The False Positive and Improperly Rated Site Epidemic

Long time DC forum member db90h writes today about his new effort to address the issue of false positive reports by antivirus vendors -- an issue that we have ranted about regularly on the forum:

"I have been a member of a malware working group at the IEEE of which almost ALL security vendors participate. I've therefore been in a position to create and propose this new Forum: http://bitsum.net/fo...php/topic,915.0.html . This is only hours old, but one security vendor has agreed to take part. As the others wake, we'll see who will voluntarily take part in it. As long as Software Vendors take part, security vendors will eventually be forced to take part in order to respond.

This is a DRAFT, it is late, I'm too tired too proof-read.

• OFFICIAL SITE: http://bitsum.net/fo...php/topic,915.0.html

I would like to congratulate Microsoft as the one company who takes the conservative approach, making their false positive rate the lowest in the industry. Kudos to them. All security companies should act that way! Causing collateral damage to innocent businesses/families is simply unacceptable. It will sometimes accidentally occur, but clearly not enough is being done to prevent this problem, as it has only gotten worse.

---------------------------------

Accountability. Transparency. Communication. Prevention.
Helping to prevent false positives and mis-rating of web sites, instead of merely retroactively addressing them

The purpose of this board is to provide a public place to communicate false positives and improper site ratings to the security companies. Once a false positive or improper site rating occurs, the damage is often already done. Compounding matters, some security companies do not respond to false positive or improper rating reports in a timely manner, if they respond at all. In other cases, they DO respond in a timely manner. We need to know which companies respond well, and which don't seem to care. Some less than legitimate security companies may even use false positives as a means to drum up business, as to users it may appear as if they detected something that other software missed.

This is NOT for Bitsum, it is for the whole world. This is a place where anyone can report a false positive or mis-rating of their web site. Then everyone can see what action the offending security company takes, if any.

When a false positive occurs, it is imperative that we determine WHY it occurred, and work together to AVOID it in the future. This takes cooperation between the security companies and software vendors.

The intent is not to crucify the security industry, I hope everyone understands that. Transparency allows us to see which act responsibly, and which don't.  Users can see which security companies CARE about false positives and the collateral damage to hundreds or thousands of innocent small businesses. Accountability is important to fixing this issue.

After all, if a security company causes substantial collateral damage, destroying innocent businesses and families, are they any better than the malware they protect against? We need to know which companies care, and which don't. Users can then make their purchasing decisions based on that.

This is NOT related to executable compression, as false positives now occur on almost all software, compressed or not. So it has NOTHING to do with PECompact.

Please remember, security companies have a VERY hard job, so it is understandable that false positives occur. However, we should all work together to mitigate them as much as possible and avoid collateral damage."