Anti-Virus

What's AV (Anti-Virus software)?

According to Antivirus Software Wiki, Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software.

What is a malware behavior, how to detect the malware behavior? it is really a very basic question to ask. It depends on your safety requirement, just like Microsoft's annoying UAC issue, most people just press ok to continue. All anti-virus products have to face the same issue, at the machine code level, it is really hard to tell if a software modifying your code is good or bad. Microsoft patches system dlls at run time to keep OS version compatibility and virus /cracker does this in the same way.

One of the few solid theoretical results in the study of computer viruses is Frederick B. Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses. However, using different layer of defense, a good detection rate may be achieved.

Performance and other drawbacks

Antivirus software has some drawbacks, first of which that it can impact a computer's performance.

Furthermore, inexperienced users can be lulled into a false sense of security when using the computer, considering themselves to be invulnerable, and may have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection, it must be fine-tuned to minimize misidentifying harmless software as malicious (false positive).

Antivirus software itself usually runs at the highly trusted kernel level of the operating system to allow it access to all the potential malicious process and files, creating a potential avenue of attack.

False Positive Report

It is a well known issue that most anti-virus products can generate false alarms due to their own technical problems, please refer to: Independent Tests of Anti-Virus Software for detailed report.

How can I verify my application is anti-virus friendly?

You can upload your exe file to the following multi-AV online scanners for a free test.

1. Virus Total
2. Metascan Online
3. VirSCAN.org
4. Virus Check Mate
5. Jotti's Malware Scan

Is SoftwareShield protected application anti-virus friendly?

Our latest virus scanning report of a wrapped test case gets a good mark 96.36% (detect ratio: 2/55), SoftwareShield anti-virus report

How to avoid false positive report for my SoftwareShield protected app?

You can:

1. Try digital signing your wrapped exe, many scanners will bypass your exe once it is signed; if you do not have a valid digital signature, a private one will be good enough sometimes.
2. Try wrapping your product in different ways (or simply repeat multiple times), sometimes anti-virus scanner will not give false-alarm for unknown reason;
3. Submit your wrapped exe to the anti-virus product support team to let them add it to scanner's white-list;

My SoftwareShield protected app seems launch very slowly when AV software is installed, how to improve it?

It is ok that you wrap all your game files in a single & big exe, but it might start up slowly when some stupid anti-virus software trying hard to scan every bits of your exe in real-time, so our recommendation is creating a second data package that hosts all your game data (movies, audio, pics, etc.), it can also be easy to upgrade if your game data is not changed between versions, only the exe package need to be replaced.

How can I submit false positive report to AV vendors?

Here is a very good article on How to Report Malware or False Positives to Multiple Antivirus Vendors,

Another helpful web site is: What Do I Do If an Engine Detects My Safe File as a Threat?

Another indirect way is submiting your exe to public online scanner web site like Virus Total, it will send your file to AV vendors if it is tagged as virus.