Difference between revisions of "Anti-Virus Hall of Shame"

From 8BitDev.org - Atari 7800 Development Wiki
Jump to: navigation, search
(Created page with "==INTRODUCTION== Antivirus vendors catch viruses using signatures of little bits of virus. That way the software doesn't have to store whole viruses, and even better, if the v...")
 
(INTRODUCTION)
 
(4 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
Antivirus vendors catch viruses using signatures of little bits of virus. That way the software doesn't have to store whole viruses, and even better, if the virus changes it may still be recognized.
 
Antivirus vendors catch viruses using signatures of little bits of virus. That way the software doesn't have to store whole viruses, and even better, if the virus changes it may still be recognized.
  
Only some vendors use very short bits of virus. So small in fact, that innocent programs are often reported as containing viruses. In fact, even a simple [https://www.csoonline.com/article/3216765/heres-why-the-scanners-on-virustotal-flagged-hello-world-as-harmful.html Hello World example] gets reported as malware.
+
Only some vendors use very short bits of virus for their signatures. So small as to no longer be unique and innocent programs are often mistakenly reported as containing viruses. Even a simple and innocent [https://www.csoonline.com/article/3216765/heres-why-the-scanners-on-virustotal-flagged-hello-world-as-harmful.html Hello World example] gets reported as malware.
  
Why would they do this? Because it's cheaper for them to accuse an innocent program, then to actually test their signatures in a more robust manner. If a developer doesn't want their program falsely accused, they can spend their time and register their program as innocent with dozens of vendors, and pray that their program is accepted. Until the next revision, that is.
+
Why would they do this? Unfortunately, it's cheaper for them to accuse a large number of innocent programs, than to actually test their signatures in a more robust manner.  
  
The problem is especially bad for hobby programmers. Not only are the vendors wasting the programmer's unpaid personal time, the false positives seem to especially be triggered by using open source tools. One might guess the reasoning is that virus authors use open source tools, so therefore open source tool users are virus authors, QED.
+
Instead, AV vendors put up portals where falsely accused developers can spend their time and effort to try to get their program blessed by the vendor. So the author submits their program, with a bunch of details, and then waits. How long? Sometimes weeks, sometimes the AV company doesn't respond at all. If the developer is lucky enough to eventually be given a pass, the program is finally cleared. Until the next software revision, at which point you have to start the whole dance over again.
  
I am a hobby coder, and open source programmer, and I am tired of trying to trick the virus engines by using different debug options. I'm tired of explaining to users what a false positive is. I'm tired of wasting my time trying to update these vendor websites with each code revision. So I created this list of Antivirus engines that regularly flag my software.  
+
The problem is especially bad for hobby programmers. Not only are the vendors wasting the programmer's unpaid personal time, the false positives seem to especially be triggered by using open source tools. One might guess the AV reasoning is that virus authors also use open source tools, so therefore open source tool users are virus authors, QED.
 +
 
 +
I am a hobby coder that uses open source tools, and I am tired of trying to trick the virus engines by using different debug options. I'm tired of explaining to users what a false positive is. I'm tired of wasting my time trying to update these vendor websites with each code revision. So I created this list of Antivirus engines that regularly flag my software. It probably won't change a thing, but I'd rather light a small, pitiful candle, than to curse the darkness.
  
 
If your Antivirus vendor is on this list, you probably find a lot of software you download is broken, and get alerted unnecessarily. Save yourself, save hobby programmers, and get yourself some better Antivirus software.
 
If your Antivirus vendor is on this list, you probably find a lot of software you download is broken, and get alerted unnecessarily. Save yourself, save hobby programmers, and get yourself some better Antivirus software.

Latest revision as of 05:25, 10 February 2020

INTRODUCTION

Antivirus vendors catch viruses using signatures of little bits of virus. That way the software doesn't have to store whole viruses, and even better, if the virus changes it may still be recognized.

Only some vendors use very short bits of virus for their signatures. So small as to no longer be unique and innocent programs are often mistakenly reported as containing viruses. Even a simple and innocent Hello World example gets reported as malware.

Why would they do this? Unfortunately, it's cheaper for them to accuse a large number of innocent programs, than to actually test their signatures in a more robust manner.

Instead, AV vendors put up portals where falsely accused developers can spend their time and effort to try to get their program blessed by the vendor. So the author submits their program, with a bunch of details, and then waits. How long? Sometimes weeks, sometimes the AV company doesn't respond at all. If the developer is lucky enough to eventually be given a pass, the program is finally cleared. Until the next software revision, at which point you have to start the whole dance over again.

The problem is especially bad for hobby programmers. Not only are the vendors wasting the programmer's unpaid personal time, the false positives seem to especially be triggered by using open source tools. One might guess the AV reasoning is that virus authors also use open source tools, so therefore open source tool users are virus authors, QED.

I am a hobby coder that uses open source tools, and I am tired of trying to trick the virus engines by using different debug options. I'm tired of explaining to users what a false positive is. I'm tired of wasting my time trying to update these vendor websites with each code revision. So I created this list of Antivirus engines that regularly flag my software. It probably won't change a thing, but I'd rather light a small, pitiful candle, than to curse the darkness.

If your Antivirus vendor is on this list, you probably find a lot of software you download is broken, and get alerted unnecessarily. Save yourself, save hobby programmers, and get yourself some better Antivirus software.

Regular Offenders 2019

  • AhnLab-V3
  • Avast
  • AVG
  • Cylance
  • DrWeb
  • Ikarus
  • Rising