Check Point, a security company that offers various products to protect consumers and businesses, is imitating the tactics of fake antimalware programs. Over the last few days, ZoneAlarm users have been receiving a warning from their security software that tells them they are not protected against a new piece of malware. The warning is titled a "Global Virus Alert," shows "Your PC may be in danger!" in bright red, and urges the user to "SEE THREAT DETAILS" and "GET PROTECTION." The prompt is very poorly designed: it looks a lot like malware masquerading as an antivirus (in fact, we would say that newer fake antimalware prompts are more believable than ZoneAlarm's warning).





The only thing saving Exhibit A from simply being a prettier Exhibit B is the branding: assuming you know your firewall is from ZoneAlarm, you might guess the prompt is actually legitimate. But why would your firewall issue a virus warning? The strategy is the same used by fake antimalware writers employ: warn users about a threat and suggest they download your solution to fix the problem.

It's really unfortunate that the designers of this prompt did not take the time to think about how their users might interpret it. Real antimalware software should never ever stoop to the level of fake antimalware software; taking marketing advice from malware writers completely undermines the advice tech-savvy users give their friends: ignore these types of messages.

ZoneAlarm's customers are enraged, calling the notification a scare tactic, and many of them have opted to uninstall the software. A thread on the company's forums has now been set as a Sticky, amassing 60 posts and over 27,000 views at the time of this writing.

"We thought we were being proactive with our virus message," a Check Point spokesperson told Ars. "After listening to consumer feedback, we realized that it was misinterpreted and have turned the pop-up message off... It was never our intent to lead customers to believe they have a virus on their computer. This was purely an informative message about a legitimate and serious virus that also included information about the differences in protection of various products, and how to get protection against it."

Let this be a lesson to all security companies: the marketing department should not be allowed to make security warning decisions.