"Antivirus XY has detected a suspicious program ..." "Shut up!"

Sven Krumrey

There's one piece of news that has our staff gnarl like a pack of raging dogs. It's usually something along the lines of "Antivirus XY has detected a virus in our program YZ". If bad vibes could be turned into energy, we'd be able to power all of Germany! We know the story all too well. At the risk of ruining the punchline: I can assure you that these are always false alerts, we don't distribute malicious code. That doesn't stop antivirus software developers, malware scanners, operating systems or even browsers (!) from happily raising hell whenever one of our applications or applications from other developers are about to be run. To make it brief, there's a race going on, a race for trust - and millions of Dollars.

Another threat detected

It all began so harmlessly. Bad girls and (mostly) boys wrote a couple of viruses, worms and other undesirable programs that were either a threat or just a nuisance. Good antivirus solutions had an extensive repertoire of signatures to compare these threats against and detected most of them. New threats always meant updated signatures and unless you were surfing dubious sites you were mostly in the clear as long as you had a decent antivirus program. These programs performed real time analysis, scanning files, memory and network traffic. For a while, everything was fine until the number of viruses steadily increased and variations were put out at a much faster pace.

Until then, every approach was based on an action-reaction scheme meaning that malware had to be known first before it could be detected. Whenever malicious code didn't match any of the signatures, threats went unnoticed and bad things happened. Since virus creators weren't stupid they quickly began modifying their code to hide it from antivirus programs and they did so with amazing perseverance and creativity. Soon, the Internet was flooded with malware that became a tough nut to crack for security suites. A highly lucrative market began to deteriorate and trust began to wane. That's when proactive procedures were designed to catch malicious code for which no signatures were available before it would become effective. Antivirus solution developers wanted to stay ahead in the competition.

A quite impressive Anti Virus image

Originally a good idea, there was a downside every police officer is familiar with: How do you recognize perpetrators unless you catch them in the act? Eventually, you'll try to guess from its behavior whether a file is malware. It's easy to see the problem with that approach when you keep the police officer in mind. This officer would have to preemptively arrest people whose behavior matches that of known criminals or who live in the same area. That's what proactive virus scanners try to do - with very mixed results. Using heuristics, behavior analysis and sandboxing, each program is carefully monitored and rated according to its potential threat level.

Not only does this help with virus detection but it also drives (Ashampoo) software developers to the edge of insanity thanks to false alerts. Lately, browsers, modern operating systems and various specialized malware scanners have joined the security game. Security sells and companies are trying to create an preserve trust, I can understand that. For us as a company, this means more false positives that we will have to report to the affected security software developer hoping that the issue will be fixed in a timely fashion. Every new software will be closely scrutinized because it doesn't have a good reputation yet. Surprisingly: Some security software developers allow you to buy a good reputation. For a handsome fee, your products will suddenly be deemed well known and highly trustworthy. Oh well.

Safety first all the time

Don't get me wrong, I do believe antivirus programs are necessary. Combined with smart users, that don't just happily click on everything, they can greatly improve computer security. Just don't trust them blindly whether it's a seemingly safe setup file or a (false) alert. If you're uncertain about files you downloaded from us, right-click the affected EXE file and select "Properties" from the appearing context menu. Then, click "Digital Signatures". If our signature is present the file was created by us and can be considered safe. I am honestly hoping antivirus software developers will continue to improve their proactive procedures to detect threats more reliably, for your sake and for ours.

Back to overview

Write comment

Please log in to comment