Recent Posts

351

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 27, 2011, 07:15 AM »

Yes... I've got move back to my business, I *hope* enough people care to keep this going. I've put in my share already, and will continue to... if I am the only one who cares, it won't work. So...

352

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 27, 2011, 06:41 AM »

Thanks Renegade, we're working on proliferation. I've had to get to my day job though, so we need more volunteers. I've spent the last week on nothing but this effort. Meanwhile, I have a real business to run, lol ;p. That said, maybe this saves my business one day (amongst thousands others), so it is a worthy cause.

353

General Software Discussion / Re: Cnet's Download.com and the installer scam

« Last post by db90h on September 27, 2011, 12:16 AM »

Just so you guys know, vendors who opt-out (as I did) no longer have their software mirrored at CNET. Instead, it redirects back to your server, at least as best I can tell.

They also recently sent out a survey to all vendors, asking their opinions on this toolbar bundle. The one thing that was clear was that they have no plans to remove it completely.

354

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 26, 2011, 09:17 PM »

I am also TRYING to turn this over to the COMMUNITY at large .... I'm trying to force April into the job . She is level-headed enough to be fair, act with integrity, and there be no conflicts of interest. This MUST be non-profit and not promoting any particular site other than itself.

355

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 26, 2011, 08:58 PM »

I sure hope this anti-FP action will go well. 

However, already been told that the thread will move to another domain, I am not inclined to register at Bitsum's, in order to upload a post or two. I think more people than me may have had a similar thought.

-Curt (September 24, 2011, 05:00 AM)

It has been moved already -- http://falsepositivereport.com

356

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 25, 2011, 09:58 AM »

BACK ON TOPIC

April is the spokesman, but I wanted to quickly say that software sites who support this project may soon have a logo to display, helping us spread the word. It will take TIME for this project to propagate. Do not give up. Be patient. Until we have a logo, feel free to link to The False Positive Report at http://falsepositivereport.com

@wraith/renegade: Licensing/protector/compressor/installer system false positives have long been a problem and are being addressed by a separate project called the Taggant project. It is embedded a signature into compressed/protected EXEs so security companies can identify the license used, and if it is a legitimate license that hasn't been abused before.

357

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 24, 2011, 01:46 PM »

There is little software out there that doesn't incorporate other software. They're called libraries or components.

-Renegade (September 24, 2011, 01:41 PM)

You are comparing libraries and software components to installer bundles? Come on ... Components/libraries have a FUNCTIONAL PART of the software, installer bundlers are SEPARATE products that are there to get installed into the PC as a separate product (and for commercial purposes, that is why you get paid).  

Also, you took my one, non-applicable quote.. thanks for that. That was why I first removed them, but then it became clear how problematic it would be to allow, after long discussions about the issue.

These are the rules. You have the freedom to start your own site. I mean no offense.

358

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 24, 2011, 12:34 PM »

I disagree- a false positive is a false positive

-wraith808 (September 24, 2011, 12:33 PM)

This is FALSE, because they detected OpenCandy as OpenCandy. It is a classification issue, which is different than a false positive. We can NOT get into classification debates, period.

Those who believe bundles are a non-deceitful practice are welcome to start their own site ... However, they will not be part of THIS site because we need only the most EGREGIOUS and CLEAR CUT examples of harm. I said it all above. I will not repeat further. Reference my explanation. We simply can not allow borderline cases, because the system would not work. I discussed and thought about this for a hell of a long time with security vendors, so do not tell me that it is short-sighted. I *KNOW* bundles help you pay you bills, but ... they are deceitful in nature, in my opinion, and considered 'borderline' cases. Even though the user can opt-out, since almost nobody wants the bundled software, the clear intent is to 'get' those few who miss the checkbox.

I understand they pay you $$$... so you bundle supporters will never agree with this, so I invite you to start your own site. Argue no more, because this policy WILL NOT CHANGE. Read my first post, I explain it quite clearly. If we allow borderline cases, the whole system degrades into nothing but debate about what is good and what isn't. Instead, we want a site that demonstrates OBVIOUS mis-ratings and false positives... not debated classifications.

Again, the developer has the option to NOT include that bundle.. so it *is* Open Candy's fight, and they have plenty of power to fight.

359

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 24, 2011, 12:12 PM »

BTW, thanks to your report ESET won't speak to me any longer.. that's the harm of introducing borderline cases, or bundle companies that may or may not sue people, into the mix. Again, since Open Candy has different bundles, I am not saying they are a threat at all. I just mean we can only show more clear cut examples. Consumers, in general, don't like bundles, and that would substantially lessen our support on that front as well.

360

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 24, 2011, 11:39 AM »

Was that what was happening? I saw 2 of my 3 posts were removed, so I got pissed at being censored, deleted my remaining post and deleted my account.

