topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 8:24 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: The False Positive and Improperly Rated Site Epidemic  (Read 44133 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #50 on: September 25, 2011, 09:46 AM »
To help drive this point along, in many installers there is the bit about disabling your AV software.  I used to work at a company where we had a pretty tight licensing system, that used an implementation of a third-party licensing component.  I had to write a lot of code to get it to work and integrate with the product.  But apparently some AV programs looked at the licensing as virus-like activity.  In that case, would it not have been the company that was affected and so the company that should have a right to pursue remedies, instead of waiting for the developers of the licensing component?

Good point about installers recommending that people turn off AV software. (I don't think it should be necessary, but that's just what I think.)

In the past, most of the problems I've had with false positives have been rooted in either compression or encryption. Was the licensing issue you had due to network traffic or encryption/compression?
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #51 on: September 25, 2011, 09:58 AM »
BACK ON TOPIC

April is the spokesman, but I wanted to quickly say that software sites who support this project may soon have a logo to display, helping us spread the word. It will take TIME for this project to propagate. Do not give up. Be patient. Until we have a logo, feel free to link to The False Positive Report at http://falsepositivereport.com

@wraith/renegade: Licensing/protector/compressor/installer system false positives have long been a problem and are being addressed by a separate project called the Taggant project. It is embedded a signature into compressed/protected EXEs so security companies can identify the license used, and if it is a legitimate license that hasn't been abused before.
« Last Edit: September 25, 2011, 11:44 AM by db90h »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #52 on: September 25, 2011, 01:22 PM »
Good point about installers recommending that people turn off AV software. (I don't think it should be necessary, but that's just what I think.)

In the past, most of the problems I've had with false positives have been rooted in either compression or encryption. Was the licensing issue you had due to network traffic or encryption/compression?

I think it was due to encryption, but I couldn't say that with 100% certainty.  From the work I had to do, I know that compression wasn't used, and I don't *think* there was any network traffic associated with the solution; it was put in place to replace the dongle solution that they used before, and they called it 'software dongle emulation', though in retrospect, it was more like software license management, where you have a licensing server that validates keys against the keys that are on the DVDs of the connected computers, so the DVD itself acted as a sort of dongle.  Really complicated (and complicated the mastering process) and really pointless IMO.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #53 on: September 25, 2011, 03:18 PM »
Wraith, Renegade, I understand where you're coming from ... I really do. But you're not helping.

I also get where db90h is coming from. He's got a good idea, a means to implement it, and a narrow window of opportunity ... To catch and hold the AV companies attention. And the only way to do that is to keep it simple. Clear cut. black & white. UnArguable-ly, blatantly fucking obvious. Anything that is, or could be debatable, requires one risk taking a side ... Which is not something the AV companies are willing to do ... Just because they are them. Corporate facades protecting an image.

In keeping with this theme, anything that is, was, could, or might be... put up for debate. Must, be removed from the table. Or the corporate monkeys will simply run shrieking right back up their trees. Where they'll then happily continue their life-as-usual banana squeezing rituals.

They've been coaxed out of the trees, solely with the anticipation of getting a shiny bauble of black and white simplicity ... That any 4 year old could understand. I.e.:

James Earl Jones, is unarguably, obviously, black.
Tom Cruise, is unarguable, obviously, white.

-and-

Rae Dawn Chong, is (incredibly hot, but...) flat out just not going to (S-I-M-P-L-Y) fit into either of the two above categories. Dig?

Don't be so eager for the end game, "the kill" can wait... ;)

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #54 on: September 26, 2011, 08:58 PM »
I sure hope this anti-FP action will go well.  :up:

However, already been told that the thread will move to another domain, I am not inclined to register at Bitsum's, in order to upload a post or two. I think more people than me may have had a similar thought.


It has been moved already -- http://falsepositivereport.com

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #55 on: September 26, 2011, 09:17 PM »
I am also TRYING to turn this over to the COMMUNITY at large .... I'm trying to force April into the job ;). She is level-headed enough to be fair, act with integrity, and there be no conflicts of interest. This MUST be non-profit and not promoting any particular site other than itself.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #56 on: September 27, 2011, 01:34 AM »
See if you can post it in the ASP and JoS. They're good places where devs hang out.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #57 on: September 27, 2011, 06:41 AM »
Thanks Renegade, we're working on proliferation. I've had to get to my day job though, so we need more volunteers. I've spent the last week on nothing but this effort. Meanwhile, I have a real business to run, lol ;p. That said, maybe this saves my business one day (amongst thousands others), so it is a worthy cause.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #58 on: September 27, 2011, 07:14 AM »
Just musing...

If you've not considered it before, have a think through whether you want to advertise it. I think "The Code Project" would be a prime place.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #59 on: September 27, 2011, 07:15 AM »
Yes... I've got move back to my business, I *hope* enough people care to keep this going. I've put in my share already, and will continue to... if I am the only one who cares, it won't work. So... ;)

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #60 on: September 27, 2011, 07:37 AM »
What I mean to say is --- please, everyone, help spread the word ;). I would also like to reiterate that no profit, or even exposure is being generated for me. I am not even using my company or real name, nor linking to my site, nor anything - as I do not want there to be any doubt this is for the good of ALL OF US. In fact, I am trying to get out of the site, leaving it to volunteers, though ...

« Last Edit: September 27, 2011, 09:14 AM by db90h »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #61 on: September 27, 2011, 09:00 AM »
I sure hope this anti-FP action will go well.  :up:

However, already been told that the thread will move to another domain, I am not inclined to register at Bitsum's, in order to upload a post or two. I think more people than me may have had a similar thought.


