ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

False Positives OpEd from WinPatrol


At DonationCoder we've discussed False Positives and how they affect freeware/OSS developers.  It's good to see an OpEd from someone in the security side of the industry and how it affects them as a company.

Antivirus industry deluding itself

The one thing this doesn't address is the costs with submitting software for the "Trusted Source" initiative, both in man hours and money, and the fact that to people that don't make a living off of selling software, it can seem like this is aimed at squeezing out Freeware and OSS contributors.

In fact, if you look at the bottom of the announcement from Google, you'll see that this isn't just an idle fear.

So what are the next steps? We are looking to grow our collection of trusted software, if you happen to be a very large software development company you might want to contact us in order to share this data and help us mitigate the issue of false positives. Please note that this initiative is not open to potentially unwanted applications and adware developers.

--- End quote ---

And the bad thing?  The emphasis isn't mine.

So where does this leave you with google automagically blocking and deleting files that the user downloads if you're not large enough to be one of the trusted vendors?

Out in the cold.

That quote is absolutely outrageous.. Shame on google.

His post is pretty spot on. It is ridiculously hard to get through to all the AV vendors to report false positives. It is a shame that the google/microsoft project is only aimed at large companies, who already have the attention of AV companies. A common gateway for reporting false positives would be great, but the odds of all the AV vendors agreeing on that are probably slim.

I don't know what could be done to help small companies and individual developers, perhaps the taggant project could help, or access to more affordable code signing certificates.


[0] Message Index

Go to full version