Post by zandra_s » 16 Nov 2023, 03:31
I have been trying to help out with reporting false positives. However, after seeing that half of the companies either do not provide a clear way to report these issues or they do not respond at all.
VirusTotal and their contributing AV vendors simply do not care about small developers or open-source projects because ignoring issues is cheaper than resolving them since there is no harm to the VirusTotal and AV companies anyway.
While I understand their business perspective, I still believe that this behavior is deeply unethical. When a company has a public presence like this, they should provide an easy way to resolve false positive reports because these things can cause harm to small development teams and open-source projects, and this is unfair to them.
I suggest start thinking of ways to get the attention of VirusTotal and AV vendors.
One of the ideas I got was to write reviews on Trustpilot, so that they have more incentive to react to false positive report, since having a bad score on Trustpilot would do the exact thing what they do to different development projects and make their potential customers trust them less.
Note that I am not proposing to spam Trustpilot with 1-star reviews. I believe that the reviews should be fair and consider these factors (at least these are the ones that come to mind):
- Do they provide a way to report false positives.
- How hard it is to report false positives.
- How transparent their process is about the status of the report.
- How long does it take to resolve the issue.
- Is this documented somewhere clearly on their website.
What do you think?
I have been trying to help out with reporting false positives. However, after seeing that half of the companies either do not provide a clear way to report these issues or they do not respond at all.
[b]VirusTotal and their contributing AV vendors simply [u]do not care[/u][/b] about small developers or open-source projects because ignoring issues is cheaper than resolving them since [u]there is no harm to the VirusTotal and AV companies[/u] anyway.
While I understand their business perspective, I still believe that this behavior is deeply unethical. When a company has a public presence like this, they should provide an easy way to resolve false positive reports because these things can cause harm to small development teams and open-source projects, and this is unfair to them.
I suggest start thinking of ways to get the attention of VirusTotal and AV vendors.
One of the ideas I got was to write reviews on Trustpilot, so that they have more incentive to react to false positive report, since having a bad score on Trustpilot would do the [u]exact thing what they do to different development projects[/u] and make their potential customers trust them less.
Note that I am not proposing to spam Trustpilot with 1-star reviews. I believe that the reviews should be fair and consider these factors (at least these are the ones that come to mind):
- Do they provide a way to report false positives.
- How hard it is to report false positives.
- How transparent their process is about the status of the report.
- How long does it take to resolve the issue.
- Is this documented somewhere clearly on their website.
What do you think?