration settings and your file versions, etc -- hard copy,
    • Run Albert's NIS Rules Viewer and use the Backup Registry entries tab to save off a backup copy of the registry, just in case you need to do a restore later on.
    • Run Albert's NIS Rules Viewer and document all your existing firewall rules, and
    • Make a complete copy of your Symantec directory (not just the NIS directory) using whatever backup software you might prefer
    This should at least give you some (still chancy) capability to restore the hard way, since you might then be able to replace your current registry and file entries by the old brute force method, if that should prove necessary.

    The problem with the 4.03 update is that it's cumulative, i.e., it incorporates the 4.01 and 4.02 update (and I can't find a separate copy of the 4.02 update).  Well, wait a minute . . . .  Well, I don't know if that's such a good idea or not.  I see that there's a lot of Applications data (for both LU and NIS/NPF) under various headings in the \%win%\ directory here.
     
  9. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Tony,
    I don't know the answer to this one.  You might e-mail Albert and see if he ever saw one.  (I know he had some version of NIS/NPF 4.0x up at one time; just not sure which one.)  Alternatively, you might e-mail Sven; sometimes he seems to know a bit more about the nitty gritty details than the rest of us.  
    I believe that shortly after the US-English version of 4.0.3.105 was released that Ben stated the other language-dependent versions would be out shortly (but then they said the same thing about the leaktest-patch for NIS 1.0 -- which I certainly never saw released).
     
  10. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Joseph,

    Thanks for your extensive replies

    Well, I concede I may just choose to chicken out, and wait and see what updates Symantec may come up with in the near future.

    However, thanks for bringing this issue to our attention, and I'll certainly be following this thread and others on the subject with great interest.
     
Thread Status:
Not open for further replies.