topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 3:12 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: The False Positive and Improperly Rated Site Epidemic  (Read 44129 times)

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #25 on: September 24, 2011, 05:03 AM »
I think this is a really good idea, and I sincerely hope you manage to get the security companies interested and involved.

Having to report false positives to each company individually, and hope that they all fix the error is horrible. Having a common place to publicly post is a much better solution, increasing transparency and helping security companies to address the issues.

I posted on the bitsum forum as well, and because I am a dinosaur I posted in the historical section as well ;D.

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #26 on: September 24, 2011, 10:29 AM »
I sure hope this anti-FP action will go well.  :up:

However, already been told that the thread will move to another domain, I am not inclined to register at Bitsum's, in order to upload a post or two. I think more people than me may have had a similar thought.


Thanks, and do not worry, all accounts and posts will be moved... we use SMF, so will the new forum.. easy migration. I indicated this, but it may have been missed (or not believed ;p).

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #27 on: September 24, 2011, 11:34 AM »
I sure hope this anti-FP action will go well.  :up:

However, already been told that the thread will move to another domain, I am not inclined to register at Bitsum's, in order to upload a post or two. I think more people than me may have had a similar thought.


Thanks, and do not worry, all accounts and posts will be moved... we use SMF, so will the new forum.. easy migration. I indicated this, but it may have been missed (or not believed ;p).

Was that what was happening? I saw 2 of my 3 posts were removed, so I got pissed at being censored, deleted my remaining post and deleted my account.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #28 on: September 24, 2011, 11:39 AM »
Was that what was happening? I saw 2 of my 3 posts were removed, so I got pissed at being censored, deleted my remaining post and deleted my account.

I was informed the company we were discussing (Open Candy) likes to sue people. I got freaked out, removed the posts. Sorry... The new policy is: NO DISCUSSION OF BUNDLED PRODUCTS.

If you don't want the false positive, don't bundle with that software. You CHOSE to bundle with that software.

I do not mean to be harsh, I just have to set some limits. There are more egregious and clear examples of harm. Mentioning FPs with bundled software just confuses the issue and defeats our purpose.

Anyway, the site is under new management now and being moved as we speak, so maybe you can talk them into allowing it.. I no longer am in control.

OTHERS: Would you agree this is a reasonable policy? If we allow BORDERLINE cases, or cases of debate.. then we confuse the whole issue and defeat the purpose. I personally consider all bundles deceptive as they rely on those users who accidentally miss the checkbox. I, personally, don't want the bundled crap, and imagine others feel the same. Can someone back me up?

I mean NO OFFENSE.. but to get things done, we can NOT allow borderline cases like this.

I had a LONG discussion about this... this nearly destroyed the entire effort. If we allow these type cases, it would. Besides, since Open Candy, according to my sources that may or may not be accurate, sues everybody who calls them a threat, they can hold their own. I am NOT saying they are a threat, in face they are NOT a threat in most, if not all, cases. Since they have different bundles, I can't speak for all of them though.
« Last Edit: September 24, 2011, 12:11 PM by db90h »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #29 on: September 24, 2011, 11:58 AM »
Was that what was happening? I saw 2 of my 3 posts were removed, so I got pissed at being censored, deleted my remaining post and deleted my account.

I was informed the company we were discussing (Open Candy) likes to sue people. I got freaked out, removed the posts. Sorry... The new policy is: NO DISCUSSION OF BUNDLED PRODUCTS.

If you don't want the false positive, don't bundle with that software. You CHOSE to bundle with that software.

I do not mean to be harsh, I just have to set some limits. There are more egregious and clear examples of harm. Mentioning FPs with bundled software just confuses the issue and defeats our purpose.

Anyway, the site is under new management now and being moved as we speak, so maybe you can talk them into allowing it.. I no longer am in control.

