| you need to find out the code which is causing the problem, rewrite it or
| remove it. that is the only way forward.
|
Unfortunately, AV programs are getting bigger
and more aggressive, which probably makes sense
for them. As long as they don't flag programs like
MS Office, Photoshop and AutoCad, the vast majority
of potential customers will only know them for their
success rate, so they don't stand to lose much
with reckless flagging of unknown programs.
I only know two people using AV. Both are using
Avast, which I set up for them. Avast doesn't seem
to be too bad. But I did run into trouble with it on a
recent program I wrote to get Google streetview/maps/
satellite. Avast, like many other AV programs, has added
everything but the kitchen sink, expanding out into
quasi-firewall activity. Their "web shield" and "network
shield" functions flagged my program as malware because
it's trying to go online, which is considered suspicious.
I don't write to companies like that. It's a losing battle.
I just try to inform potential end-users of the issue.
I wouldn't have even known about the Avast problem if
I hadn't tried to run my software on a friend's machine.
I haven't used AV since about 2000.
For anyone who distributes software, rewriting it
is not much of a way forward. If you fix a false
positive from your own AV there might easily be 4
more false positives from other vendors that you'll
never hear about.
It's increasingly becoming a situation where non-
corporate software is simply not welcome, but there's
also the problem of AV software simply being
overproduced. I've been noticing a fairly new bit of
nonsense lately: I can tell which visitors to my website
use Trendmicro AV because whenever they download a
ZIP or EXE, Trendmicro follows a few seconds later,
downloading at least one copy themselves. And they
don't keep track of what they've downloaded. They
seem to be scanning the source in real time. Every time
a file is downloaded, they download it. It doesn't make
any sense at all, since the same file is being downloaded
to the client machine where their AV is presumably running.
Trendmicro seems to be building a sort of Rube Goldberg
database, filled with lots of data about lots of binaries
online -- all of which data is classified outdated in the
instant it's been stored. I'm considering blocking the whole
Trendmicro range via .htaccess. ...But then what if
Symantec gets the idea? If Trendmicro can be idiotic,
Symantec can surely outdo them. :)