I was informed the company we were discussing (Open Candy) likes to sue people. I got freaked out, removed the posts. Sorry... The new policy is: NO DISCUSSION OF BUNDLED PRODUCTS.

If you don't want the false positive, don't bundle with that software. You CHOSE to bundle with that software.

I do not mean to be harsh, I just have to set some limits. There are more egregious and clear examples of harm. Mentioning FPs with bundled software just confuses the issue and defeats our purpose.

Anyway, the site is under new management now and being moved as we speak, so maybe you can talk them into allowing it.. I no longer am in control.

OTHERS: Would you agree this is a reasonable policy? If we allow BORDERLINE cases, or cases of debate.. then we confuse the whole issue and defeat the purpose. I personally consider all bundles deceptive as they rely on those users who accidentally miss the checkbox. I, personally, don't want the bundled crap, and imagine others feel the same. Can someone back me up?

I mean NO OFFENSE.. but to get things done, we can NOT allow borderline cases like this.

I had a LONG discussion about this... this nearly destroyed the entire effort. If we allow these type cases, it would. Besides, since Open Candy, according to my sources that may or may not be accurate, sues everybody who calls them a threat, they can hold their own. I am NOT saying they are a threat, in face they are NOT a threat in most, if not all, cases. Since they have different bundles, I can't speak for all of them though.

361

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 24, 2011, 10:29 AM »

I sure hope this anti-FP action will go well. 

However, already been told that the thread will move to another domain, I am not inclined to register at Bitsum's, in order to upload a post or two. I think more people than me may have had a similar thought.

-Curt (September 24, 2011, 05:00 AM)

Thanks, and do not worry, all accounts and posts will be moved... we use SMF, so will the new forum.. easy migration. I indicated this, but it may have been missed (or not believed ;p).

362

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 06:51 PM »

Thanks to all of you, and please forgive me when I repeat myself. I move at 1000 miles an hour, so sometimes it is accidental --- but other times it is purposeful. In this day and age, everyone skims, so it is important to repeat things in order to get the point across .

I am happy to say that this effort has some major supporters already and is spreading like wildfire! Thanks to those of you who have volunteered your time or other services. I may very well be taking you up on that, as I have a business to run. Not spending half my time dealing with FPs and site rating issues will sure make that job easier.

I am now trying to get security vendors to publicly commit. They are scared publicly to do so at this time, but as it grows, they will .. I believe . Some have expressed their private willingness to participate, which is a great first step!

363

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 04:04 PM »

I also wanted to mention that I still think mouser's idea of a test and badge system rewarding good (low false positive) software/software publishers has a lot of potential. I think a combination of shaming the bad and rewarding the good could be most effective. Hopefully this effort can develop toward that long-term. But you have a good place to start.

-JavaJones (September 23, 2011, 04:03 PM)

I agree, and we should include that as well (already I linked to his post about it). One thing at a time though. FIRST, we must expose the problem, then we can work on solutions.

364

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 03:16 PM »

@Renegade: CAPTCHA turned down, thanks for letting me know .. I had 'upped' it just the other day because I got sick of those 'SEO' (yea right) people ... ;o.

365

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 02:54 PM »

Remember, it is about showing how bad the problem is - reporting them AFTER they occur directly to the company is fine, but we must also PUBLICLY report them in a CENTRALIZED location. We must remove their vested interest in generating FPs to start with, by embarrassing them, and showing which companies care about determining WHY it happened, and avoiding it in the future...and which do not.

The forum must be moved to a dedicated site soon. I also don't know if I have the time to maintain it (nor if I can stand being angry all the time).

366

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 07:19 AM »

I will add that link to the forum post now, thanks mouser

367

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 07:15 AM »

What I meant was... if you have anything to say, now is your chance. Rarely do users get a chance to have their comments read by anyone who matters at these giant corps (sadly). I guess that was clear though. Oh well. I just get enthused, and hope for change. Apathy will kill us all.

368

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 07:05 AM »

Sorry for the confusion ... Just in the Sticky Topic, to get the ball rolling... I just want them to understand that USERS CARE ... that helps to then get the ball rolling on the whole project. If they realize their CUSTOMERS care, then they care 10x more. Sorry

EDIT: A big part of this is USER TRANSPARENCY, so users know what is happening to small businesses, and which security vendors are causing the most harm (like donationcoder, though it isn't a traditional business, it is still a form of business).

I would not be surprised to suddenly find my web site rated RED/DANGEROUS and all my software false positive'd on .. as paranoid as that sounds. To challenge some of the corporations is, risky...

369

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 06:38 AM »

I did not make it clear.. if you want your comments to be seen by people who MATTER, then please post them at the thread I linked above. They will be waking soon, and visiting that thread. If it is just me, I look like a crazy person. If there is some user support, they realize users are fed up.

I have a real fear now that users, in general, don't care (not you guys, but others.. the average user).

370

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 05:12 AM »

Good idea! I'm not a member of the ASP anymore, I quit years ago and never joined back. However, since I author developer tools, I know a lot of vendors personally, so will start contacting them. Please do spread the word. It is important. We must make a stand. The major security companies will be waking up in a few hours and reading this, so let's show them how much interest there is ASAP.

My personal story of FPs and misratings you wouldn't believe.. and I do NOT compress my software or use any protector. That is why I got so fed up. I finally was able to fix problems only through my direct contacts, because so many of these companies simply don't respond to their false positive or mis-rating reporting systems. They just ignore you, its absurd. Some others DO respond well, but the damage is done, and they don't make an effort to PREVENT it from happening in the future.

Let's change the world!

371

General Software Discussion / Re: The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 04:57 AM »

Thank you for your support .

372

General Software Discussion / The False Positive and Improperly Rated Site Epidemic

« Last post by db90h on September 23, 2011, 04:41 AM »

I have been a member of a malware working group at the IEEE of which almost ALL security vendors participate. I've therefore been in a position to create and propose this new Forum: http://falsepositivereport.com . This is only hours old, but one security vendor has agreed to take part. As the others wake, we'll see who will voluntarily take part in it. As long as Software Vendors take part, security vendors will eventually be forced to take part in order to respond.

OFFICIAL SITE:  http://falsepositivereport.com

I would like to congratulate Microsoft as the one company who takes the conservative approach, making their false positive rate the lowest in the industry. Kudos to them. All security companies should act that way! Causing collateral damage to innocent businesses/families is simply unacceptable. It will sometimes accidentally occur, but clearly not enough is being done to prevent this problem, as it has only gotten worse.

---------------------------------

Accountability. Transparency. Communication. Prevention.
Helping to prevent false positives and mis-rating of web sites, instead of merely retroactively addressing them

This is a new effort to help slow (and expose) the plague of false positives and mis-rated web sites that are destroying hundreds or thousands of small businesses every year. Some security companies do better than others, but never before has there been a place where false positives and mis-rated sites can be publicly reported. The security companies can then respond, fix the issue, then determine why it happened and work with the vendor to avoid it in the future. After all, once a false positive happens, the damage is already done. Some security companies will not even respond to reports of false positives and mis-rated sites, much less work to avoid them in the future. Other companies DO act much more responsibly.

This is NOT about crucifying security companies. They do have a terribly hard job. Still, many of them can and should do better. This site is about showing which companies are doing the best to avoid collateral damage. It is also intended to facilitate the mitigation of collateral damage when it occurs, and, through communication, help prevent collateral damage (FPs) from recurring. For instance, why did the FP or misrating occur? What can be done to avoid it in the future?

Ironically, malware authors are hardly affected by these aggressive tactics. After all, if these tactics really worked, why would there be so many malware infestations?

Also remember, public transparency and accountability will let consumers know which security companies care about the collateral damage they inflict. Is this not important in your purchasing decision? If not, it should be . By choosing carefully with whom you spend your money, YOU can force companies to start behaving ethically.

As always, the power is in the hands of the consumer. Choose carefully who you spend your money with and you can force these corporations to act ethically and responsibly.

At this site you can:

1. Report false positives and mis-rated sites in REAL TIME to a CENTRAL LOCATION. At this central location, companies will know where to find false positives and mis-rated sites, if they care to look.
2. You can then see which companies care to fix these issues, and how fast. You can also see which companies are interested in AVOIDING them in the future.
3. Communicate with security companies to fix these issues, and help avoid these problems from recurring.
4. Provide historical stories about damage inflicted to your innocent business and/or family.
5. Communicate with other software vendors with similar concerns and troubles.

http://falsepositivereport.com

373

Living Room / Re: HOWTO track down a Fake Invoice con-artist: A Story in 4 Parts and counting

« Last post by db90h on September 18, 2011, 04:27 PM »

The sad thing is that these people have probably made so much money that *if* they are ever actually caught, whatever penalty they receive will make the endeavor worth it. And that's the state of white collar crime prosecution in this country. It is almost as if white collar crime isn't a crime at all. Anything anybody can do to make a buck is fair game. Sick.

374

General Software Discussion / Re: Cnet's Download.com and the installer scam

« Last post by db90h on September 05, 2011, 01:06 PM »

I have complained about this many times, going back as far as 8 months. Every time one of these sites is taken down, another springs up. In many ways, what CNET did was legitimize their business model - making them much harder to deal with in the future. Further, the open source software may not be able to object like shareware authors, depending on the license.

375

General Software Discussion / Re: Cnet's Download.com and the installer scam

« Last post by db90h on September 05, 2011, 01:01 PM »

Above post massively edited when I read it and realized the name..