Helping to prevent false positives and mis-rating of web sites

Back to Giveaway of the Day

Giveaway of the Day Forums » General discussion

[sticky] [closed]

Helping to prevent false positives and mis-rating of web sites

(22 posts) (9 voices)

Started 13 years ago by delenn13
Latest reply from Dragonlair

delenn13
Minbari Ambassador

Remember Jeremy Collake, the developer of Process Lasso http://bitsum.com/? Well, I am following him on Google +(Thanks to Robert)and he has the most awesomest idea. He is creating a board http://bitsum.net/forum/index.php/topic,915.msg4409.html#msg4409 to monitor false positives and how and if security vendors handle them.

How many times has a new update rendered a program you have had on your PC for months/years useless because of false positives? Or the false positives we hear about on the giveaways?

"The purpose of this board is to provide a public place to communicate false positives and improper site ratings to the security companies. Once a false positive or improper site rating occurs, the damage is often already done. Compounding matters, some security companies do not respond to false positive or improper rating reports in a timely manner, if they respond at all. In other cases, they DO respond in a timely manner. We need to know which companies respond well, and which don't seem to care. Some less than legitimate security companies may even use false positives as a means to drum up business, as to users it may appear as if they detected something that other software missed.......

The intent is not to crucify the security industry, I hope everyone understands that. Each company is different and unique. Transparency allows us to see which act responsibly, and which don't. Users can see which security companies CARE about false positives and the collateral damage to hundreds or thousands of innocent small businesses. Accountability is important to fixing this issue.

GENERAL USERS: Until we get the ball rolling, tell these security companies you want to know their false positive rates, and how they handle such occurrences when they do happen.

VENDORS: Post here what you think as well. It is important they know how frustrated we all are.

-----
THIS WILL BE MOVED TO A DEDICATED DOMAIN SOON, BUT POSTS AND ACCOUNTS WILL BE PRESERVED"

Just thought someone might be interested.

Posted 13 years ago #
BuBBy
Teh adnim

Thanks for posting this!

Sounds like an obvious idea that should've happened years ago.
Hopefully this will get the support it deserves.

Posted 13 years ago #
jcollake
Bitsum Technologies

Yes, thank you for helping to spread the word. Transparency and public accountability will let consumers know which security companies are *trying* and which companies are NOT. Then they can make informed decisions about which security software products they'd like to purchase.

As always, the power is in the hands of the consumer. Choose carefully who you spend your money with and you can force these corporations to act ethically and responsibly.

BTW, since I have contacts at almost every security company now (due to me authoring an EXE packer), they have ALL been informed of this. Some have expressed a willingness to participate. Others have not responded. But, they are ALL watching. Point is: NOW is the chance to be heard!!

Posted 13 years ago #
BuBBy
Teh adnim

Well I see enough reports of "My antivirus tells me GOTD has a Virus" - and over the years.

Not only is it up to the security companies to act responsibly, but there is an issue of user education. AntiVirus products do report false positives (some more than others). Users need to be taught that Security software isn't always correct - and when users run off to other sites to announce that company X is distributing viruses and telling everyone they can - it causes even more damage. The first point of resolution should be with the software developer and awaiting confirmation from the antivirus developers.

One example that comes to mind, in the past we have given away utility software that makes use of global keyboard hooks (to support hotkey functionality) - and antivirus software announces that the software has a keylogger. Then users post in the comments and WOT based on the incorrect/unclear report from the AV software. (I'm assuming they need to post to warn "all the other users" who never run antivirus software).

Too much damage can be done by inexperienced users broadcasting across the internet incorrect or incomplete information. So there are two sides to the problem - unclear or misleading information from AV software presented to non-technical users (who then report to the world that a company/site cannot be trusted), and the AV companies who take forever to address this or correct their definition files - to address all of the unwarranted bad press.

Posted 13 years ago #
graylox
Moderator

Thank you Delenn for sharing this news.

Jeremy Collake you deserve a lot of appreciation for all your dedicated work.
This board is only the latest of your courageous steps to call attention to deplorable customs and circumstances.

As BuBBy says, "there is an issue of user education" and insight, we notice that every day here in the comments and forums and we are not always successful, to persuade the user that his find is not malware.

Thank you Jeremy and good luck!

graylox

Posted 13 years ago #
delenn13
Minbari Ambassador

UPDATE: Site is up and running. http://FalsePositiveReport.com

And The DonationCoder Newsletter made mention of this project: http://www.donationcoder.com/forum/index.php?topic=28149.0

Spread the word!

