That is not a functional part of the software though, it is a functional part of your business. The software would run just the same if there was no adware in the installer.
Whether it's OC or DevExpress or Infragistics or whatever, they all just seem like components to me. They all have a purpose. Saying that it's not a functional part of the software is only expressing an opinion on what level of utility one perceives in it.
To be the Devil's Advocate:
* Help files aren't a functional part of software because they describe the software. i.e. Descriptions are not functions.
* Playlists in my MP3 player aren't a functional part of the player because I don't use them, and get no value out of them.
* Graphic embellishments and decorations that make a program look nice aren't functional parts of the program because they don't "do" anything.
* A GUI is not a functional part of the software because anything that you can do through a GUI can be done through a command line. (Oh god... can you imagine how difficult some software would be with no GUI? Nightmarish...)
While some of those may seem utterly silly, they are just following down that slippery slope to one degree or another.
Basically, it boils down to whether or not you "like" or "want" or "use" some set of functionality.
...there is a difference between components used in software, and adware bundled with it.
The word "bundle" is interesting as it can mean a few things. I think that we'd all agree that "bundle" implies packaging together several discrete pieces of software that do not interact with each other in any meaningful way, and that those pieces of software are not related in the way that a piece of software is related to a component/library.
I don't think that "adware" is really relevant. Whether you're bundling a toolbar, or a browser, or a pro version, or a related product, or a 3rd party product, or whatever, a bundle is a bundle.
What I'm NOT clear on though, is whether or not facilitating a download and installation constitues "bundling".
For example, say you download the ACME Web Browser. They bundle in the ACME Browser Switcher toolbar for other browsers that lets you seamlessly switch from another browser into the ACME Web Browser. So that's a bundle... But, if they also include an option in the installer for you to download and install the ACME MP3 Player, then is that bundled? It's not "in" the installer, and you have to download it still... I'm thinking that I'd have to say "no" for traditional standalone installers, and that the question then moves on to what constitues a bundle in a connected world with web installers... There I think I'd have to say "yes".
Also, just for the record, writing good signatures for malware is not as easy as it may seem .
I'm quite certain writing signatures for malware is very difficult.
But we don't excuse doctors for killing people on the operating table because they misdiagnosed a cough for brain cancer. Oh... Ooops... Yes we do. But whatever.
It seems to me that labeling an innocent piece of software as malware is libelous. http://en.wikipedia.org/wiki/Defamation
Defamation—also called calumny, vilification, traducement, slander (for transitory statements), and libel (for written, broadcast, or otherwise published words)—is the communication of a statement that makes a claim, expressly stated or implied to be factual, that may give an individual, business, product, group, government, or nation a negative image. It is usually a requirement that this claim be false and that the publication is communicated to someone other than the person defamed (the claimant).
To prove libel:
The person first must prove that the statement was false.
Second, that person must prove that the statement caused harm.
Third, they must prove that the statement was made without adequate research into the truthfulness of the statement.
In the context of db90h's definition of false positive, these conditions are all met.
1) By definition, this is satisfied (false positive).
2) Again, this is trivially true.
3) It is well known that signatures can have multiple matches, so making a claim without verification satisfies this condition.
I suppose that I'm surprised that the AV companies haven't been sued more, because they're obviously guilty. If they have, I'm unaware of those suits.
The purpose of this project is to identify and address the issues of false positives. It is not to identify and address issues with misclassifications. We are going to stay focused on false positives. We are not going to address misclassifications unless a website is misclassified as containing something it does not.
I think the general issue would be better served by a less highly-focused approach to the technical side of signatures with multiple matches. But I suppose you do what you can.
For the record -- No offense take here. This is just a case of two different understandings of what "false positive" means.
Which is a general problem in a lot of discussions. And especially with acronyms... Quite often my eyes just glaze over when reading some materials where an author starts off using some acronym and never expands it for clarity.