Difference between revisions of "Anti-Virus Hall of Shame"

From 8BitDev.org - Atari 7800 Development Wiki
Jump to: navigation, search
(INTRODUCTION)
(INTRODUCTION)
 
Line 2: Line 2:
 
Antivirus vendors catch viruses using signatures of little bits of virus. That way the software doesn't have to store whole viruses, and even better, if the virus changes it may still be recognized.
 
Antivirus vendors catch viruses using signatures of little bits of virus. That way the software doesn't have to store whole viruses, and even better, if the virus changes it may still be recognized.
  
Only some vendors use very short bits of virus for their signatures. So small, that innocent programs are often reported as containing viruses. Even a simple and innocent [https://www.csoonline.com/article/3216765/heres-why-the-scanners-on-virustotal-flagged-hello-world-as-harmful.html Hello World example] gets reported as malware.
+
Only some vendors use very short bits of virus for their signatures. So small as to no longer be unique and innocent programs are often mistakenly reported as containing viruses. Even a simple and innocent [https://www.csoonline.com/article/3216765/heres-why-the-scanners-on-virustotal-flagged-hello-world-as-harmful.html Hello World example] gets reported as malware.
  
 
Why would they do this? Unfortunately, it's cheaper for them to accuse a large number of innocent programs, than to actually test their signatures in a more robust manner.  
 
Why would they do this? Unfortunately, it's cheaper for them to accuse a large number of innocent programs, than to actually test their signatures in a more robust manner.  

Latest revision as of 05:25, 10 February 2020

INTRODUCTION

Antivirus vendors catch viruses using signatures of little bits of virus. That way the software doesn't have to store whole viruses, and even better, if the virus changes it may still be recognized.

Only some vendors use very short bits of virus for their signatures. So small as to no longer be unique and innocent programs are often mistakenly reported as containing viruses. Even a simple and innocent Hello World example gets reported as malware.

Why would they do this? Unfortunately, it's cheaper for them to accuse a large number of innocent programs, than to actually test their signatures in a more robust manner.

Instead, AV vendors put up portals where falsely accused developers can spend their time and effort to try to get their program blessed by the vendor. So the author submits their program, with a bunch of details, and then waits. How long? Sometimes weeks, sometimes the AV company doesn't respond at all. If the developer is lucky enough to eventually be given a pass, the program is finally cleared. Until the next software revision, at which point you have to start the whole dance over again.

The problem is especially bad for hobby programmers. Not only are the vendors wasting the programmer's unpaid personal time, the false positives seem to especially be triggered by using open source tools. One might guess the AV reasoning is that virus authors also use open source tools, so therefore open source tool users are virus authors, QED.

I am a hobby coder that uses open source tools, and I am tired of trying to trick the virus engines by using different debug options. I'm tired of explaining to users what a false positive is. I'm tired of wasting my time trying to update these vendor websites with each code revision. So I created this list of Antivirus engines that regularly flag my software. It probably won't change a thing, but I'd rather light a small, pitiful candle, than to curse the darkness.

If your Antivirus vendor is on this list, you probably find a lot of software you download is broken, and get alerted unnecessarily. Save yourself, save hobby programmers, and get yourself some better Antivirus software.

Regular Offenders 2019

  • AhnLab-V3
  • Avast
  • AVG
  • Cylance
  • DrWeb
  • Ikarus
  • Rising