Tuesday, January 21, 2020

It is time that Antivirus companies acted more responsible with their false detections/false positives.

Many software developers experience false positive detections with their software product that they have spent a great deal of time creating. Most new software created shares a very small function that has a digital signature similar to some malware in the wild. Virus Scanners will assume that it an updated version of that malware and flag your entire project as a virus. Then thru VirusTotal.com, this detection gets automatically forwarded to over 70 security companies. Depending on how much coffee the developers of those security companies had that day, they might add this false detection to their antivirus definitions. This is a very common thing to happen.

False positives are profitable to antivirus companies because it looks like the scanner is saving the day and it might convince someone to purchase a subscription to their service. It is a terrible thing for developers to deal with a loss to their online reputation because of a false positive. Your customers see a false detection and their antivirus software deletes it faster than it can be installed.

All antivirus companies have a "report file as false positive" web form on their website. They will fix the false positive with your software once you submit it within 72 hours most of the time. McAfee is the only security software that I am aware of that does not have this form. Instead, you must password protect a .ZIP file with your false positive and send it in an email. Most free email services like Gmail do not allow sending .EXE even in password protected .ZIP files.

There needs to be a standard way to make Antivirus Companies more responsible for their damage to software developers. We can start with requiring them to add a "Report detection as a false positive" button on any screen that is accusing a software program of being malware. Antivirus companies are smart people and they can figure out a way to prevent this button from being abused for spam. Why should a single software developer work all day like anyone else then have to report their software as "CLEAN false positive" to over 70 antivirus companies every few weeks?

VirusTotal is the engine that is starting up many new Antivirus Companies every month. Watch the numbers grow. What other industry has soo many competitors? No one is going to trust these new antivirus companies for the protection of their PC individually. By forwarding any detection to every AV company on the list, new AV barely need to do any research to have a product. I have contacted VirusTotal.com multiple times in past years to make a centralized WHITELIST feature or an option to send files as a false positive to save software developers the time. They are not interested and will ignore your email after the first generic reply.

Is anyone sick of their antivirus crying wolf?



Submitted January 21, 2020 at 06:31PM by MicroChucks https://ift.tt/38pdRaK via TikTokTikk

No comments:

Post a Comment