One of the worst things that can happen to a software developer, and especially if they are a small firm or a single individual, is for their program to be falsely detected as malicious by popular AV solutions.
But these false positives can also be an unwelcome hindrance to many others, as end-users begin to wonder whether they should continue using the program (or their security solution prevents them from doing so), IT support teams get flooded with users’ requests saying there’s a problem with the software, and AV makers’ reputation takes a hit.
“Nowadays antivirus vendors are increasingly required to become more proactive, this includes developing generic signatures and heuristic flags, which very often leads to mistaken detections in an effort to have a more secure user-base,” VirusTotal software engineer Emiliano Martinez explained the origin of the problem in a recent blog post, in which he also announced a new project that aims to minimize – if not remove altogether – this problem.
VirusTotal essentially want to create a huge AV whitelist, and is asking software developers to share the files in their software catalogue.
“These files are then marked accordingly at VirusTotal and whenever an antivirus solution (mistakenly) detects them, we notify the pertinent vendor, allowing them to quickly correct the false positive,” he shared. “Additionally, when files get distributed to antivirus vendors, they are tagged so that potential erroneous flags can be ignored, preventing a snowball effect with detection ratios.”
So each time a VirusTotal report on a particular file sports the following note, you can be sure that the file isn’t malicious:
Microsoft is the first company that took up their offer, and so far over 6000 false positives have been fixed.
Other software developers are invited to contribute to the project, but developers of potentially unwanted applications and adware need not apply.