An open letter for Antiviral software companies

The Idea of the Open Letter
As you might have heard, there are still issues with False Positives Alerts from Antiviral software and compiled AHK scripts.

We (the guys who already contributed to this topic here: http://de.autohotkey...opic.php?t=2918) thought it might be a good idea to set up an open letter, which addresses all those companies whose virus scanner produces these false alerts.
The Goal
Right now, we have a letter template which is open to discussion. It is available in two language versions: english and german

The goal is to inform AV companies that they generated wrong signatures and these cause that every compiled AHK script is treated suspisious and as potential dangerous. It also might be a good idea to translate these letters into more languages, so that individual AHK users can send their own copies to AV companies to emphasize its importance
Publishing
The idea consists of two parts:
1st of all, as soon as the letters get into a version most of us agree with (lets say in a few weeks) these will be sent to support or to virus report email addresses from AV companies.
2nd part is to encourage all autohotkey users to copy this from here (source) and to send it as a individual version (email addresses where to send will be listed here)

Also as soon as any answer comes in, it 'll be published here for everybody to read.
The English version

In the name of Autohotkey's community:

Good day,

We create software with the open source scripting language Autohotkey. After compiling, by means of packaging the script with a stripped-down version of the script interpreter to an executable binary file, rather than converting the script to machine code, our software is often recognized as malware and therefore as a false positive. This may be because compiled scripts are UPX packed. This is the default setting.

Your antiviral product recognizes every program that was made with Autohotkey as malware, and renders these harmless and useful tools useless. This is a very displeasing behaviour. It gets even worse when our programs are used in companies and because of false positives trusting users get bewildered. Neither our nor your reputation benefits from such behaviour of antiviral software.

Unfortunately this is not the first time that there are false positives with compiled Autohotkey scripts as a background. We'd like to ask you when generating viruses signatures, that Autohotkey's scripting language interpreter is not treated as malware.

Kind regards,
Autohotkey Community

<!-- w -->www.autohotkey.com/forum/<!-- w -->
de.autohotkey.com/forum/

The German version

Im Namen der Autohotkey Community:

Guten Tag,

Wir erstellen Software mit der Open Source Skriptsprache Autohotkey. Diese Software wird durch das Kompilieren, also dem Zusammensetzen des Skriptes mit einer schlanken Version des Interpreters zu einer ausführbaren Binärdatei - nicht dem Umwandeln des Skripts in Maschinencode, sehr häufig als Malware eingestuft und ist damit ein false positive. Es kann daran liegen, dass die kompilierten Skripte mit UPX gepackt werden. Das ist die verwendete Standardeinstellung.

Ihr Produkt zur Virenbekämpfung erkennt alle Programme, die mit Autohotkey erstellt wurden, als Malware und macht diese harmlosen und nützlichen Programme damit unbrauchbar. Das ist sehr unangenehm für uns. Viel schlimmer aber wird es, wenn unsere Programme in Firmen genutzt und dann arglose Benutzer durch solchen false positives verunsichert werden. Weder unserem noch Ihrem Ruf ist ein derartiges Verhalten von Antivirensoftware förderlich.

Es ist leider nicht das erste Mal, dass es false positves in Zusammenhang mit Autohotkey gibt. Wir möchten sie deshalb bitten beim Erstellen der Viren Signaturen darauf zu achten, dass sie nicht den Interpreter selbst als Virus abstempeln.

Mit freundlichen Grüßen
Autohotkey Community

de.autohotkey.com/forum/
<!-- w -->www.autohotkey.com/forum/<!-- w -->

The Korean version

AutoHotkey 커뮤니티로 부터:

안녕하십니까, 귀사의 무궁한 발전을 기원합니다.

우리는 오픈소스 스크립트 언어인 AutoHotkey로 소프트웨어를 제작하고 있습니다. AutoHotkey는 스크립트를 기계어로 변환하는것 대신 스크립트 인터프리터를 포함한 바이너리 실행 파일로 패킹하는 컴파일 과정이 있는데, 컴파일을 하고 나면 자주 악성코드 또는 바이러스로 오진되고 있습니다. 아마도 스크립트가 기본 설정인 UPX로 패킹되기 때문입니다.