Posted 13 years ago #
Anonymous
Unregistered

http://www.freeware-guide.com/FalsePositives.html

http://www.nirsoft.net/false_positive_report.html

http://nsis.sourceforge.net/NSIS_False_Positives

http://www.pcmag.com/article2/0,2817,2371197,00.asp

http://www.av-comparatives.org/en/comparativesreviews/false-alarm-tests

Posted 13 years ago #
jcollake
Bitsum Technologies

Thanks for the links ;).

This site is now: The False Positive Report

http://falsepositivereport.com

And thanks all for your continued support, well wishes, and assistance. It is YOU who will help this to succeed, or not. I hope we can really make a difference in the world, and save innocent businesses.

Posted 13 years ago #
Inas
Member

nice site, Mr. Collake, thank you.

Posted 13 years ago #
Dragonlair
Member

Thanks for this new site. I've joined. The timing is perfect since I'm fighting a type of False Positive that can take a month or more to fix based on the last time I had a file with this naming structure in a case like this.

It's a great way to let off steam when you're getting the runaround from your anti-virus and help out others at the same time!

Posted 13 years ago #
BuBBy
Teh adnim

Don't accept any excuse from your Antivirus company that bases their detection only on the filename.

I've seen a few in the past when the only trigger that caused the antivirus software to announce the file was infected is that it had the SAME FILENAME as another known infected file that the AV company tested against. That is just lazy.

Posted 13 years ago #
Dragonlair
Member

Bubby, It's not the file NAME, but the file name STRUCTURE that's the problem. Avira seems to have a problem handling "double extension" file names and I have no idea why. Only the last extension (.exe) is important in this case so why does it matter that it's always named <gamename>.wrp.exe where <gamename> is the name of the game being executed.

When I reported the first file of this structure, they kept saying it will be fixed in the next update and then FINALLY (after about a month) told me it took an engine update, not a definition update to fix the problem. If that's the case, then why is that extension structure still causing problems?

Posted 13 years ago #
mikiem2
Moderator

Just a guess, but it seems like a public awareness/education effort or focus might help... as long as there are people rating their AV software on the number of alarms it gives off, AV publishers have zero incentive to mend their ways. IOW sort of a big, flashy, did you know AV software false positives are bad, costing you X number of hours & Y number of dollars? Once the public sees why it's bad, direct them on what they can do to get it fixed. I mean most people aren't very sympathetic to the plight of some anonymous developer, because that has no effect that they can see on the stuff they feel is important -- once it hits home that they paid more for the software *They* use, or some feature they'd love to have has been sidelined directly or indirectly because of AV false positives, they might be more than eager to do something about it, help in any way they can.

Posted 13 years ago #
Dragonlair
Member

I posted on the Avira forums that I had 36 false positives in a little over 2 years. I wanted to know if it was "normal" or am I being hit more often than usual. Nobody would answer the question. I currently have 2 files on my exception lists because Avira insists that a small Microsoft file that is used by HP and was installed WITH my machine is malware. I had Avira for more than 2 years before it even noticed it. Why would a file - untouched - suddenly be "definitely" malware after that long?

Posted 13 years ago #
jcollake
Bitsum Technologies

http://falsepositivereport.com

Although I've said it before, I am very appreciative to see such strong support of this new effort.

First, I am glad to see that users understand that Accountability and Transparency is so important to fixing this plague upon small software vendors and web sites. Simply retroactively fixing false positives and mis-ratings is not good enough - though many companies don't even bother fixing these things in a timely manner. Nobody expects *perfection*, but we do expect that many of these companies try harder to AVOID these problems to start with, and fix them expediently when they do occur.

That said, there ARE responsible companies. One is Microsoft. They take the conservative approach. That is why they have one of the lowest FP rates in the industry (if not THE lowest). This does lower their detection rate a little, but in reality, your effective level of protection is hardly lessened.

This is not a project I can do alone, so I am trying to hand it off to the community to run. For instance, the forum was set up by a volunteer. I have appointed a manager and public relations volunteer as well. Of course, I still contribute every day.

The site has a long way to go, but it is important we continue to spread this message. A CENTRAL repository shows how bad this problem is.

Several companies have given me 'direct lines' to report any problems, so we are getting places fast. However, the idea is not to fix everyone's FPs for them, it is to PREVENT them from happening to start with... and to make vendors come to our site, instead of putting already victimized people through h*ll to report a FP or misrating.

