Published on by

At the time of this writing there are 73 security vendors which are well enough known to be included in VirusTotal automated scanning. Sadly, it seems that some of those vendors do not deserve to be featured there.

Surely you are wondering why am I writing about this? It's simple — I had enough of their "security". I write simple tools for Windows platform and if you are reading this it is likely that you've at least checked out my site Downloads section or even downloaded and used some of them.

Recently I've updated ME3Buyer to version 1.0.3 and like I always do with all my tools I've uploaded it to VirusTotal first (you can see the scan result here). This time, 4 "security" vendors have flagged it as malicious, some of them claiming moderate confidence(!), and some outright labeling it as a Trojan.Kryptik@AI.88 or TROJ_GEN.R002H09CR25. Those vendors are as follows:

  • DeepInstinct
  • Elastic
  • SecureAge
  • Trend Micro

I was also tempted to include Rising in the above list, but they were the only ones who had an actual person respond to my false positive submission via email so I'll leave them out for now. However, their results still shouldn't be trusted in isolation.

As for the others, I am hereby declaring all of them malicious and here's why:

  1. Executable is clean and signed using commercial IV code signing certificate — their results are ML generated false positive
  2. Their business model seems to rely on scaring customers by detecting more "threats" than reputable vendors like ESET
  3. They all make it hard if not impossible to submit false positive samples or take forever to do something about them

DeepInstinct is the worst offender here as they seemingly don't have a false positive submission form, and their regular contact form doesn't even allow GMail addresses so good luck disputing their results if you are an individual developer.

When we are at that, why should I have to prove my innocence by repeatedly submitting false positives to those "security" vendors every time I make a new release? If there was any justice in this world, they would all be liable for false claims about maliciousness of my tools. As it stands, I am just glad that my livelyhood doesn't depend on my reputation with those "security" vendors.

As a final note — if you download anything from my website and ESET or Windows Defender flag it, then don't run it and let me know using the contact form.