OTHERS: Would you agree this is a reasonable policy? If we allow BORDERLINE cases, or cases of debate.. then we confuse the whole issue and defeat the purpose. I personally consider all bundles deceptive as they rely on those users who accidentally miss the checkbox. I, personally, don't want the bundled crap, and imagine others feel the same. Can someone back me up?

I mean NO OFFENSE.. but to get things done, we can NOT allow borderline cases like this.

I tend to agree on this, and here is another way of looking at it:

If you choose to bundle with anything, and your installers are getting flagged because of what you are bundling with, it's not your software that is triggering the false positive if there is one.

If it is not your software, then it's not your battle here. Your battle is with the company in which you are bundling their product.

If it is OpenCandy, you need to either cry to them about it or stop bundling their product.

If OpenCandy feels that it is a false positive, they can come and complain about it themselves, since it is their product that is getting flagged.

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #30 on: September 24, 2011, 12:12 PM »
BTW, thanks to your report ESET won't speak to me any longer.. that's the harm of introducing borderline cases, or bundle companies that may or may not sue people, into the mix. Again, since Open Candy has different bundles, I am not saying they are a threat at all. I just mean we can only show more clear cut examples. Consumers, in general, don't like bundles, and that would substantially lessen our support on that front as well.
« Last Edit: September 24, 2011, 12:33 PM by db90h »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #31 on: September 24, 2011, 12:33 PM »
I disagree- a false positive is a false positive, and I think that the suing nature of OC has come from the antagonistic relationship that has developed because of the lack of accountability for false positives.  And it is a false positive, and IMO unfair to blame that on Renegade's post.  And saying that the fact that a bundled software causes false positives is not in your ability to fight the battle is short sighted to say the least, especially since it's not their product in the end that's getting flagged, but the developer that includes it.

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #32 on: September 24, 2011, 12:34 PM »
I disagree- a false positive is a false positive

This is FALSE, because they detected OpenCandy as OpenCandy. It is a classification issue, which is different than a false positive. We can NOT get into classification debates, period.

Those who believe bundles are a non-deceitful practice are welcome to start their own site ... However, they will not be part of THIS site because we need only the most EGREGIOUS and CLEAR CUT examples of harm. I said it all above. I will not repeat further. Reference my explanation. We simply can not allow borderline cases, because the system would not work. I discussed and thought about this for a hell of a long time with security vendors, so do not tell me that it is short-sighted. I *KNOW* bundles help you pay you bills, but ... they are deceitful in nature, in my opinion, and considered 'borderline' cases. Even though the user can opt-out, since almost nobody wants the bundled software, the clear intent is to 'get' those few who miss the checkbox.

I understand they pay you $$$... so you bundle supporters will never agree with this, so I invite you to start your own site. Argue no more, because this policy WILL NOT CHANGE. Read my first post, I explain it quite clearly. If we allow borderline cases, the whole system degrades into nothing but debate about what is good and what isn't. Instead, we want a site that demonstrates OBVIOUS mis-ratings and false positives... not debated classifications.

Again, the developer has the option to NOT include that bundle.. so it *is* Open Candy's fight, and they have plenty of power to fight.
« Last Edit: September 24, 2011, 01:19 PM by db90h »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #33 on: September 24, 2011, 01:40 PM »
It would be far more productive in the long run if 1000 developers of 1000 different products would stick to reporting false positives in their products and not reporting a false positive in some 3rd party bundled product like OC.

Because it is a single false positive and the problem is with OC and not 1000 false positives with the 1000 different products.

It would be far better for those 1000 developers to bang on OC's door and complain about it, then let OC handle the issues with their product.

You, as the developer of one of the 1000 products bundling some 3rd party adware are not in the position to make any changes to that 3rd party software to comply with any requirement that might be needed to resolve the issue (other than removing it from your installer), while OC is in a position to change their product and resolve it. They are the ones that should be complaining if they are upset by what they believe to be a false positive.