It has been moved already -- http://falsepositivereport.com

my login doesnt work for this site (just reporting, not bitching!)
Tom

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #62 on: September 27, 2011, 09:03 AM »
my login doesnt work for this site (just reporting, not bitching!)

Stephen from DC here admins and hosts the site... but I will check into it and see if I see the issue. Sorry for this. It is new, so there are kinks ;)

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #63 on: September 27, 2011, 09:08 AM »
my login doesnt work for this site (just reporting, not bitching!)

If you can elaborate, perhaps it might be helpful too... ;). Sorry again.

EDIT: We did NOT migrate accounts, as I thought we would. The reason being is that the new site is using SMF 1.1.15, while I use SMF 2.0.1 .. so it would have been a harder issue.
« Last Edit: September 27, 2011, 09:15 AM by db90h »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #64 on: September 27, 2011, 03:03 PM »
my login doesnt work for this site (just reporting, not bitching!)

If you can elaborate, perhaps it might be helpful too... ;). Sorry again.

EDIT: We did NOT migrate accounts, as I thought we would. The reason being is that the new site is using SMF 1.1.15, while I use SMF 2.0.1 .. so it would have been a harder issue.

no worries - I made a new account and posted already earlier :up:
Tom

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #65 on: September 30, 2011, 09:14 PM »
Microsoft Security Essentials is/was incorrectly saying Google Chrome is malware and removing it from users' PCs.

http://chrome.blogsp...rosoft-security.html

http://techcrunch.co...s-chrome-as-malware/

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #66 on: September 30, 2011, 09:24 PM »
Microsoft Security Essentials is/was incorrectly saying Google Chrome is malware and removing it from users' PCs.

http://chrome.blogsp...rosoft-security.html

http://techcrunch.co...s-chrome-as-malware/

 ;D

j/k ofc lol

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #67 on: October 05, 2011, 06:28 AM »
The False Positive Report
First week results = 2 of 3 reported FPs fixed on, and at, our forum

In our first week of operation (actually merely days), we had 3 real-time false-positive reports. *2 OF THOSE 3 WERE FIXED _AT_ OUT FORUMS* (one by Trend Micro, the other by Symantec).

We are very proud of the security companies who have stepped up to the plate to mitigate collateral damage wherever they can.

Many or most major security companies are monitoring the forum. The concept is working. All we need now are for more people to report any unresolved false positives or site mis-ratings. Consider our site a safety net in this way, though its uses are far beyond that.

Ever wondered which security product has the lowest false positive rate? Not just in a lab, in the real world? Especially with so many heuristic and behavioral based detections, what is the true FP rate? What about site mis-ratings? How do they figure in?

Answer all this and more by participating ... or spreading the word, so people know 'where to go'

This is a non-profit, all volunteer organization that accepts no monetary donations.

http://falsepositivereport.com

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #68 on: October 05, 2011, 06:59 AM »
Congrats db90h :Thmbsup:
Tom

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #69 on: October 05, 2011, 07:05 AM »
Congrats to all those who helped in any way. It was not just me, it was also April and Stephen who dedicated their time to this project too. Stephen got us a nice looking web site going fast, hosted it even. April is doing everything that needs doing, including the logo at the top. Certain security vendors helped by encouraging early support, etc... Lastly, those who simply spread the word are doing as important a job as any.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #70 on: October 05, 2011, 07:11 AM »
In our first week of operation (actually merely days), we had 3 real-time false-positive reports. *2 OF THOSE 3 WERE FIXED _AT_ OUT FORUMS* (one by Trend Micro, the other by Symantec). We are very proud of the security companies who have stepped up to the plate to mitigate collateral damage wherever they can. Many or most major security companies are monitoring the forum.


That really is a huge achievement and fantastic news.  :up:

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #71 on: October 05, 2011, 08:11 AM »
Outstanding news! :)

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #72 on: October 15, 2011, 02:51 PM »

I presume this report of IE suggesting deletion of FARR (as it is "not commonly downloaded" lol) would fit in the forum?

FARR not a commonly downloaded program?
Tom

db90h

  • Coding Snacks Author
  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 481
  • Software Engineer
    • View Profile
    • Bitsum - Take control of your PC
    • Read more about this member.
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #73 on: October 15, 2011, 07:36 PM »
I presume this report of IE suggesting deletion of FARR (as it is "not commonly downloaded" lol) would fit in the forum?

FARR not a commonly downloaded program?

No, because it is your fault for not having a digital cert... which costs YEARLY 1/4 of your reported MONTHLY operational costs. It is not 1996 anymore, the reality is every developer should have a cert. Sorry to be so harsh, just telling it like it is.

This is just a cost of doing business. To represent unsigned software as potentially more risky is ok because it is true.
« Last Edit: October 16, 2011, 01:52 AM by db90h »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: The False Positive and Improperly Rated Site Epidemic
« Reply #74 on: October 15, 2011, 10:06 PM »
I presume this report of IE suggesting deletion of FARR (as it is "not commonly downloaded" lol) would fit in the forum?

FARR not a commonly downloaded program?

No, because it is your fault for not having a digital cert... which costs YEARLY 1/4 of your reported MONTHLY operational costs. It is not 1996 anymore, the reality is every developer should have a cert. Sorry to be so harsh, just telling it like it is.

For free software?  Really?  And it's the person's fault?  I'd think that for software that doesn't make money, there would be an option that's doesn't incur a yearly cost.  And that's how it is IMO.