bramcohen: Business Idea - non-malware whitelisting

Bram Cohen (

bramcohen) wrote,
@ 2008-10-03 13:40:00

Business Idea - non-malware whitelisting
There are several different products which will scan your computer for malware. Of course, if you produce a widely distributed application you want to not set any of them off. Currently everybody manually checks to see if they're setting off the latest updates to the malware detectors, and the different suppliers of such software have, ummm, widely diverse approaches to dealing with reports of false positives. This is all a huge pain in the ass, and a giant distraction for lots of application companies.

Somebody please set up a service to do such testing false positive reporting for companies which make applications. The world needs such a service badly.

(Post a new comment)

	agthorr 2008-10-03 09:00 pm UTC (link)
	If such a service existed, how would anyone detect that an installer from a legitimate and well-meaning company has become infected with a virus or trojan? (although unusual, unfortunately this does happen) (Reply to this) (Thread)

	bramcohen 2008-10-03 09:04 pm UTC (link)
	I didn't say it was trivial, I just said that there's a market opportunity. (Reply to this) (Parent)(Thread)

	agthorr 2008-10-03 09:08 pm UTC (link)
	Fair enough =) (Reply to this) (Parent)

	root_fu 2008-10-03 09:42 pm UTC (link)
	What's the most common false postive, specifically? Aren't there only 2-3 major false positives that 90% of end users will face, in which case might it not make more sense to address those instances individually? -confused- (Reply to this) (Thread)

	bramcohen 2008-10-03 09:51 pm UTC (link)
	This is a service for the application developer, not the malware detection software vendor or the end user. For the app developer, and false positives at all are a PR disaster. (Reply to this) (Parent)(Thread)

root_fu
2008-10-03 10:21 pm UTC (link)

Sorry.

What I meant is many malware detection suites simply label all 3rd party attempts at client server connectivity as positive identification of 'a trojan'.

If all false positives were attributable to application functionality rather than esoteric, isolated, causes... It may be a good idea to develop a work around rather than a new business model.

-Shot in the dark 283243832

(Reply to this) (Parent)(Thread)

bramcohen
2008-10-03 10:34 pm UTC (link)

There's all kinds of heuristics they use for detecting malware, including scanning files and detecting behavior. Working around it is generally infeasible - how are you supposed to work around a heuristic which you don't even know what it is? And how are you supposed to know when you're setting off warnings, when you're releasing a new version every couple weeks or days and there's a slew of vendors which could be setting off warnings?

(Reply to this) (Parent)

	ryanlrussell 2008-10-03 10:04 pm UTC (link)
	So I'm offering this whitelisting service to app vendors... I take each binary, disassemble it, work through the halting problem and null hypothesis, against some arbitrary definition of "malware"? For... what, $100 per file or so? (Reply to this) (Thread)

	root_fu 2008-10-03 10:28 pm UTC (link)
	Eh, I think he means a software testing service. Like: send me apps, I download all new malware killah software with updates. I send you results. (Reply to this) (Parent)

	orange4aks 2008-10-06 06:00 pm UTC (link)
	I'd like to white list incoming calls to my cell phone, and rely on a mutually-reported gray/black list to ignore these 'car warranty' scam calls that come in 5-8 times a week (Reply to this)

	yet another cost... themusicgod1 2008-10-13 09:28 am UTC (link)
	that simply does not exist in the gnu/linux using world. (Reply to this)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs