Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Bug Programming

Are AV False Positives Hurting You? 97

Posted by Cliff from the this-code-is-not-a-virus dept.
Gerald asks: "After the most recent Wireshark release a certain AV vendor's product started warning users that the installer contained adware. Since then, I've spent several hours verifying this isn't the case, trying to get the AV vendor to fix their stuff, and reassuring affected users that we do not ship adware with our product. Unfortunately, this isn't an isolated case. I've had to do this several times over the past few years, and each incident uses up time that could have been better spent elsewhere. It's even worse for other projects. If you produce software, have you ever suffered collateral damage from AV false positives?"
This discussion has been archived. No new comments can be posted.

Are AV False Positives Hurting You? More

Are AV False Positives Hurting You?

Comments Filter:

  • Yes, with Avira AntiVir (Score:3, Insightful)

    by Lonewolf666 ( 259450 ) on Monday February 12, 2007 @05:27PM (#17988380)
    Avira AntiVir complains about one of our old DOS tools. Not a serious problem, as we don't release this particular executable, but annoying.
    Avira AntiVir also complains about some other files I'm pretty sure are harmless... maybe I need another scanner :-(

  • Danger Approaches (Score:5, Insightful)

    by 99BottlesOfBeerInMyF ( 813746 ) on Monday February 12, 2007 @05:38PM (#17988550)

    Right now, an antivirus company may list your software as adware because it matches some other software's behavior too closely or because your software was mistakenly classified as adware. Other malware detection systems may even start to classify your software incorrectly, taking their cue from their peer. So what can you do? You can write to the antivirus company(s) and ask them to fix their signatures. You can complain on forums and the like, especially informing your users that the antivirus is defective, hurting the reputation of that company and possibly driving users to better coded alternatives. This is far from ideal, but it could be worse.

    MS has included and antivirus solution (defender) with Windows Vista. Since it is bundled with Vista and everyone who buys a new computer will find Vista pre-installed and with it Defender and they will have already paid for it by the time they find out about it, Defender will almost certainly become the most widespread solution, possibly completely taking over the home market, regardless of how good it is (failed to be certified due to too many incorrect classifications). This means within the next few years, it may be only one company you have to go to to get the signature fixed. That's the good news. The bad news is that they won't have any reason to respond quickly and won't have any motivation to not have false positive and negatives since they get paid when Windows is purchased and even if users abandon it and buy something else, they don't lose any money.

    Now I'm not entirely opposed to MS providing a free anti-virus solution, but to comply with the law they have to bend over backwards to provide other companies the same access so as not to destroy the competitive market and create another situation like IE where the worst solution on the market is paid for and used by 80% of the populace and the state of technology advances only at a snail's pace.

    From what I've seen, MS has not done that, so you can look forward to more false positives in the future with less chance of those classifications ever being corrected.

  • I'll never forget... (Score:4, Insightful)

    by spywhere ( 824072 ) on Monday February 12, 2007 @06:55PM (#17989562)
    On or about October 16, 2004, while I was driving home, the Help Desk where I was alpha geek received a virus report. The senior tech had to delete a bunch of files, including Excel.exe, before the machine would stop reporting infections. By the time she finished, it barely ran (and was later re-imaged).
    I went in early the next day, and more reports started trickling in right away. I went to one of the first computers, and found that McAfee was reporting Excel.exe and other key files were infected even on the CD. By the time I got back to the desk, they were swamped with calls. As yet, there was no information on the McAfee site about the new virus.

    I went into a room with the CIO and other execs, where they started making plans to shut down the WAN and unplug the local switches... and I spoke up: "I don't think this is a virus."
    They looked at me like I was crazy, and shooed me out of the room.
    I refreshed the page on the McAfee site, and they had just posted information about a "false positive caused by new definitions combined with the outdated, no-longer-supported engine version 4.xxx." I printed that page, and burst back into the emergency meeting. The planning changed to updating the McAfee clients in bulk and fixing the PCs.

    Later that evening, after a grueling day of remote Office reinstallations, the CIO came to me and said, "Do you have any idea what a huge disaster this would have been if you hadn't figured this out?"
    I calmly replied, "You're not paying me to fail."

    A few months later, I got a $500 bonus (less taxes) in my check.

  • Re:I'll never forget... (Score:4, Insightful)

    by /dev/trash ( 182850 ) on Monday February 12, 2007 @09:55PM (#17991680) Homepage Journal
    500 bucks? A lousy 500 bucks?

Slashdot Top Deals

One way to make your old car run better is to look up the price of a new model.

Close