Current version

v1.10.4 (stable)


Main page
Archived news
Plugin SDK
Knowledge base
Contact info
Other projects


Blog Archive

Just because it is not your fault does not mean it is not your problem

asf asks:

I don't understand why you would change the reg key to workaround AV, it's their problem, and they need to fix it, you should not bend over for idiot AV vendors.

The answer is that it's my users that are affected and I'm the one getting the complaints.

Here's the problem: It's in the interests of the antivirus vendors to have their products as visible as possible to the user. To the extent this means a higher chance of detecting threats, that's good. The problem is in the rise in false positives, fueled by the increasing difficulty of detecting malware, as well as the addition of detection heuristics. Some of these are pretty sketchy. In addition to the lousy Registry check for Software/Freeware, some AVs used to flag VirtualDub as a trojan simply because it used the UPX executable compressor. The result is that I get complaints from users asking me why VirtualDub is a virus.

The frustrating part about this is that I don't actually have a way to tell the AV vendors that their software is screwing up. I'm not their customer and don't have one of every AV installed, and they don't exactly put an easy to find "tell us we &#*$ed up" link on their website. About the best I can do, then, is request that the user click the quarantine or "send us a sample" button in their AV. Unfortunately, that assumes they have the ability to do so. Locked down corporate setups are especially frustrating because they're often locked down and set to delete on sight. The result is that I have an annoyed user who can't run my program at all, and there's nothing I can do about it. The antivirus vendor might not even be able to anything, because they may have already fixed the problem and the installation may be old!

This isn't to say that I'm against antivirus software entirely. I've seen havoc caused by viruses back in my Amiga days, and I've seen how AV can affect the spread of Conflicker through a network. What bothers me is the way that antivirus programs now regularly make false accusations against third parties without recourse. VirtualDub's only been flagged a few times, as far as I know, but some vendors have had their software marked so many times that they have a frighteningly long list of false AV detections on their website. It's also wonderful dealing with bugs that turn out to be because of AV interference, such as files being locked in ways that are impossible according to Win32 semantics. Guess who gets blamed for the problems.

In the end, when writing software, you have to choose which goals you pursue, and in this case, there is an opposition between principles and user experience. Sure, I've done nothing wrong and I shouldn't have to code in workarounds for broken AVs, but this does nothing to help the user who is having trouble running my software. Just because the problem isn't your fault doesn't mean you don't have to implement a solution.


This blog was originally open for comments when this entry was first posted, but was later closed and then removed due to spam and after a migration away from the original blog software. Unfortunately, it would have been a lot of work to reformat the comments to republish them. The author thanks everyone who posted comments and added to the discussion.