Remote Access Software and Erroneous Virus Detection Problem
The problem of mistakenly identifying a particular program as a virus is as old as the Internet, especially for developers of remote access software. For example, we often receive complaints from users that an antivirus program has blocked Remote Utilities.
The antivirus program's extensive authority over the user's computer lies at the root of the problem. Moreover, the user usually trusts the antivirus program completely. A user doesn't continue installing or launching a program marked as "suspicious". On one hand, the user is indeed protected against launching malicious programs. On the other hand the antivirus program degrades the user's experience when it prevents him from accessing a remote computer or places executable files into quarantine -- or even deletes them.
Web filters can also cause problems. They have different names in different antivirus programs. For example, the Kaspersky antivirus program calls its filter Web-Antivirus. This type of filter can prevent the user from opening a webpage if it considers its contents suspicious.
Sending a report of an erroneous virus detection
Fortunately, any user or developer can send an antivirus company a request to fix an error. Usually such requests are included in a false positive report form. In practice, however, such a form can be difficult to find on the websites of certain antivirus software companies.
We conducted our own experiment in order to determine how easy it would be to send false positive reports using the websites of various antivirus companies. We examined the websites of 8 large antivirus developers. The ease of accessing the forms for sending a false positive report was measured against a rating scale from A to D:
A - The link to the form is accessible on the main page or in the main menu. B - The link to the form is located somewhere within the site, usually in the Support section. It is relatively easy to find with the help of menu navigation. C - To find the form it is necessary to search the website or use Google. D - The form was not found in a reasonable amount of time. The user was required to send a message or fill out a "Contact Us" form.
It was notable that among the companies receiving a B or C grade, the presence of a form did not necessarily mean that the form could be used to send a false positive report. Most often it was a standard form used to send a question to a technical support department. In the subject line of the form it was possible to select the option "send a question regarding a false positive report."
Such results offer no indication of how well a particular antivirus program executes its intended function. They only speak to how easy it is to provide feedback in the case of a false positive report. As can be seen in the table, only one antivirus company of those surveyed -- Symantec -- placed a link to the form on the main menu. Two others placed the form in an easily accessible location. Five companies received a completely unacceptable result, since the users were required to guess where the form was located, and, not having found it, send a message to technical support.
In practice, many antivirus program vendors, especially large ones, behave like a bull in a china shop, hindering the business activities of other software companies and blocking legitimate programs. Often, this affects remote access software applications. This situation is created by the unlimited authority an antivirus program has over a user's computer and the user's often complete trust in the program. One way to solve this problem would be for antivirus software companies to simplify the process of sending notifications of false positive reports.