A client wrote in after ordering a new web site, setting it up, and getting ready to launch – and who was baffled that his site got a big, hairy yellow alert from Zone Alarm.
See actual big, hairy yellow alert.
While it says that the site isn’t known Malware or spam or virus, and while it says its in the US, its also a big, hairy, nasty yellow alert as if the site you are about to visit is a big, nasty site that you don’t want to visit.
We’re not sure how recently Zone Alarm chose to do this, and a search in their support area showed no information about why they would do this on a new site (or even that they do), but a dig through their forum does show an official answer that Zone Alarm will alert on all sites, without exception, if they have been registered less than three months from the date of the visit, and there is absolutely no way for web site owners to get the alert off their site until that 3 month time period passes by.
This is the official answer from the Zone Alarm Forum moderator:
In this case and ANY website that’s reported like this our software is working as designed and there is NOTHING that can be done to change it.
Its the fact the website if 3 month or newer.
Its the unfortunate fact that hackers put up thousands of sites a day for malicious reasons so we rate any new website like this.
We don’t have the staff to evaluate every new website in the world daily.
So we go with just telling you the website is 3 months old or newer and let the person surfing make a decision to go to that website or not.
We never say there is a definite threat on the website.
and you can find this answer posted as the last entry in this thread on the Zone Alarm forum.
Normally, we don’t blog in the middle of the night, but since the forum thread is fairly recent, we surmise that this aspect of the software is fairly recent as well or the question would have come up sooner. This also seems like a fairly serious new step for a security company to take that can seriously confuse people and have an adverse affect on newly launched web sites and e-commerce endeavors. This is something people should be aware of when planning any new web site or registering or changing a new domain name.
Obviously, by not completely outlining the issue in the warning, by throwing a red herring in there by implying its a security certificate even on sites that don’t even use SSL Certs, and by casting a blanket suspicion and warning on all new sites, this has a huge potential to make people seriously suspicious and (especially if its their own brand new site) incredibly confused.
It also will likely backlash onto hosting companies because people will go to their web hosting company if they use Zone Alarm and Zone Alarm says there is a problem with the site itself, and since its already happened to us we felt we needed to address it immediately.
If Zone Alarm was going to choose to do this, it would have been nice if they provided documentation regarding the warning and an explanation of what it means that didn’t panic or confuse people. The decision to cast suspicion on any new site less than 3 months old has more implications than I believe they truly thought through.
But of course, since the hosting companies would get the support tickets, I imagine they didn’t much take that one into consideration. 🙂