Antivirus disaster

Post Reply
User avatar
Zofz
Site Admin
Posts: 88
Joined: Wed Apr 20, 2022 10:13 pm
Location: Cologne, Germany

Antivirus disaster

Post by Zofz »

At my primary workplace, we have recently relocated to a shared office space with our parent company.
The antivirus rules are more strict there. I can't write any software anymore. The antivirus is erasing every 10th small C++ program I wrote. Worse, I cannot compile any bigger project without the problem in most cases. I have complained to the IT department. Good - they have excluded my project directories from the reach of the antivirus. But what if you want to deploy the program to other computers?
Hey, privately (zofzpcb), I have a signing certificate, and if I sign the binary file, the antivirus will not touch it. - "you do not understand how it works," the IT responded. But it worked - I could deploy any software to my colleague's computers.

Antivirus disaster
Blacklists are not good enough. We need to be tighter - said the antivirus company, introducing heuristics. The next Windows update (in the 90s', it was rare) was a great disaster. Some of the system files were disabled; computers were no longer booting.
How do they solve it? - White lists.
It is easy to be white-listed if you are Microsoft, but what about us?

virustotal.com
Virustotal is an excellent service - you can check a binary file with 80 antivirus programs at once.
At some moment, one of the software-listing-websites had sent me an urgent email –
Remove a virus from your software! virustotal.com reports malware is detected by 2 of 80 antivirus programs in your installation package! We will remove your program from our download list!"
The software listing website has been complaining several times, then stopped. Did they understand, or did they remove ZofzPCB? I could not do anything about it anyway. Whatever I did, one or more tests were false positives. Then Google bought virustotal.com. Those protesting antivirus companies got the file and a request to clear the situation. (There should be a 100% single-minded answer.) So, what did they do? The white list! And, of course, the white list is based on the creator's signature to save their time.
That is why signing the binary file worked. Antivirus companies are fed up with zofzpcb versions (and alike) not having any virus on them! Just taking their time.

An ideal world
Is it the way it should go?
It looks like the concept of "antivirus" is more about trust than the real thing. First, it takes a lot of energy to write a good virus. Then, it takes even more to reverse engineer a program and check for intentions. Trust is easier. Is any progress possible in this field?
Post Reply