Avast Default=Small Time Dev?Must be making malware. Give the app user a scare!!

I’m pretty cheesed off with this so called antivirus. The reason is that every time I build an application, Avast! stops it from running. I’m using VS2010 and one app I’m developing in particular keeps being consigned to the malware bin. >:(

The paranoid bit: But Avast! must like my application, because it wants me to submit it. Thus giving away a hugely (in development time) expensive license for free for Avast! to rip off or resell or simply use themselves. If I don’t submit it, and I do distribute the application, Avast! will tell it’s users that it contains malware and being to destroy it’s reputation.

Why does Avast! not run the application silently before shouting warnings and taking action based upon a rubbish heuristic guess? It’s being debugged under appname.vshost.exe for goodness sake!! Can’t it even detect that? :o

Yes, one day I might buy digital signing, but initially, for 100 users it was going to be free, in return for feedback. (Beta Testing)

For the record my app does not hook the keyboard, or do anything illicit, or write to incorrect places etc etc and has only a few warnings from MS .net code analyzer. One of those is a deeply complicated series of calculations under one function:

(Warning 2 CA1502 : Microsoft.Maintainability : ‘Form1.xxxxx_Click(Object, EventArgs)’ has a cyclomatic complexity of 37. Rewrite or refactor the method to reduce complexity to 25.)

How can we as small developers stop Avast! from treating apps as malware that are not ready to be submitted to avast for analysis? After all it could go through several major development changes before finally being released?

My proposed solution: Can Avast! issue some kind of token and sign the app for themselves from my development environment? That avast token could be embedded in my code if necessary (my option where and how). Obviously it would need to test and run the app before adding to Avast! whitelist, but as I am running it inside a development environment, Avast! could take that into account and assume that I know what I’m doing!!

Thanks for reading…

Rob

My proposed solution: Can Avast! issue some kind of token and sign the app for themselves from my development environment?
That will never happen ofcourse. If they would do that it means that everyone who is developing malware could get such a code bypassing security/detection.

If you are sure there is no malicious code in your software, just submit it to avast through the contact form so they can have a look at it. It could be a false positive.

Try this form http://www.avast.com/contact-form.php

Or…

Send the file to virus@avast.com in a “zipped” password protected file.
Choose the “subject” as you desire.

Additional: Software under development will always send up a red flag.
It’s the final product that matters.

Edit: Deleted one line.

I heard… yes only 2nd hand, that getting an app whitelisted during development stages is worthless. Also, the whole point would be to run and test the app and either issue or not issue a token. I can’t see malware developers wanting to run their product via an antivirus checker!!! lol

I don’t see why they can’t sign the app for avast users. They will accept 3rd party signing! why don’t they issue a token of their own. If avast! wants to ensure safety, in a FAIR manner, don’t trash unknown apps by default. Analyse them at runtime once and issue a token to that MD5.

Oh it is a false positive. Other AV don’t flag it. and it’s not doing anything bad. not even a 3rd party dll or control or even connection to the web. all legitimate stuff.

You wrote a lot, and so I might have missed it, but you didn’t mention what check Avast failed your program on.

If you’re going to distribute code online nowadays, you’ll want to get a code signing certificate, which indicates to others that you have been vetted and that the module you’ve provided hasn’t been tampered with. Yep, it’s a pain, and yep, it costs a few hundred bucks, but it’s the way of the world.

-Noel (another developer)

You’d be surprised, most of them do.

Yes, thank you :slight_smile: I’m aware of that opportunity to upload. I mentioned in the other comment that getting it checked while under development is worthless because it can change.

I know why new software is initially a little bit suspicious, and i appreciate the safety, but as it’s running under appname.vshost.exe it implies that i’m debugging it.

The token idea seems reasonable to me. shrug

Most probably won’t happen.

Hi Noel, It failed because it was suspicious! :confused: win32:Evo-gen [SUSP] thats all i know. Avast doesn’t supply more information than that does it?

Actually. thinking it over, yes. i can see why they would.

nods probably. But it’s a shame that over zealous antivirus is taking over so much more of our computers. At this rate, in the future 99% of our cpu power will be processing operations on our computers. no processing the work it should be doing.

We’re losing the antivirus war in the fact our tools that prevent virus are actually hampering us :frowning: (yes, slightly over exaggerated, but the point is still valid, if you see what i mean)

a few hundred bucks is what i dont have right now. :frowning: but yes, it is seemingly more and more necessary…

Well, you can exclude your dev dirs from scanning. :wink:

well, avast could avoid scanning them. and then avoid marking them as viorus and throwing them into the chest. :wink:

well, avast could avoid scanning them. and then avoid marking them as viorus and throwing them into the chest.
Not virus ...... Suspicious

Anyway this is the price we pay for using generic/heuristic detections to be able to catch new virus before signature is created
If lots of undetected malware slipped by … what would you say then?

The best advice is create an infection free software.
The mere fact that avast detects the malware speaks volumes for the
efficacy of avast.

Let’s take a look at it this way…Imagine a malware/virus author creates a new software and avast
gives them a token. Now with that token the infectious material gets loose on the web. Who would gets the
blame? The author or avast for handing out the token? The best way is for the developer to keep testing
their work with an antivirus and anti-malware software. Once it is confirmed infection free then release it
to the general public.

Until then upload the zipped file to virus@avast.com and let the virus lab experts deal with it.
After all that’s what they are there for.

It treats ‘suspicious’ and ‘virus’ the same way though Pondus. In the bin and scare the user.

Don’t get me wrong though, I agree that locking down threats at the earliest possible opportunity is good for everybody, and if my code unintentionally and inadvertently did bad things, it’s right to lock it up. No questions. The problem is most developers aren’t all major organisations that have the resources behind them to do such things as get a full security audit or buy expensive certificates that need renewing. etc. Avast! whilst being a market leader and doing a great job at fighting ‘bad stuff’ is slowly destroying hobbyist and the smaller developer, without putting anything back into it.

If Avast! wants to take a tough stand against ‘baddies’, that’s good, but they should also have the same enthusiasm to ensure ‘good’ programs/programmers are recognised. Remember this is not auto-whitelisting that i am proposing. But a cheaper intermediate than buying thawte or other certification, that is just used for a specific MD5.
I can get a free class 1 ssl certificate by answering some questions here: https://www.startssl.com/?app=32 and I envisioned something similar from Avast! for developers/users.

To answer the next comment on the next page about “what if the malware developers get a token. What then?” ← That’s exactly the same as them getting their worked signed by any other authority. s
What-if’s such as that would prevent everything that ever progressed. And Avast! would not exist, nor would any other technology whatsoever. We’d still be freezing our butts off in caves because “‘What if’ the fire we created from rubbing sticks together burned us?”

It treats 'suspicious' and 'virus' the same way though Pondus. In the bin and scare the user.
I agree with that. It has been suggested that the suspicious popup should be in another color (yellow) and with suspicious txt at top, and ask what action to take