Global Virus Alert! ZoneAlarm's scare tactics raise hackles

Check Point Software, the company behind the ZoneAlarm firewall products, draws a firestorm of criticism over scare advertising

Back in June, in my "Busted! FBI nails notorious scamware artists" post, I wrote about the FBI's efforts to bring indictments against three companies who used scare tactics to strong-arm PC users into buying rogue antimalware products.

You know the come-on: "Global Virus Alert! Whizmo Free removed 317 viruses from your computer, but there are 48 additional newly identified threats that steal banking passwords and financial account data. Whizmo Free provides basic protection, but these new threats require additional security." Ominous buttons allow you to "See threat details" or "Get protection."

[ Take control of your security destiny with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Check Point Software Technologies, purveyor of the popular ZoneAlarm Internet Security Suite, has copied a chilling page from the scum it claims to fight. Hundreds of ZoneAlarm customers report that they've been presented with a warning dialog that claims, "Global Virus Alert / Your PC may be in danger!... Threat Name: ZeuS.Zbot.aoaq ... is a new Trojan virus that steals banking passwords and financial account data. Your ZoneAlarm Free Firewall provides basic protection, but this new threat requires additional security."

In a nice extra touch, the warning dialog sports just two buttons: "See threat details" and "Get protection."

Make no mistake about it: ZeuS.Zbot is a very real threat. It's just that -- uh oh -- Check Point's product didn't actually find ZeuS.Zbot on the flagged machine. It's just warning you that you might have ZeuS.Zbot at some point in the future, and that you need to pony up to the bar and pay for protection in case ZeuS should ever darken your door and start tossing bank account information through your compromised firewall. See the difference?

More to the point, ZoneAlarm doesn't check to see if you're running an antivirus product, much less verify if the antivirus product detects ZeuS. The program doesn't care if you're infected with ZeuS.Zbot, or if you have protection in place. It just wants to sell you an upgrade to the firewall that may or may not detect future ZeuS.Zbot variants' activities -- some day.

Makes me wonder what they teach in marketing classes these days.

In an apparent attempt to justify the gaffe, the official ZoneAlarm Twitter account spewed this pablum: "As a security vendor, we proactively let our customers know about newly discovered viruses so their PCs stay protected." As is the nature of Twitter, it's hard to attribute that statement to an individual within the Check Point organization, but my guess is that the individual(s) responsible are currently checking for cheap flights to Outer Mongolia.

Check Point's customers have inundated the ZoneAlarm forums with complaints. Corporate response has been, shall we say, less than stellar. The stock (NASDQ:CHKPT) has been on a roller-coaster ride this past month, losing 1.29 percent on Friday.

Security industry observer and curmudgeon Rob Rosenberger puts it this way: "[Check Point] must first decide if they analyze scareware tactics only for their customers' benefit -- or if they now also analyze it for their marketing team's benefit."

This article, "Global Virus Alert! ZoneAlarm's scare tactics raise hackles," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.


Copyright © 2010 IDG Communications, Inc.