And I do not see something containing OC being detected as Adware:Win32/OpenCandy as a false positive. It was identified correctly as OpenCandy. If it were being identified as a Trojan:Win32/Vundo, that would be a FP.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #34 on: September 24, 2011, 01:41 PM »
I'm going to try to be short here.

I was informed the company we were discussing (Open Candy) likes to sue people. I got freaked out, removed the posts. Sorry... The new policy is: NO DISCUSSION OF BUNDLED PRODUCTS.

I think this is very short sighted.

There is little software out there that doesn't incorporate other software. They're called libraries or components. They help enable different functionality. At the extreme end of the argument there, there isn't any software at all that doesn't incorporate other software.

To me, the line you seem to be drawing there for components appears to be rather arbitrary. I'd say that leaving it at the installer level or installed level is best. (I don't expect that we'll ever see eye-to-eye there though.)

As far as suits go, I am not aware of any from OC (SweetLabs now). I have a good relationship with them, and wouldn't expect them to sue me for anything that I'd written there. I know their community evangelist very well.


BTW, this is FALSE, because they detected OpenCandy as OpenCandy. It is a classification issue, which is different than a false positive. We can NOT get into classification debates, period.

I went on at length about this in a post that you'd deleted.

I understand (I think) what you want to limit the discussion to. For misidentification, that's one thing, but I still think that "false positive" implies any identification of innocent software as malware.

Yes. I know you want to rule that out. Perhaps terminology is a problem, and that will only create red herrings unless rectified. Perhaps some more specific terminology would help.

I still think that you're basically going to make most software irrelevant though. Just for example, you're ruling out Screenshot Captor (a favorite program of mine).

Screenshot Captor includes other software components. If it or any part of it is identified as "malware" (or whatever), the practical upshot is that mouser gets screwed by that. I know that mouser has had to deal with false positives in the past.

Thinking about it again, it seems to me that you're trying to be extremely technical. I don't think that approach will be very productive though. It might make sense to techies and gearheads, but it would probably be more useful to think about the user perspective, because that's what really matters in the end.

As far as I'm concerned, if any AV software detects an installer as threat/malware (or whatever), that's a false positive to me. I see the debate about components/libraries as a non-issue.

There is a lot of software out there that incorporates defunct or non-maintained software or abandonware. In those cases there's, as you've defined, there is NOBODY to stand up and tell the AV companies to fix their **** ups.

I'll give you an example...

One of my favorite pieces of software is from Infralution. It uses a component for graphing, but it's no longer maintained. So what happens there?

Anyways...

I'm going to bow out of this discussion. I'm simply not interested in the extreme end of the spectrum.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #35 on: September 24, 2011, 01:46 PM »
There is little software out there that doesn't incorporate other software. They're called libraries or components.

You are comparing libraries and software components to installer bundles? Come on ... Components/libraries have a FUNCTIONAL PART of the software, installer bundlers are SEPARATE products that are there to get installed into the PC as a separate product (and for commercial purposes, that is why you get paid).  

Also, you took my one, non-applicable quote.. thanks for that. That was why I first removed them, but then it became clear how problematic it would be to allow, after long discussions about the issue.

These are the rules. You have the freedom to start your own site. I mean no offense.
« Last Edit: September 24, 2011, 02:06 PM by db90h »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #36 on: September 24, 2011, 02:09 PM »
It would be far more productive in the long run if 1000 developers of 1000 different products would stick to reporting false positives in their products and not reporting a false positive in some 3rd party bundled product like OC.

Because it is a single false positive and the problem is with OC and not 1000 false positives with the 1000 different products.

It would be far better for those 1000 developers to bang on OC's door and complain about it, then let OC handle the issues with their product.

You, as the developer of one of the 1000 products bundling some 3rd party adware are not in the position to make any changes to that 3rd party software to comply with any requirement that might be needed to resolve the issue (other than removing it from your installer), while OC is in a position to change their product and resolve it. They are the ones that should be complaining if they are upset by what they believe to be a false positive.

And I do not see something containing OC being detected as Adware:Win32/OpenCandy as a false positive. It was identified correctly as OpenCandy. If it were being identified as a Trojan:Win32/Vundo, that would be a FP.

Whether it's OC or whatever is completely irrelevant.

For a bunch of customers to start bugging a component vendor because an AV vendor is incompetent is simply idiotic.

Why further the component vendor's burden when they are already getting screwed by the AV company?

Inform them? Sure. Bitch and cause problems for them? That's counterproductive.

It's much better to have those 1,000 software authors screaming to the AV vendors for their incompetence.

Quite frankly, it's the AV companies that are dropping the ball here. They are the ones that need to be screamed at.

Sure, I'll email a component vendor to let them know that an AV company is incompetent and accusing them of something that they're not guilty of, but I'm sure as hell not going to bitch at them because of something that's not their fault.

The fault lies ENTIRELY with the AV vendors. THEY are the ones that are in error.

Classification is irrelevant to me.

At the end of the day, it's the AV companies that are the guilty parties here.

And I quite frankly don't care about their problems all that much. Yes. I know that it's a hard job. But there's just no excuse for screwing me when I don't want to get screwed.

The more I think about this, the angrier I get.

I've been screwed by the AV companies with false positive across the entire spectrum of *whatever* you want to call a false positive. The end result is the same. I get screwed. I don't like that. Getting screwed is bad.

My sympathy levels for the AV companies is only dropping now... The more I think about it, the more I see that they are simply incompetent, and that they have NO excuse.

It's not that hard to take a detection, quarantine it, and then inform the user that they have a possible infection, and that a more thorough check is being done... Please stand by... We'll return to the regular programming momentarily...

But they don't do that.

If something is detected, sure. Quarantine it. False positive or otherwise. Play safe. But also take into account that you *could* be wrong and do some due diligence.


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #37 on: September 24, 2011, 02:23 PM »
You are comparing libraries and software components to installer bundles? Come on ... Components/libraries have a FUNCTIONAL PART of the software, installer bundlers are SEPARATE products that are there to get installed into the PC as a separate product (and for commercial purposes, that is why you get paid). 


We're not going to see eye-to-eye on this.

Yes. They have a functional part. It's called putting food on the table.

As an independent software vendor (mISV), I have to look at the big picture. I don't have the luxury of looking at one very tiny isolate part.

If my software is labeled malware, for whatever reason, that's a very real problem for me. It's a kind of steak vs. ramyen problem.

For the specific example that I gave that you deleted in your forums, no software is "installed". (We've gone over that issue here in some other thread, and I don't believe that execution is equivalent to installation.)


Also, you took my one, non-applicable quote.. thanks for that. That was why I first removed them, but then it became clear how problematic it would be to allow, after long discussions about the issue.


I'm not sure what you mean there.


These are the rules. You have the freedom to start your own site. I mean no offense.


You can have whatever rules you want at your site. I don't have any problem at all with that. Heck, I think that you can do some very real good.

You've simply limited the discussion to a very narrow band, and I'm just not interested in things that narrow on the topic.

What you're doing is a good thing. But you're simply excluding people in my position. Not that there's anything wrong with that. It's just that I don't really have anything to add to that discussion. I'm more interested in the bigger picture.

And as for starting my own site, that won't happen. I've not found time for it in the last few years, and I doubt that I will any time soon.

Good luck with things. I hope that you can get the AV companies to stop dropping the ball so much.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #38 on: September 24, 2011, 02:23 PM »
I disagree- a false positive is a false positive

This is FALSE, because they detected OpenCandy as OpenCandy. It is a classification issue, which is different than a false positive. We can NOT get into classification debates, period.

Those who believe bundles are a non-deceitful practice are welcome to start their own site ... However, they will not be part of THIS site because we need only the most EGREGIOUS and CLEAR CUT examples of harm. I said it all above. I will not repeat further. Reference my explanation. We simply can not allow borderline cases, because the system would not work. I discussed and thought about this for a hell of a long time with security vendors, so do not tell me that it is short-sighted. I *KNOW* bundles help you pay you bills, but ... they are deceitful in nature, in my opinion, and considered 'borderline' cases. Even though the user can opt-out, since almost nobody wants the bundled software, the clear intent is to 'get' those few who miss the checkbox.

I understand they pay you $$$... so you bundle supporters will never agree with this, so I invite you to start your own site. Argue no more, because this policy WILL NOT CHANGE. Read my first post, I explain it quite clearly. If we allow borderline cases, the whole system degrades into nothing but debate about what is good and what isn't. Instead, we want a site that demonstrates OBVIOUS mis-ratings and false positives... not debated classifications.

Again, the developer has the option to NOT include that bundle.. so it *is* Open Candy's fight, and they have plenty of power to fight.

I am not a bundle supporter, nor am I paid for anything, so classifying such in an aggressive post against what I said seems a bit out there.  I do tend to post in support of Renegade on such things, because he gets so much crap for stuff, i.e. the unaddressed issue of posting that it was his fault that an AV company decided not do business with you, rather than placing the blame with them for their own decision.  And if a third party component in your software does something that the AV program detects as malicious activity, then that becomes your problem, also.  Libraries *can* do the same thing, and result in the same sort of false reporting, i.e. the use of AutoHotKey.  It's not the program itself, its what it was made with in that case.  And the developers of the programs that are in AHK can't argue the point of their program?  I call BS.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #39 on: September 24, 2011, 02:27 PM »
@wraith808 - Thanks for the voice of support. Greatly appreciated.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #40 on: September 24, 2011, 02:53 PM »
You are comparing libraries and software components to installer bundles? Come on ... Components/libraries have a FUNCTIONAL PART of the software, installer bundlers are SEPARATE products that are there to get installed into the PC as a separate product (and for commercial purposes, that is why you get paid).  

We're not going to see eye-to-eye on this.

Yes. They have a functional part. It's called putting food on the table.

That is not a functional part of the software though, it is a functional part of your business. The software would run just the same if there was no adware in the installer.

I have no experience with OC, so I can in no way comment on whether it is fair to detect it as .. well .. OC. But to me there is a difference between components used in software, and adware bundled with it.

Also, just for the record, writing good signatures for malware is not as easy as it may seem :).

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #41 on: September 24, 2011, 03:48 PM »
I have been talking quite a bit with db90h and it is very likely that I will be assuming the role of community relations for this project.

The purpose of this project is to identify and address the issues of false positives. It is not to identify and address issues with misclassifications. We are going to stay focused on false positives. We are not going to address misclassifications unless a website is misclassified as containing something it does not.

For example, if Wikipedia were misclassified as a phishing site and it resulted in it being blocked, that would be acceptable to file a report of a false positive, since there is nothing on the site that could be considered phishing. But if they were hacked and code injected that popped up a form asking for someone's banking info, then that wouldn't be a false positive until they cleaned up the site.

Feel free to start your own similar project to address misclassifications, if you wish, if you can not accept the idea that we will not be addressing them.

A detection of OC is not a false positive unless your software or installer does not contain OC. If it contains OC you may not file a report of a false positive. If it does not contain OC then you may file a report. It is as simple as that. That will be the rule going forward and there will be no compromising on this.

You can argue about it all you want in a million ways, but the fact remains that OC is being detected as OC and if it is malware or not isn't the issue here. So whether you feel OC is malware or not is irrelevant.

Now, Renegade, does your installer that is being detected as containing OC actually have OC in it, or not? If it doesn't, you may make a report about a false positive. If it does, then you may not.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #42 on: September 24, 2011, 04:30 PM »
^ re the last line there:
it's good to be clear, but jeez app, give the man a break :)
he's already made his point and wished the site good luck:

[...]
Good luck with things. I hope that you can get the AV companies to stop dropping the ball so much.
Tom

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #43 on: September 24, 2011, 05:07 PM »
^ re the last line there:
it's good to be clear, but jeez app, give the man a break :)
he's already made his point and wished the site good luck:

[...]
Good luck with things. I hope that you can get the AV companies to stop dropping the ball so much.

That's sort of my point.  Renegade is a pretty respected member of the site, and is pretty level headed and logical in his arguments.  He's also done quite a bit of research into the OC thing, even before using it.  However, whenever this comes up, he gets piled on, either in a passive aggressive manner or just an aggressive aggressive manner.  I know this is a hot point, but it seems like we can agree to disagree without the strife that seems to come up on these threads- I mean, its obvious that its in his software; he's even said as much, openly.  He's not trying to hide anything.  But the negative feelings towards the malware seems to spread out onto him, as if he's part of the problem.  That's my big problem with the whole thing.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #44 on: September 24, 2011, 07:38 PM »
This has nothing to do with anyone's feelings about OC. It's about focus and what is best for this project at this time. There may come a time in the future where that focus may change, but right now is not it.

Even if I shared Renegade's views on OC I would still hold the same position about not focusing on misclassifications at this time.

And Renegade knows I do not hold anything personal against him. I consider him my friend, both here and outside of DC, and not just merely a fellow DC member. If we lived near each other and I was the type that liked to drink, we'd be drinking buddies.  :)

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #45 on: September 24, 2011, 09:41 PM »
Lets try get back on a more focused topic shall we.

OpenCandy is OpenCandy, its a tool like any other...and regardless of your stand on the matter, it's NOT the point of discussion within THIS topic.

Personal attacks on members of DonationCoder cannot, and will not be tolerated.

If you wish to Discuss OC and NOT, please visit: https://www.donation...ex.php?topic=18297.0

That is the end of any more OC discussion or personal attacks within this topic.

.........

For those wishing to continue the ACTUAL discussion topic...Please continue.

Topics can be very easily de-railed...

« Last Edit: September 24, 2011, 09:52 PM by Stephen66515 »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #46 on: September 25, 2011, 12:46 AM »
That is not a functional part of the software though, it is a functional part of your business. The software would run just the same if there was no adware in the installer.


Whether it's OC or DevExpress or Infragistics or whatever, they all just seem like components to me. They all have a purpose. Saying that it's not a functional part of the software is only expressing an opinion on what level of utility one perceives in it.

To be the Devil's Advocate:

* Help files aren't a functional part of software because they describe the software. i.e. Descriptions are not functions.

* Playlists in my MP3 player aren't a functional part of the player because I don't use them, and get no value out of them.

* Graphic embellishments and decorations that make a program look nice aren't functional parts of the program because they don't "do" anything.

* A GUI is not a functional part of the software because anything that you can do through a GUI can be done through a command line. (Oh god... can you imagine how difficult some software would be with no GUI? Nightmarish...)

While some of those may seem utterly silly, they are just following down that slippery slope to one degree or another.

Basically, it boils down to whether or not you "like" or "want" or "use" some set of functionality.



...there is a difference between components used in software, and adware bundled with it.


The word "bundle" is interesting as it can mean a few things. I think that we'd all agree that "bundle" implies packaging together several discrete pieces of software that do not interact with each other in any meaningful way, and that those pieces of software are not related in the way that a piece of software is related to a component/library.

I don't think that "adware" is really relevant. Whether you're bundling a toolbar, or a browser, or a pro version, or a related product, or a 3rd party product, or whatever, a bundle is a bundle.

What I'm NOT clear on though, is whether or not facilitating a download and installation constitues "bundling".

For example, say you download the ACME Web Browser. They bundle in the ACME Browser Switcher toolbar for other browsers that lets you seamlessly switch from another browser into the ACME Web Browser. So that's a bundle... But, if they also include an option in the installer for you to download and install the ACME MP3 Player, then is that bundled? It's not "in" the installer, and you have to download it still... I'm thinking that I'd have to say "no" for traditional standalone installers, and that the question then moves on to what constitues a bundle in a connected world with web installers... There I think I'd have to say "yes".



Also, just for the record, writing good signatures for malware is not as easy as it may seem :).


I'm quite certain writing signatures for malware is very difficult.

But we don't excuse doctors for killing people on the operating table because they misdiagnosed a cough for brain cancer. Oh... Ooops... Yes we do. But whatever. :) :P

It seems to me that labeling an innocent piece of software as malware is libelous.

http://en.wikipedia.org/wiki/Defamation

Defamation—also called calumny, vilification, traducement, slander (for transitory statements), and libel (for written, broadcast, or otherwise published words)—is the communication of a statement that makes a claim, expressly stated or implied to be factual, that may give an individual, business, product, group, government, or nation a negative image. It is usually a requirement that this claim be false and that the publication is communicated to someone other than the person defamed (the claimant).

To prove libel:

The person first must prove that the statement was false.
Second, that person must prove that the statement caused harm.
Third, they must prove that the statement was made without adequate research into the truthfulness of the statement.


In the context of db90h's definition of false positive, these conditions are all met.

1) By definition, this is satisfied (false positive).
2) Again, this is trivially true.
3) It is well known that signatures can have multiple matches, so making a claim without verification satisfies this condition.

I suppose that I'm surprised that the AV companies haven't been sued more, because they're obviously guilty. If they have, I'm unaware of those suits.


The purpose of this project is to identify and address the issues of false positives. It is not to identify and address issues with misclassifications. We are going to stay focused on false positives. We are not going to address misclassifications unless a website is misclassified as containing something it does not.


I think the general issue would be better served by a less highly-focused approach to the technical side of signatures with multiple matches. But I suppose you do what you can.



For the record -- No offense take here. This is just a case of two different understandings of what "false positive" means.

Which is a general problem in a lot of discussions. And especially with acronyms... Quite often my eyes just glaze over when reading some materials where an author starts off using some acronym and never expands it for clarity.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #47 on: September 25, 2011, 03:06 AM »
Since I agree with Stephen66515, I will refrain from commenting on this reply, but instead congratulate him on his 1000'th post

Stephen1k.png

 ;D :Thmbsup:

worstje

  • Honorary Member
  • Joined in 2009
  • **
  • Posts: 588
  • The Gent with the White Hat
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #48 on: September 25, 2011, 03:47 AM »
I don't care too much for the details of this discussion as I am really tired, but I need to reply to one question asked...

* A GUI is not a functional part of the software because anything that you can do through a GUI can be done through a command line. (Oh god... can you imagine how difficult some software would be with no GUI? Nightmarish...)

It would likely be easy to use, given some time to get used to the interface. Why? Because they would use a PBAD interface. Right, 'pretty bad' by todays standards. But I think a Physical Button And Dial interface works wonders for many applications. Ask DJs and soundmixers, toy racing cars/planes/boats operators, your olde TV set, or the TARDIS. Buttons and dials are epic and timeless. :D

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #49 on: September 25, 2011, 08:58 AM »
This is just a case of two different understandings of what "false positive" means.

Agreed on that point.


Whether it's OC or DevExpress or Infragistics or whatever, they all just seem like components to me. They all have a purpose. Saying that it's not a functional part of the software is only expressing an opinion on what level of utility one perceives in it.

To help drive this point along, in many installers there is the bit about disabling your AV software.  I used to work at a company where we had a pretty tight licensing system, that used an implementation of a third-party licensing component.  I had to write a lot of code to get it to work and integrate with the product.  But apparently some AV programs looked at the licensing as virus-like activity.  In that case, would it not have been the company that was affected and so the company that should have a right to pursue remedies, instead of waiting for the developers of the licensing component?