Zone Alarm Firewall Free

Discussion in 'other firewalls' started by jpcummins, May 19, 2014.

Thread Status:
Not open for further replies.
  1. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    I downloaded the most recent version of Zone Alarm Free, zafwSetupWeb_131_211_000.exe, and one of the scanners in VirusTotal, ESET-NOD32, detected the malware Win32/Toolbar.Conduit. Now I am reluctant to install the new version. Anyone else experience this and if so what did you do. If you care to share I would appreciate it very much and as always I will appreciate all replies.

    John
     
  2. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    yeah there are pup and adwares and bundles are found in many legit softwares now. Some are very sneaky that even they by-pass "unchecky" sometimes as I noticed with panda cloud antivirus pro. It wasn't like this in the past. Only hacked or fake, etc. apps would carry malwares and legit apps were safe. Now alot do that.
     
  3. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    Use it until it does something even harder to take ,like a slow load time or a BSOD or websites taking for ever to load even though you have not installed a web filter from zone alarm :)
    It will ask by itself to get uninstalled sooner or later :)
    Make sure you tight the server like rules before usage ,some are to lax by default.
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    It's not a malware detection, but a PUA (Potentially unwanted application) detection. It's an optional detection category in the product.
     
  6. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    LOL you know that's not true fax :D. The PUA's is the problem here not Zonealarm the Company. And Zonealarm wouldn't have this issue if they wouldn't have started with the PUA bundles in the first place. Still the file shouldn't be detected if all PUA traces have been removed.

    Just send the file(s) to ESET for reclassification and this will be taken care of.
     
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    To find a conduit toolbar in ZA you need to go back to around 2010/2011... four years have passed since then. How it is possible that 2014 ZA installers are still recognised as conduit? Someone must have added a signature to them as this seems not a heuristic detection... i.e. someone is adding to whatever is checkpoint/ZA digitally signed a conduit flag without even checking... not professional to say the least ;)
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    It's impossible for me to know what triggers the detection, no it's most likely not a Heur detection. Yes if every PUA bit have been removed then we can agree on that it shouldn't be detected. :thumb:
     
    Last edited: May 20, 2014
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    From the OP post it seems it's detected on the installer directly. It's interest to note that ESET is the only one in virustotal that makes this detection. So, pretty easy conclusions... Moreover considering that Conduit is widely detected by AV's. :)
     
  10. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    For the love of God can t we just have a FREE Zone Alarm firewall version FREE of such stuff.Put some banners with the ZA paid inside the firewall window for us to buy,no problem ,but make this firewall FREE for real.
    I simply don t understand the purpose of this stuff PUPs adware that they added into this security software.
    Eset is not the most credible/useful antivirus software in my book ,but there must be something in there triggering the detection.
     
  11. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    The new Zone Alarm Free Firewall version I downloaded required me to change my home and search pages. I don't want to do this; I know I could change them to get the program and then change back but I don't choose to do this either. I feel a program offered as free should be just that free it should not be free with conditions. Some people will say "hey it is free, get over it" and I appreciate their opinion but I will not be upgrading to the new version. Thanks to everyone who replied.

    John
     
  12. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hi John, What home and search page did the software want you to change to? I thought that kind of stuff was removed. That might explain why it still is detected by ESET, as those changes can be seen as potentially unwanted.
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Lol, already discussed here in the past, you can just "skip all" (down left on the screen)..... no need to accept the toolbar and changes to homepage
    Screenshot here: https://www.zonealarm.com/forums/sh...e-page-choices-to-install?p=296446#post296446

    Did you report the false positive to ESET? Probably not... :(
     
    Last edited: May 21, 2014
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Yes, of course... but thats not the detection by ESET --> They wrongly inform users that ZA is installing a conduit toolbar ;)
    On top they do the same on a stand-alone removal tool... i.e. on a software that does not install a thing.
     
