Blog for hpHosts, and whatever else I feel like writing about ....

Friday, 17 September 2010

ZoneAlarm blasted for using scareware

Zone Alarm has long been considered a good product to have on your PC by some (never liked it myself personally, but that's just me), so imagine everyones surprise when the developers of ZoneAlarm decide to use scareware tactics.

There's been a rash of complaints on the Zone Alarm forums, amongst other places, concerning a dialog that's been popping up (see top left), with information about a so-called "ZeuS.Zbot.aoaq" infection. Now, ZeuS is definitely real, it's a botnet, and Zbot (see here and here) is definitely real - it's a trojan (and it's important to note, Zbot has been around for YEARS, this is not some new infection that CheckPoint, the vendor responsible for ZA, has found).

Sadly however, this dialog claims to be a "Global Virus Alert", with a sub-heading of "Your PC may be in danger!", complete with information about this so-called infection. It must be noted, the infection itself is real - but ZoneAlarm has NOT actually detected this infection on the users system.

The problem we have here, is this method of marketing is highly misleading, and a tactic we're used to seeing from rogues, not legit vendors. Had the dialog simply said "there's a new variant of the Zbot trojan in the wild, be careful folks" or words to that effect, then they wouldn't be getting so many complaints, and techies wouldn't be inundated with calls and e-mails and whatnot, from users scared to death that they've got an infection onboard that's going to steal all and sundry.

There's several "gurus" on the ZA forums telling people this is just an informational dialog, telling them to get an AV if they don't already have one - but that's not actually what the dialog says. It does not say "if you don't have an AV, get one here", it simply has two buttons "SEE THREAT DETAILS" and "GET PROTECTION". Click "GET PROTECTION", and it takes you to a page to upgrade ZA (for a fee of course), it doesn't ask if the user has an AV, it doesn't check the system to see if an AV is installed, it just tells the user the free ZA provides basic protection and additional security is required to protect them from this threat.

I try not to add legit vendors to hpHosts if I can help it, but in this case, I've no choice, the method they've used is highly unethical and misleading. Not doing so would mean having to remove all of the rogues listed in the database from NON-legit vendors. Vendors such as CheckPoint MUST learn that scareware tactics will not be tolerated.

You can read more about this, and of course, all of the users complaints, using the links below.

http://forums.zonealarm.com/showthread.php?t=75332
http://www.mywot.com/en/forum/7689--zone-alarm-warn-or-spam
http://today24news.com/offbeat/zeus-zbot-aoaq-a-big-treat-174395

Until CheckPoint stops this kind of tactic, I'd urge you stay away from them (harsh? possibly, but it's likely the only way they'll learn).

1 comment:

nico said...

Hallo Steven,

Yesterday I informed Martin Brinkmann (ghacks.net) of this stupid tactic of ZoneAlarm.
Lots of people have already uninstalled their program...
See: here

Regards, Nico.