Recent

Author Topic: Why So Many False Positives?  (Read 1077 times)

Dennis1

  • New Member
  • *
  • Posts: 14
Why So Many False Positives?
« on: February 27, 2024, 08:48:55 pm »
I've written a few Lazarus programs that I depend on in my job. Unfortunately, virus scanners often flag them as malware and delete them without warning. I have lost a lot of work because of this. I've tried F-Secure, Bitdefender, Avast, Avira, and Microsoft Security Essentials, and only MSE doesn't have the problem.

I should add that I know the code in these programs quite well and there is nothing dodgy going on. They are all fairly basic by most programming standards. My computer is clean, and I've tried the usual reinstalling and recompiling from scratch etc.

Thoughts?
« Last Edit: February 27, 2024, 08:52:39 pm by Dennis1 »

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11459
  • FPC developer.
Re: Why So Many False Positives?
« Reply #1 on: February 27, 2024, 08:53:12 pm »
There are many similar threads on the forum, so I suggest you search a bit.

Basically antivirus writers are lazy.

Thaddy

  • Hero Member
  • *****
  • Posts: 14391
  • Sensorship about opinions does not belong here.
Re: Why So Many False Positives?
« Reply #2 on: February 27, 2024, 09:03:48 pm »
Not all of them. But at least on Windows use Defender. It is simply better than the old school F-Secure, Bitdefender, Avast, Avira, or God forbid, McAfee or Norton.

But always report a false positive and refer to the startup code, the compiler, the sourcecode, etc.
« Last Edit: February 27, 2024, 09:07:01 pm by Thaddy »
Object Pascal programmers should get rid of their "component fetish" especially with the non-visuals.

rvk

  • Hero Member
  • *****
  • Posts: 6171
Re: Why So Many False Positives?
« Reply #3 on: February 27, 2024, 09:06:41 pm »
Not all of them. But at least on Windows use Defender.
Microsoft hasn't fixed the current false positive yet which you reported.
Even today I got a false positive with Windows Defender.

(I normally compile in an excluded directory but when compiling an unsaved project it goes to %temp% and I'm not going to exclude that one  ;) )

I'll report next one I'll get too.

Thaddy

  • Hero Member
  • *****
  • Posts: 14391
  • Sensorship about opinions does not belong here.
Re: Why So Many False Positives?
« Reply #4 on: February 27, 2024, 09:09:17 pm »
Strange, but I am on an MS - soon to be released - beta 11 developers release. I know they fixed it.
Simply report it yourself too. You know how, complete.
(meaning I get versions before the consumer does)
« Last Edit: February 27, 2024, 09:12:10 pm by Thaddy »
Object Pascal programmers should get rid of their "component fetish" especially with the non-visuals.

jamie

  • Hero Member
  • *****
  • Posts: 6131
Re: Why So Many False Positives?
« Reply #5 on: February 27, 2024, 11:12:13 pm »
This is what I've noticed, if you have some JS/Java constants in your code, it triggers the virus detection.
The only true wisdom is knowing you know nothing

Wallaby

  • Jr. Member
  • **
  • Posts: 81
Re: Why So Many False Positives?
« Reply #6 on: February 28, 2024, 12:28:44 am »
I guess your code is unsigned, while the majority of legitimate apps carry digital signatures.

I have a bunch of Lazarus-produced apps and they seldom cause a false positive, likely because they are signed with an EV certificate.

Though depending on what you do, it may not be worth it as they are expensive and only available to companies.

n7800

  • Jr. Member
  • **
  • Posts: 94
Re: Why So Many False Positives?
« Reply #7 on: February 28, 2024, 01:49:48 am »
(I normally compile in an excluded directory but when compiling an unsaved project it goes to %temp% and I'm not going to exclude that one  ;) )

You can change the directory for temporary projects - just open the IDE options (Ctrl+Shift+O) and you will immediately see the option "Directory for building test projects".

domasz

  • Sr. Member
  • ****
  • Posts: 437
Re: Why So Many False Positives?
« Reply #8 on: February 28, 2024, 11:48:19 am »
I guess your code is unsigned, while the majority of legitimate apps carry digital signatures.

That has been invented just to make more problems for small teams, make them poorer and so Microsoft can say they try to defend computers against malicious software. It gives no extra security for users. There's lots of signed programs made by huge corporations that are evil, spy on people and steal personal data. There are signed programs that break the OS (like some Windows updates).

Instead Microsoft should improve Windows and make it more secure. Windows Defender is a good step towards that.

Dzandaa

  • Sr. Member
  • ****
  • Posts: 254
  • From C# to Lazarus
Re: Why So Many False Positives?
« Reply #9 on: February 28, 2024, 06:13:00 pm »
Hi,

I tested a lot of antivirus next year

The worse was Bitdefender, eating my RAM.

And the conversations with the helpdesk were epic :)

I was a big fan of Avira, a few years ago, my company had a site License.

But now, it's full of plugins, like Phantom VPN and Speedup.

So my solution for Windows is... MS Antivirus + Comodo Firewall
and this: https://www.oo-software.com/en/shutup10 for other sort of Spywares

:)

B->
Dzandaa

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11459
  • FPC developer.
Re: Why So Many False Positives?
« Reply #10 on: February 28, 2024, 06:17:09 pm »
I'm a fan of Winaero.

 

TinyPortal © 2005-2018