Let us, as a community, finally make a stand! Let us base our purchasing decision on the vendors that cause the LEAST collateral damage by having the lowest FP rates. Fixing them expediently is important too, but avoidance is critical, as once a FP or site mis-rate happens, the damage is ALREADY done.

I think if the general public knew what we software vendors, site owners, and users have been put through there would be an uproar!

As the site grows, we can also collect STATISTICS, showing who causes the least collateral damage to innocent software vendors and site owners.

The true irony is that these super-aggressive tactics do little to deter malware, else there wouldn't be such a huge malware problem!

NOTE: To prevent any and all conflicts of interests, note that I do not link to my site or use my company name anywhere. This is a non-profit site promoting NOTHING but exposure of this plague!

Thank you all ;).

http://falsepositivereport.com

Posted 13 years ago #
jcollake
Bitsum Technologies

The site has already improved an ORDER OF MAGNITUDE.

FIVE different security vendors are MONITORING the site.

This is growing beyond belief ;). Rarely do we have a chance to change an injustice in this world. Here we do -- so let's do it!

http://falsepositivereport.com

Posted 13 years ago #
delenn13
Minbari Ambassador

This is good news. I have a few other places to email/blog/post the info to. Just been a bit busy.

Posted 13 years ago #
delenn13
Minbari Ambassador

The users NEED to be educated as to what their security does and how their security works. When I installed the latest update to my WinPatrol, I think I had 5 alerts. I read what it was doing and allowed it. No sweat! If I install a game, I know a key logger alert of some kind is gonna come up because the game HAS to use your mouse/keyboard to play. Not allowing a program to be installed at all and deleting it is way above the call of what I would think a security program is supposed to do.

This is a copy of what I TRIEDto post on the Software comment page. It just disappeared. :( And I was really good and didn't blast Norton..I promise. Though it was tempting.(I just realized #17 is was using a proxy..oops.)

Thank you, all powerful Mod. It finally posted.

"#14 & #17 please go here http://falsepositivereport.com to report your False Positives with your security programs. The GOTD staff vigorously test each program they offer. It is not a virus nor malware.

About The False Positive Report:

“This is a new effort to help slow (and expose) the plague of false positives and mis-rated web sites that are destroying hundreds or thousands of small businesses every year. Some security companies do better than others, but never before has there been a place where false positives and mis-rated sites can be publicly reported. The security companies can then respond, fix the issue, then determine why it happened and work with the vendor to avoid it in the future. After all, once a false positive happens, the damage is already done.

The intent is not to crucify the security industry, I hope everyone understands that. Each company is different and unique. Transparency allows us to see which act responsibly, and which don’t. Users can see which security companies CARE about false positives and the collateral damage to hundreds or thousands of innocent small businesses. Accountability is important to fixing this issue.

GENERAL USERS: Until we get the ball rolling, tell these security companies you want to know their false positive rates, and how they handle such occurrences when they do happen.”

There is a thread in the GOTD forum: Helping to prevent false positives and mis-rating of web sites « Giveaway of the Day Forums – http://www.giveawayoftheday.com/forums/topic/10483

If you want to continue to use Norton or Outpost, then help them become a better security product.

As far as the program, downloaded and installed with no problems with MSSE. I have 3 PC’s I bounce files back and forth with changes. This will help so much. Thank you GOTD and Salty Brine Software for the chance to try out this software."

Posted 13 years ago #
Robert
StrayCat

Unfortunately alongside the false positives issue,application monitoring tools ,which are getting better all the time, can do much harm too.
The good thing is they monitor every little detail running a setup ,for instance if a program is not digitally signed (or if some files are not yet included in their cloud database)
The bad thing is they can ask you some awkward questions and leave the end user somewhat bewildered (now why would that program be monitoring my keystrokes [cfr.delenn13],use regsvr32 or DNS API etc...) So they could stop the user from actually installing a program and make him even spread negative comments about it ,doing as much harm to a dev as a false antivirus positive.

Posted 13 years ago #
jcollake
Bitsum Technologies

SIX security companies are monitoring the new site, some more officially and publicly than others. Some are showing us they care it seems. I am glad to see this. Just a quick update.

Posted 13 years ago #
jcollake
Bitsum Technologies

During our first week we had 3 REAL TIME false positives reported. 2 of those 3 were fixed ON OUR FORUM by representatives of the security companies (Symantec and Trend). Kudos to them!

Posted 13 years ago #
Dragonlair
Member

I agree - bringing it out in the open is a great incentive for them to fix them fast. I think some HIDE in their support forums.

Is the AVG one (Sandlot game Glyph) the third Active FP?

Posted 13 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.