#1 - False-positive alarms

...in spite of being signed with a trusted Verisign certificate.

...in spite of being .NET-based (a platform which is not very "virus-authoring-friendly", so to speak) and not even using any code-obfuscation.

...in spite of using the "ClickOnce" installation-technology (in other words - the code runs in a sandbox).

etc.

#2 - Antivirus vendors not dealing with false-positive reports properly

PS. In fairness, though, some antivirus companies do have these feedback forms in place, have nice developer support, and react promptly.

#3 - Antivirus my ass!

#include

#include



int __stdcall WinMain(HINSTANCE,HINSTANCE,LPSTR, int )

{

return MessageBoxA(0,(std:: string ( "->" )+GetCommandLineA()+ "<> ).c_str(), "Cmdline" ,0);

}



cl -Os -EHs-c- -GR- -MD test.cpp /link -fixed:no user32.lib -incremental:no -out:test.exe

I hate antivirus software. I really do. Like almostAnd the reasons are:I'm sick and tired that my software is being detected as a "virus"...Why?Because if your software has some kind of copy-protection built-in (encrypts and stores serial numbers, hides parts of the source code to protect from reverse engineering etc.) - an antivirusmost likely detect some "very dangerous" trojan.Because if your software tracks mouse or monitors keyboard (like our AutoText for instance) - an antivirusdetect a malware.Because if your software is some kind of a "compiler" - i.e. it's capable of building its own EXE-files - an antivirusdetect a self-replicating virus. Oh, and all your EXE-files will also be marked as viruses by the way (since you're most likely using a "self-executing-unpacker-code + data" architecture, which is considered a risk-factor by most antiviruses, no idea why).Because if your software uses the "ClickOnce" technology (an auto-update framework that comes from Microsoft and isto Windows!) - an antivirusdetect a "trojan downloader" and block your website in some cases.These are just the few... And these are the actual reports I deal with every week. "Help, AVG blocks your installer saying it's a Trojan!", "Help, Opera has just blocked the downloaded file!".EVERY. FUCKING. WEEK.Now, dear antivirus companies! I understand -come first.security is your utmost concern. If someone sends you a virus sample - dealing with it is your #1 priority. I understand. I'm one of your paying users after all.Butdon't forget about us, the developers. We do send samples as well - the "false-positive" samples. We deserve some response. Fine, let it be within a week. Two weeks. A month. Two months. But please react!Instead, some of you do not even have a feedback form or a forum on your website so we can upload a false-positive... And those who do, sometimes require us to send you our code-signing certificates, home-addresses, company papers and photo-IDs... We're guilty by suspicion. Everything is a virus until the author proves the opposite.Create a simple C program with a code like this:Compile it with a free "express" edition of Visual Studio 2008:Now test this program with your favorite antivirus. Voila! A "TR/ATRAPS.Gen" has been detected.Congrats! You've just wrote your first virus!



Alex Yumashev

Alex has founded Jitbit in 2005 and is a software engineer passionate about customer support.

Subscribe