False positives are a plague for small developers
In the last few weeks some antiviruses detected one of my well-known softwares (VirtualMIDISynth) as malicious.
Theese detections are false positive because:
- I wrote that software and I've built its setup, so I know what I've put inside it
- I don't like malware/adware/badware too
- I don't like to associate my name to something bad
That said, what other arguments I have to support the statements above, other that my own word? Sadly, almost none!
False positives are a plague for small/independent developers like me.
I use VirusTotal to check my products with more than one AV in a shot; that's good because I can publish a link together with the download link to show its safety.
This will also indicate that I'm on the "honest" side.
But what if 1 of the 55 of the AV products featured by VirusTotal (at the time of writing) mark my file as suspicious?
I can say it's a false positive, because of my statements below and - also - because 1/55 is a clear indication of something wrong (or really really new ;)).
But I won't expect people believe me (I wouldn't if I were them).
So should I dedicate part of my (few) spare time to contact AV vendors, send them samples to analyze and wait for them to remove from their databases?
Well, I did it in the past but it was a tedious task with unpredictable results:
- each AV vendor has its own procedure to send binary samples
- some of them requires registration
- some others require to have their AV installed and registered to send the false positive through it
Let me show a real example: VirtualMIDISynth 1.7.1 was released on May 24, 2016.
It was downloaded thousands of times without any issue then, on June 5, it was marked as suspicious by Baidu antivirus.
I've sent a false positive report to them asking the removal and, after a few days, it was removed.
So far so good, but after some days it got back again as false positive, from the same AV and another one.
What now? Should I send them another (the same) sample again and again? What if another AV jumps in?
It will quickly become a nightmare...
Obviously AV vendors don't give any clue to developers on what's wrong with the file marked as suspicious, otherwise bad guys could better hide their (real) malware.
Big software companies have time, AV agreements (and lawyers) to avoid their binaries being marked as false positives: that's good because nobody likes a zealous AV mark a system file as dangerous.
But what about small ones like me? What am I supposed to do?
The answer is, sadly again, simple: nothing.
I prefer to dedicate my (few) spare time to add features to my software instead of fixing AVs databases ;)
PS: if you believe me (and VirusTotal reports) and your AV is the only one reporting one of CoolSoft products as bad, please help me by sending false positive reports to your AV vendor.
PS2: if you know a website I could use to easily send false-positive reports to AV vendors, please let me know in the comments below.
Thanks for your comprehension and enjoy CoolSoft.
- .NET Framework
- WEB / PHP
- Translate software
Click here if you want to support CoolSoft: