And when people eventually grow weary of reporting false positives individually, all over the net, perhaps hundreds a day, then you can visit http://falsepositivereport.org
. I doubt the site will ever take off, to be honest. However, it is monitored by representatives of the major security industry products, and almost all reports have led to timely fixes (though that isn't guaranteed).
Some may call it 'shame and name', and indeed we must document occurrences like this in an effort to DETER them. Else, they become another way to scare users into purchasing security software.
As for how to check a detection, the best service remains http://virustotal.com
. Any time you have a detection, run it through that site, and it will give you the results of over 40 different security software suites. A false positive would typically show up in 1-5 of them (as some use the same engine, especially the smaller vendors). A real detection is more likely to show up on almost all of them.