The Reporting of False Positives
Quote from rcohen on April 4, 2022, 8:58 amI have been trying to figure out a way to convince the fine folks over at VirusTotal to help us developers by setting up a proper reporting mechanism to the VP companies they are representing.
https://rcmediaservices.net/false-positives/
I have contacted them by email, sharing the above URL and asking for some information. They sent me an email containing all the contact info for each company for reporting a false positive. I created a PDF of it (attached). But that's surely a pain in the behind to do every time we are flagged. Some are emails, some are forms, etc. No standard method.
The page I created is not so much to convince TV to help us (although that surely would be great if they did) but rather to cover my behind regarding my prospects who wish to report "bad scans" with my software. It's a move to educate them and show them the problem first hand. If you agree with my thinking, then please feel free to contact TV directly to tell them so. ;-)
I have been trying to figure out a way to convince the fine folks over at VirusTotal to help us developers by setting up a proper reporting mechanism to the VP companies they are representing.
I have contacted them by email, sharing the above URL and asking for some information. They sent me an email containing all the contact info for each company for reporting a false positive. I created a PDF of it (attached). But that's surely a pain in the behind to do every time we are flagged. Some are emails, some are forms, etc. No standard method.
The page I created is not so much to convince TV to help us (although that surely would be great if they did) but rather to cover my behind regarding my prospects who wish to report "bad scans" with my software. It's a move to educate them and show them the problem first hand. If you agree with my thinking, then please feel free to contact TV directly to tell them so. ;-)
Uploaded files:- You need to login to have access to uploads.
Quote from Talker on April 5, 2022, 2:24 amYour page is informative and very well set up Robert. Thank you for that!
The false-positive issue is a serious one. AVs are important, but many a time they get frantic and offer pseudo-security. Flagging your NEO app, which doesn't even contain any "real" code is the perfect example of that.
Most portable executables, particularly the ones that include their own runtime (AHK, Quick Macros, Real Basic, etc.), are targeted by definition. Up to a point where users argue "why bother to compile an executable at all?".
The problem seems to be less severe if the compiled app consists of an executable file in combination with a DLL and manifest file. You could also digitally sign each and every executable. But I'm afraid that's going to be really pricey :-(
However, lately even (trusted) NET compiled executables get falsely flagged, just because you launch them from a nonstandard location like the Desktop...
Strangely enough, you could "pack" all kinds of (dubious) actions in PowerShell scripts or Batch files, like batch deleting folders/files, maybe even format a drive, and not get flagged.
Worst of all, if your computer really gets hacked, your AV probably wouldn't be aware of it...
When it comes to NEO Win, I really hope there's something that can be done about the issue "technically". It's a beautiful program that really shines in its ease of use. One of the last in its kind I'm afraid...
Personally, I prefer Windows executables, not browser-based apps...
Your page is informative and very well set up Robert. Thank you for that!
The false-positive issue is a serious one. AVs are important, but many a time they get frantic and offer pseudo-security. Flagging your NEO app, which doesn't even contain any "real" code is the perfect example of that.
Most portable executables, particularly the ones that include their own runtime (AHK, Quick Macros, Real Basic, etc.), are targeted by definition. Up to a point where users argue "why bother to compile an executable at all?".
The problem seems to be less severe if the compiled app consists of an executable file in combination with a DLL and manifest file. You could also digitally sign each and every executable. But I'm afraid that's going to be really pricey :-(
However, lately even (trusted) NET compiled executables get falsely flagged, just because you launch them from a nonstandard location like the Desktop...
Strangely enough, you could "pack" all kinds of (dubious) actions in PowerShell scripts or Batch files, like batch deleting folders/files, maybe even format a drive, and not get flagged.
Worst of all, if your computer really gets hacked, your AV probably wouldn't be aware of it...
When it comes to NEO Win, I really hope there's something that can be done about the issue "technically". It's a beautiful program that really shines in its ease of use. One of the last in its kind I'm afraid...
Personally, I prefer Windows executables, not browser-based apps...
Quote from rcohen on April 5, 2022, 4:30 amThanks for the feedback @talker
I would guess, like the squeaky wheel story... if enough of us speak up and post publically against the current situation, then sooner or later it will be addressed. The trouble is all those AV applications are each trying to outdo the other, and at the same time scare users into purchasing THEIR engines. I have some assumptions thereof, but I'll hold my tongue ;-0
My main point (to VT) was that along with great fame online, comes some responsibility to those they serve. And false positives like that affect both the devs AND the end users. So it needs to be dealt with by someone, and who better to address this than the giant themselves? And WE (devs) need to convince them of the merits in doing so.
I ask anyone who has bumped into this issue with them to please contact them with the same request.... copy my page onto your site OR just point them to my page. And if you happen to hang in other forums with folks that use other platforms, see if you can't get them in on the campaign as well.
Thanks again @Talker
Thanks for the feedback @talker
I would guess, like the squeaky wheel story... if enough of us speak up and post publically against the current situation, then sooner or later it will be addressed. The trouble is all those AV applications are each trying to outdo the other, and at the same time scare users into purchasing THEIR engines. I have some assumptions thereof, but I'll hold my tongue ;-0
My main point (to VT) was that along with great fame online, comes some responsibility to those they serve. And false positives like that affect both the devs AND the end users. So it needs to be dealt with by someone, and who better to address this than the giant themselves? And WE (devs) need to convince them of the merits in doing so.
I ask anyone who has bumped into this issue with them to please contact them with the same request.... copy my page onto your site OR just point them to my page. And if you happen to hang in other forums with folks that use other platforms, see if you can't get them in on the campaign as well.
Thanks again @Talker