귀사의 백신 제품은 전혀 해롭지 않은데도 불구하고 AutoHotkey로 만들어진 모든 프로그램을 악성코드로 진단하여 유용한 프로그램들을 쓸모 없게 만들고 있습니다. 이러한 오진은 우리의 프로그램들이 회사등의 사무환경에서 쓰여질 때 사용자에게 더욱 혼란을 초래하고 나아가 귀사 제품의 평판을 떨어트리고 있습니다.

유감스럽게도, AutoHotkey에 대한 이러한 오진은 처음이 아니기에 우리는 귀사의 백신 제품에서 AutoHotkey 스크립트 인터프리터를 더 이상 바이러스로 오진하지 않기를 희망합니다.

이만 줄입니다.

<!-- w -->www.autohotkey.com/forum<!-- w -->
de.autohotkey.com/forum

Thx, heresy

The Norwegian version

På vegne av Autohotkey's samfunnet:

hei,

Vi lager programvare med åpen kildekode skriptspråk Autohotkey. Etter kompilering, ved hjelp av pakking av skriptet med en strippet ned versjon av skriptets tolk til en kjørbar binær fil, i stedet for å konvertere skriptet til maskinkode, vår programvare blir ofte gjenkjent som malware og derfor som en falsk positiv. Dette kan være fordi skript er UPX pakket. Dette er standardinnstillingen.

deres antivirus gjenkjenner hvert program som ble laget med Autohotkey som malware og behandler disse harmløse og nyttige verktøyene som ubrukelige. Dette er en svært skjemmende atferd. Det blir enda verre når programmene våre blir brukt i bedrifter og på grunn av falske positiver tillitsfulle brukere får bewildered. Verken vår eller deres sak drar fordeler fra slik oppførsel av antivirus programvaren.

Dessverre er ikke dette første gang at det er falske positiver med kompilert Autohotkey prosedyrer som en bakgrunn. Vi vil spørre deg når du genererer virus signaturer, at Autohotkey's skriptspråk tolk er ikke blir behandlet som malware.

Vennlig hilsen,
Autohotkey samfunnet

<!-- w -->www.autohotkey.com/forum<!-- w -->
de.autohotkey.com/forum

Thx, imapow

Whats left?
Comments, wishes, ideas, and corrections are welcome Whoever is willing to do a translation into a different language, is welcome to do so. The more translations we have, the better the impact of phase II publishing (individual version) will be, since we can address not only the International HQs of those companies, but also national HQs.
A big thanks to IsNull, he initiated the Letter in Germany's forum page, and thanks to everybody else who participated so far.

greets
derRaphael

Edit (May 20, 2008 - 1036 GMT+1): Changed Virii to Viruses (thx, fry) and updated the suggestions Lexikos mentioned (thx, Lexikos)
Edit (May 20, 2008 - 1050 GMT+1): Fixed minor typo and added the description of compiling procedure
Edit (May 20, 2008 - 1107 GMT+1): Edited post to a nicer layout
Edit (May 21, 2008 - 0048 GMT+1): Added Morwegian, thx imapow
Edit (May 21, 2008 - 0101 GMT+1): Added Korean, thx heresy

Excellent idea! Where/How do you envision publishing it so that the Antivirus vendors will notice it?

I think this is a good idea - I count myself lucky that McAfee has never flagged my compiled apps as malware / virii.

publishing:

the idea consists of two parts: 1st of all, as soon as the letters get into a version most of us agree with (lets say in a few weeks) these will be sent to support or to virii report email addresses from AV companies.
2nd part is to encourage all autohotkey users to copy this from here (source) and to send it as a individual version (email addresses where to send will be listed here)

i have to say, that this was not my idea. i just carried on the idea from IsNull who wrote the initial german version.

also as soon as any answer comes in, it 'll be published here for everybody to read. still if there are special wishes, better ways to phrase the content of the letters, everybody is welcome to contribute.

greets
derRaphael

@DerRapael

To not confuse the Anti-Virus vendors

instead of virii, use viruses

It's the proper plural for virus.

instead of virii, use viruses

It's the proper plural for virus.

No it's not.

instead of virii, use viruses

It's the proper plural for virus.

