Antivirus Software that Cries Wolf

Whichever managers decided to start marking mining software as 'viruses' or 'malware' are doing a grave disservice to the integrity of the software industry.

Labelling something that isn't a virus a virus because of some ideology is not only dishonest, it undermines trust of the user base. Whether or not one disagrees with mining, it's not the purview of antivirus software to "decide". Your job as antivirus software is to tell us if it's malware or not. That's it.

I don't see it as a small thing. It's a fundamental violation of a sort of 'implied contract' that has been in place for decades that I should be able to trust that my anti-virus software is simply working to protect me from just that - viruses and other classes of malware. Now I no longer know what their agenda is, but it's clear they have other agendas. A sort of 'trust' is broken.

I'm supposed to be able to trust that the anti-virus vendor is trying to protect me from viruses. If I can't do that, an anti-virus becomes far less useful, and in fact dangerous - I now have to question and second-guess every single thing the anti-virus flags, because I can't trust it's telling me the truth.

It also increases the likelihood that users end up with a very real virus, because the day they download something that actually has malware in, and the antivirus flags it, the user is more likely to ignore the antivirus and disable it because "Oh, it is probably the antivirus software crying wolf again"

Chrome also blocks users from downloading some mining software, labelling it as 'dangerous' and not even giving the user an option to proceed.

Are we supposed to believe they're just trying to protect technically naive users from heavy CPU/GPU usage? If that were the only agenda, why not just flag it with a message like "This software can cause heavy resource usage, and may damage your hardware if your system cooling is not set up correctly, are you sure you want to proceed? Yes/No"

What next - labelling software as a "virus" because the AV vendor disagrees with the political beliefs of the company owner? Once the fundamental trust is violated, it feels to me as if all bets are off, and any agenda may be next. 

I feel like I need a new category of software called a "true anti-virus" that does what an antivirus is supposed to - tell me if the thing is malware or not - not block it just because it's mining software. I know and understand exactly the implications of running mining software on my hardware --- if something is "malware" because it maxes out resource usage, then benchmarking software, prime95, rendering software and many resource-intensive games should also be blocked as malware.

Related, these days Microsoft's "SmartScreen" also incorrectly flags and blocks software that is perfectly safe --- even (I believe fraudulently) implying to users that the software is dangerous --- even if it's signed with a valid code signing certificate, purely on the basis that it isn't signed with an Extended Validation code signing certificate - I disagree with this. At most, it should put up a warning like "This vendor's credentials have not been rigorously certified by certification bodies, proceed anyway? Yes/No" or something along those lines. Do they own shares in the companies that sell Extended Validation certificates?

Comments

Popular posts from this blog

Last Refuges of Great Art

The Aquatic Ape Hypothesis and the 'Wet Look'