Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

ZoneAlarm Pro misidentifies Yahoo Messenger as a Trojan...again

By Scott M. Fulton, III, BetaNews

June 11, 2008, 2:55 PM

It's getting more difficult to keep track of the various stages and permutations of malware, whose definition has expanded to mean "anything you didn't ask for and don't want running." But since when did Yahoo IM become malware?

It's no secret that a lot of our Windows-based production systems, and even some of our virtual ones, run ZoneAlarm Pro. There are a lot of software-based firewalls available now, but for the most part, we've been able to trust ZoneAlarm, even now that its originators have been absorbed into Check Point Software Technologies.

True, we've had bits and pieces of trouble with ZoneAlarm over the years, most notably its strange inability to correctly identify the auto-updating agent in Sophos Anti-Virus, and to lock it out from Internet access instead. Yesterday, we noticed ZoneAlarm Pro's anti-malware scanner detecting what appeared to be a Trojan, on a system we usually trust to be quite clean. ZAP identified it as a known piece of malware dubbed Win32.Trojan.Yspy.

The Detail breakdown identifies the file in question as yacscom.dll, installed in the Yahoo Messenger directory. Indeed, the file is actually part of Yahoo Messenger itself -- specifically, the audio conferencing ActiveX control for the IM client, a critical component. In BetaNews tests, we noted ZoneAlarm Pro identified that ActiveX control library for version 7 and version 8.1 of Yahoo Messenger.

ZoneAlarm Pro's anti-malware scan misidentifies a Yahoo Messenger-based ActiveX control as malware.

In an ongoing thread on Check Point's malware discussion board, ZoneAlarm Pro users are also noticing what they are coming to recognize as a "false positive." One user reports having noticed this behavior at least once before, perhaps exactly one year ago, with regard to the same two products.

Meanwhile, other security vendors are cataloguing yacscom.dll as malware, most likely because ZoneAlarm Pro already does.

Curiously though, a question posed by a user to one of Yahoo's own message threads was responded to by a regular contributor who wrote, "False-positive detections are the anti-malware industry's dirty little secret. They happen a lot."

But the contributor went on to suggest that, rather than have ZoneAlarm Pro delete the suspect file automatically, the user should instead have kept the file under quarantine, submitted the filename to Check Point for further analysis, and then deleted it after a few months if he didn't notice anything peculiar. The contributor may have been interested to know the file belongs to the company to which he contributes.

Add a Comment (18 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By mjm01010101

posted Jun 12, 2008 - 12:03 PM

These firewalls that selectively block outgoing traffic are amongst the worst software I've encountered. If the user isn't intelligent enough to know what they installed, how can they possibly be intelligent enough to know what to allow or what not to allow?

Score: 0

By foxfyre

edited Jun 12, 2008 - 4:52 PM

As if many know what is being transmitted and by what! And certainly don't look to the WINDOWS OS, networking admin tools or ZoneAlarm to help you!

What would instead be nice is a monitor whereby one could be made aware of just what is being sent by what application/utility so that actions could be taken then or in the future based upon actual knowledge rather than simply assumptions or hunches. For instance, how many programs do not actively attempt to check for updates?

Instead of a tool that tries to do all and not bother to include the user in the knowledge of what is actually happening in the system, let alone to include their input in the management loop, it would be nice to see a tool that actually performs a function that can assist in educating and assisting the user in making the INFORMED choices.

ZoneAlarm fails miserably in this regard.

Score: 0

By atriusNY

posted Jun 12, 2008 - 11:21 AM

I wonder if people still use yahoo messenger outside the US.

Score: 0

By foxfyre

posted Jun 12, 2008 - 4:50 PM

?????????????

Its dominant. More than ICQ and Skype - even despite Skype's encryption.

Score: 0

By pforbes

posted Jun 12, 2008 - 8:24 AM

IMO ZA is right. Bravo!

Score: 0

By marians

posted Jun 12, 2008 - 3:08 AM

I used ZA for about a year. I didn't like the way it worked and the way it "evolved" with each new update. I switched to Comodo Firewall and never looked back. I'm only sorry I haven't found that piece of jewelry earlier.

As for YM... I keep asking everybody I know to choose Pidgin or Adium in case they need to "talk" on Yahoo's network. I never trusted any of the YM versions and that is never going to change. Not that I like the others too much ;-)

Anyway in this particular case my suggestion is to get rid of both ZA and YM.

Score: 0

By TarrantM

posted Jun 12, 2008 - 8:55 AM

Another nice alternative to Pidgin (I used it until I had issues running it under Vista x64), is meebo (meebo.com) since it just runs in a tab in Firefox or a separate Firefox window and it's portable in the sense that I can log into it from any computer and have all my contacts right there.

Score: 0

By billstelling

posted Jun 11, 2008 - 9:30 PM

yahoo is a virus. they just try to make it seem like its not. they try to get the same kind of info alot of other malware does. yahoo was always about tracking what you do so they can make money off you. its a big scam and most dont see it. its all about the money...

Score: 0

By shicaca

posted Jun 11, 2008 - 8:36 PM

malware, whose definition has expanded to mean "anything you didn't ask for and don't want running."

...

It detected Yahoo IM? I think that qualifies for the above definition.

Score: 0

By uberfly

posted Jun 11, 2008 - 7:43 PM

Wow, must be a slow news day.

Score: 0

By kprovance

posted Jun 11, 2008 - 5:50 PM

I'm curious. Since you chaps don't prefer ZA, what firewall software do you prefer?

Score: 0

By sjc001

posted Jun 11, 2008 - 7:09 PM

I have a hardware firewall now.

Score: 0

By Accident

posted Jun 11, 2008 - 6:14 PM

I use Comodo Firewall, its one of the best on the market for free. http://www.personalfirewall.comodo.com/

Score: 0

By skimore

posted Jun 11, 2008 - 4:03 PM

Zonealarm is crap.. but so is Yahoo messenger/download manager/toolbar and all the other items they install to monitor what you surf!!

Score: 0

By foxfyre

edited Jun 11, 2008 - 3:46 PM

What is new about this?

ZoneAlarm also blocks Yahoo Messenger and neither they nor Yahoo has addressed this f$%#up in the last 3 years as their oxymoronic (emphasis on moronic) customer service departments point at each other!

What started as a good product has turned into a nightmare.

And just wait until it starts to scan and sucks up resources and fails to release them as in a memory leak. It became an art form in itself just learning how to kill the stupid program!

Score: 0

By sjc001

posted Jun 11, 2008 - 3:37 PM

I wouldn't use Zonealarm even if they paid me to use it.

Score: 0

By shicaca

posted Jun 11, 2008 - 8:37 PM

I used it a long time ago and realized how much the program blowed ... it's quite possibly more annoying that the Vista popups.

Score: 0

By daq

posted Jun 11, 2008 - 6:48 PM

agree 100%

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue