Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 04, 2016, 02:22:07 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: antivirus false postives - let's do someting about it  (Read 4591 times)

vlastimil

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 308
    • View Profile
    • Donate to Member
antivirus false postives - let's do someting about it
« on: October 06, 2010, 05:45:33 PM »
Hi all,

I know it has been discussed here before - this problems with antivirus application (especially Norton Antivirus) are taking wild guesses and reporting problems that aren't there to users. Using pretty scary words like "malicious". And the users freak out. Block, Delete, Go away.

What happens? The user perceives the antivirus as their savior and the antivirus reputation goes up. They perceive the author of the accused software as a villain and are likely to never ever look at their software again. Some users, if they like the new application, decide to write to the author an email giving them a chance to explain it. But how many people would bother? It makes me angry each time I get such an email.

Let's do something about it

In my country it is illegal to hurt someone's business or good name by spreading lies and slander about them. In my opinion, this is exactly that. I am no lawyer, but I have no doubt these false antivirus reports have hurt honest people and caused monetary losses to commercial software authors or hurt the good name or brand of freeware authors.

I tried to communicate with Symantec in the past, but failed. They are not interested in this kind of talk, I did no even get an answer to my complaint. I am a small fish...

But if enough people join and cooperate, things can change. Let's start a facebook group or whatever is popular right now. Is there someone willing to lead? I'd like to participate!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #1 on: October 06, 2010, 06:16:46 PM »
I agree with you, and had a specific idea that i'd like to get up and running by the end of the year:
http://www.donationc...ex.php?topic=20810.0

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #2 on: October 06, 2010, 08:08:48 PM »
If anyone wants to take the bull by the horns, I've got some domain names that I've wanted to do something with, but just don't have the time:

false-positive.com
scareware.net
scareware.org

They're all very appropriate.

In other news... Grrr... I installed the free version of AVG on my new box... It's more like malware now than ever. Pisses me off. I don't want a trillion f**king pieces of s**tware installed all over my computer... No. I don't want YET ANOTHER f**king toolbar... No. I don't want to change my f**king search page. No. I don't want to change my f**king about:blank page to f**king Yahoo s**t. F**K OFF! No. I don't want your f**king firewall. No... No. NO!

Grrr...

You may be able to tell that I'm a bit ticked. I think I need to try something else. I just hope that I can uninstall all the s**t it put on my computer.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,367
    • View Profile
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #3 on: October 06, 2010, 08:27:19 PM »
Pisses me off. I don't want a trillion f**king pieces of s**tware installed all over my computer... No. I don't want YET ANOTHER f**king toolbar... No. I don't want to change my f**king search page. No. I don't want to change my f**king about:blank page to f**king Yahoo s**t. F**K OFF! No. I don't want your f**king firewall. No... No. NO!
Yes, but apart from that how do you like it?  ;D

Glad to have the input because I was wondering about whether to try it.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #4 on: October 06, 2010, 08:33:15 PM »
Pisses me off. I don't want a trillion f**king pieces of s**tware installed all over my computer... No. I don't want YET ANOTHER f**king toolbar... No. I don't want to change my f**king search page. No. I don't want to change my f**king about:blank page to f**king Yahoo s**t. F**K OFF! No. I don't want your f**king firewall. No... No. NO!
Yes, but apart from that how do you like it?  ;D

Glad to have the input because I was wondering about whether to try it.

It only gets worse.

After the pricks change my about:blank page, they have a link in it:

Quote
How to disable search on this page

Notice that the link is:

avg.com/ww.special-toolbar-how-to-disable-search-tlbrc

But it goes to:

avg.com.au/home/

The proper text should be something like this:

Quote
How to unf**k this page... PSYCH~! NOT~!

It's just adding insult to injury.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
« Last Edit: October 06, 2010, 08:35:08 PM by Renegade »

vlastimil

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 308
    • View Profile
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #5 on: October 07, 2010, 03:12:19 AM »
I agree with you, and had a specific idea that i'd like to get up and running by the end of the year:
http://www.donationc...ex.php?topic=20810.0

I read through the topic and sure I'll join any initiative that tries to address this topic. Though I do not think that guide and giving away a certificate is going to change the status quo. At least not in a foreseeable future.

The message must be simple and clear like "take responsibility", not "if you do what we propose, we give you our approval". I am sorry if that sounds aggressive or inconsiderate.

They have millions of users and big marketing budgets. We are just pissed off individuals without any organization or significant power. I would propose to only focus on building the community without any concrete plan of action. The only goal would be to get as many members as possible, spreading the message and then letting them know we are here, we are strong and we want a change.


----

@Renegade I empathize with you, suffering so much adware... Must be horrible. That's why I personally do not use any antivirus and I am happy. Up-to date Windows, non-mainstream browser, firewall, programmer's instincts & vmware for untrustworthy stuff is better than all the antivirus tools out there.
« Last Edit: October 07, 2010, 03:14:15 AM by vlastimil »

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #6 on: October 07, 2010, 05:12:32 AM »
AVG does not know how to survive in the world of Avast and MSE, both close to foolproof with regards to installation. If they do survive it will be because too many know too little.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #7 on: October 07, 2010, 07:57:10 AM »
I use an AVG server edition on a server, and it plays nicely. But that's commercial, paid, and not free. I've got Avast (free) on another computer, and it's quite nice. Never causes me any pain.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,120
    • View Profile
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #8 on: October 14, 2010, 09:48:03 PM »
I run AVG Personal and am satisfied with it.

I supplement with SpywareBlaster and SuperAntiSpyware.

___________

Sowing the seeds of a safer internet?
http://infoworld.com/d/security-central/sowing-the-seeds-safer-internet-441
« Last Edit: October 14, 2010, 09:49:59 PM by kyrathaba »

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #9 on: October 15, 2010, 09:45:49 AM »
Sure you are if it makes you feel safer. But if you are also satisfied with their installation process you have gotten used to too much ;) Avast sucks a bit as well because of web-shield which they should keep for "Pro"/paid versions, web-shield is the one component which can cause problems. Installation pretty clean with or without. AVG is just worse in every way.

mrainey

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 436
    • View Profile
    • Website
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #10 on: October 15, 2010, 10:08:14 AM »
For me, avast! is about as friendly and trouble-free as it gets.
Software For Metalworking
http://closetolerancesoftware.com

Stephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,129
    • View Profile
    • Donate to Member
Re: antivirus false postives - let's do someting about it
« Reply #11 on: October 16, 2010, 12:05:21 AM »
False positives are always a problem, and have always been around.

Even things as simple as a note's application can trigger an AV to go nuts and freeze your computer until it 'fixes it'

Norton is the worst for this.  Dunno about recently, but the versins I used in the past sometimes got a little confused and deleted hugely important files.  One time deleting the entire System32 folder, casing obvious problems, and another time it tryed to quarentine the whole Windows folder (Directly after a fresh format, and installing AV from official CD)...so nothing bad could have possibly been on the system...except the obvious...Norton

AV companies don't care about these problems, and in fact, most of the time, quite useful tools to have, just a shame that if you have made your own DLL's and they don't recognise them, or the coding is slightly odd, but safe, it will jump on them and call them MALICIOUS or TROJAN or KEYLOGGER...even if the file is actually part of the splash screen loading procedure...stupid imho

**edit below**

Just been searching randomly through really old posts, and found this:

Hi Folks,

  In notice there is another recent thread about false positives, and it has really jumped to the forefront of difficulties.  I recently ran the A-squared free scanner and Malwarebytes, and had with A2 a rather interesting false positive situation.

(My Malwarebytes and Avira are pretty happy with my system, this was my first attempt with Malwarebytes and A2 - Malwarebytes lived up to promise, Wilder's folks generally speak quite highly of the scan, and MB's findings were neatly confirmed by Avira, which popped up when MB hit its files .. I barely knew I had memory-resident scanning on from Avira.)

  All the information (which you might find boring or interesting) can be found through this thread on EMSI, which links to my earlier thread on Gladiator, which is simply 3 posts of mine.

http://forum.emsisof...p;m=28183&#28183
Trace.File.SpyPc 8.0 - Trace.Registry.SpyPc 8.0 (look like false positives)

  There seems to be a type of institutional ossification so that these companies - even the better ones like Emsi - do not know how to get false positives out of their system on the less-publicized cases. They look at each file in an atomistic analysis level, not caring about where it came from, how it is used, the history etc.  Not thinking it through.

   Incidentally I had to develop my technique for finding the source of the file, which some here might find interesting.  Using file properties, you find when it was installed on your system, then searching (I searched folder creation dates in Total Commander) you can often find out when and where a file came on your system.  It might be nice to have a  program that helps with such issues more directly (if you use a snapshot installer it might be a start) but in the real-world my method probably will work in many cases.  I never did check if registry entries are similar date-stamped.

   Oh, I had to puzzle around a little bit on how to search, it seems like the search programs often do not work files based on placed-on-system date (whatever they call it, it is not the file creation date). That is why I switched to folder searching, then looked at individual files .. while I would have preferred a file search.

   Incidentally, all this does not mean that we are unaware about problems like .dll-injection - you can't always tell just by the name of a file, one reason the executable protector programs are an interesting realm of protection .. most of all,  know your own system reasonably well.

  Oh, another point of special interest.  After I traced down the file origin (totally legitimate) I found a McAfee (!) confirmation that this program installs this file.

http://www.siteadvis...m/downloads/8652414/
PC Inspector task manager 3.00.000 (pci_uk_taskmanager.exe)

  Which makes me want to look around at the McAfee logs of programs I am thinking of installing. In general, if they have done this for the program. Do others do similar logs ? Dunno.
 
Shalom,
Steven Avery

That was posted: April 04, 2009
« Last Edit: October 16, 2010, 12:46:50 AM by Stephen66515 »