No it's not.

thats what i thought, then i went for the link and ....... <!-- m -->http://www.merriam-w...ictionary/virus<!-- m -->
.........
the internet (and a 10 year old) proved me wrong

Cool, I never knew that. You learn something new every day!

not confuse the Anti-Virus vendors

Do not worry.. They would not be!
I see nothing wrong in using virii ..

Well DerRaphael was asking for better ways to phrase the content of this and I thoguht it was along the lines of this so I posted it

I have a few suggestions:

After compiling our software is often recognized as malware and therefore as a false positive.

Should it mean "...compiling our software, it is..." or "...compiling, our software is..."? It may be worth briefly explaining that "compiling" is packaging the script with a stripped-down version of the script interpreter, rather than converting the code to machine code.

A reason might be, that the compiled scripts are UPX packed.

Perhaps "This may be because compiled scripts..." would be better?

Your antiviral product recognizes every program, that was made with Autohotkey as malware and renders these harmless and useful tools useless.

I'd guess the usage of comma is an artifact of translation. I'd suggest the comma be moved to after "malware," since that is where I would pause when speaking the sentence naturally.

Sadly this is not the first time that there are false positives with compiled Autohotkey scripts as a background.

I think there would be a more straight-forward way to say this, but I'm out of time for now.

updated typos (thx, fry) modified content (thx, lexikos) and made a pretty page layout for 1st post. still - if anybody willing to contribute a different version - either content or language - lets say french, spanish, dutch ... or some better idea to phrase content of the letter ... ya know, post iT!


greets
derRaphael

i'm not sure if this board can display eastern asian languages properly. however korean translation is here.
AhnLab is korean company and there are more that i can't come up for the moment

The Korean version

AutoHotkey 커뮤니티로 부터:

안녕하십니까, 귀사의 무궁한 발전을 기원합니다.

우리는 오픈소스 스크립트 언어인 AutoHotkey로 소프트웨어를 제작하고 있습니다. AutoHotkey는 스크립트를 기계어로 변환하는것 대신 스크립트 인터프리터를 포함한 바이너리 실행 파일로 패킹하는 컴파일 과정이 있는데, 컴파일을 하고 나면 자주 악성코드 또는 바이러스로 오진되고 있습니다. 아마도 스크립트가 기본 설정인 UPX로 패킹되기 때문입니다.

귀사의 백신 제품은 전혀 해롭지 않은데도 불구하고 AutoHotkey로 만들어진 모든 프로그램을 악성코드로 진단하여 유용한 프로그램들을 쓸모 없게 만들고 있습니다. 이러한 오진은 우리의 프로그램들이 회사등의 사무환경에서 쓰여질 때 사용자에게 더욱 혼란을 초래하고 나아가 귀사 제품의 평판을 떨어트리고 있습니다.

유감스럽게도, AutoHotkey에 대한 이러한 오진은 처음이 아니기에 우리는 귀사의 백신 제품에서 AutoHotkey 스크립트 인터프리터를 더 이상 바이러스로 오진하지 않기를 희망합니다.

이만 줄입니다.

<!-- w -->www.autohotkey.com/forum<!-- w -->
de.autohotkey.com/forum

@DerRaphael: Very nice.

I think that its current form is too verbose. I (usually ) like to make my posts and e-mails as concise as possible without omitting anything of value.

Subject: False positives -- AutoHotkey

Good day,

We create software with the open source scripting language AutoHotkey.

Your antiviral product UNFAIRLY recognizes every compiled AutoHotkey script as malware.

A compiled script is simply a scaled-down copy of the AutoHotkey binary with a copy of the script tagged onto it. Compiled scripts are compressed with UPX by default, and we believe this may be the cause of some false positives.

Unfortunately this is not the first time this issue has cropped up. False positives cause trusting users of our scripts to become bewildered, and benefits neither our nor your reputation.

We'd like to ask that when you generate virus signatures, scripts compiled with AutoHotkey are not treated as malware.


Kind regards,
The AutoHotkey Community

<!-- w -->www.autohotkey.com/forum/<!-- w -->
de.autohotkey.com/forum/

Let me know if you think I've missed anything important.