  15. Aryeh Goretsky

    Aryeh Goretsky Security Expert

    Joined:
    Apr 4, 2006
    Posts:
    54
    Location:
    United States
    Hello,

    Can you send me a private message with a link to the download page or download link for the file? Thanks.

    Regards,

    Aryeh Goretsky

     
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    The specific web installer mentioned by OP is here:
    http://download.zonealarm.com/bin/free/1043_za/zafwSetupWeb_131_211_000.exe

    and here the removal tool:
    http://download.zonealarm.com/bin/free/support/download/clean.exe

    To date the ZA removal tool and all versions of ZA (web installers) are detected as Conduit toolbar by ESET. You can download all web installers from here:
    http://www.zonealarm.com/security/en-us/anti-virus-spyware-free-download.htm

    ESET is the only AV out of 52 antivirus products that makes this detection. I cannot check the full installers as the size is too large to be scanned on virustotal.

    Here below you find all installers:
    http://server.iad.liveperson.net/hc...&sg=0&st=694421&documentid=345310&action=view

    Thank you in advance for fixing this.

    Thanks,
    Fax
    P:S. already reported all links to your "samples" email.
     
    Last edited: May 22, 2014
  17. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Issue is under investigation. Thank you for your report.

    Regards,

    Aryeh Goretsky
     
  18. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    This is not a false positive by ESET, but a correct detection of some software components developed by Conduit.

    Regards,

    Aryeh Goretsky
     
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    So, there is no Conduit toolbar installed by ZA, but you anyway tag it because you find a Conduit signature in it. Is this correct? If it is then your signature detection is just an excuse to tag a competitor product and make it look bad.

    And you are supposed to be a professional company? You know that you are the only one doing this, right? :argh:
     
    Last edited: May 26, 2014
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    The components may be developed by Conduit, but are they in effect a "potentially unwanted program" because of a toolbar, ad delivery system, or home page/search engine hijack, etc? Detection should imply a threat don't you think?
     
  21. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    It's a joke, they are there to remove Conduit in old versions... The toolbar is from another developer. They don't even care to check and rectify. On top, they detect as Conduit, the ZA removal tool, that fully “Remove“ (as per name) ZA. Lol. Finally, I am surprised about the general arrogant anti competitive attitude. Conduit is well know to users to be very persistent and with many negative review on the net therefore a good way to discredit a company and at the same time keeping away the competition ;). There is nothing wrong in saying, Sorry you are right we corrected the issue.
     
    Last edited: May 26, 2014
  22. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    FWIW.

    http://virusradar.com/en/glossary/pua
     
  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    You are missing the point... the point is that the detection is simply wrong and they do not fix it to damage another product. I would never go for a product that apply such low level tricks. I cannot imaging what they could do on the rest...

    For example the removal tool is up to today still detected as Conduit.toolbar! There is nothing installed by a removal tool... LOL
    This demonstrate that ESET tag any product having a ZA/checkpoint certificate as PUA. ;)
     
  24. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    ESET was never a profi company in my view and somehow i tend to believe fax this time ,even though it defends a buggy software vendor. :)

    On the other hand no antivirus vendor should black list or white list a product just because it comes form another specific vendor.

    When BitDefender was still tiny ,there were many other vendors that were detecting some updater exes as trojans droppers so i wouldn t loose nerves over this.
    Zone Alarm should just work and let you choose what to install and none will care about the ESET detection.
    They tend to detect PUP-s but they fail big time when there is the real need to block or disinfect a REAL virus :)Autoruns were doing whatever they liked some years ago on ESET "protected" machines.
     
  25. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Now if that is what you believe, then no matter what I say will change your opinion in this matter I guess.

    I do wonder, is there a reason why Zonealarm haven't removed those "Conduit components" that still is present in the software? If the partnership with them is over since a long time ago way back in 2011 as you say it doesn't make any sense keeping it in the software still today.

    If you want more specific details about what needs to be removed in order for the software to not be detected anymore I am sure ESET can help with that.

    Maybe Aryeh have more info to share.
     
Loading...
Thread Status:
Not open for further replies.