I sent the offline installer .exe file to a virus lab and they ran 5 virus detecting apps. 4 out of 5 identified the offline installer as a possible virus.
Something not many users know, is one kind of heuristic metric that antivirus products wanting to show they are able to catch more virus than the competition ( "before they are even classified!" ), is the number of submissions sent by users to those sites!
Their flawed assumption is: since we don't have the slightest idea what this program really does but, if lots of users don't trust it, maybe it *might* be really dangerous. That's way easier and cheaper than trying to properly detect real threats, which is way more complex and would require a very deep and very slow analysys that will be slower and slower the more viruses are found.
I already explained so many times the various industry standard measures we use to prevent false positives but, repetition sometimes is required:
- ALL our executable are digitally signed with a Microsoft Authenticode signature, which cost us yearly fees to be maintained, and it would have been revoked if we ever got caught spreading a real virus. When you complain to an antivirus company asking what to do to prevent your software to be mistakenly flagged as a thread, the first thing they suggest, is to...digitally sign it with a Microsoft Authenticode. But it seems some antivirus products trust more their flawed heuristic than that.
- In ADDITION to that, we follow another IEEE standard, called "Software Taggant", which is a standard promoted by several antivirus vendors, because they DO realize that False positives are bad for their business too, so they come up with that one, and it's another Digital signature that is designed precisely to help antivirus products to not mistakenly flag legit programs as threats. So, in addition to the Microsoft Authenticode signature, we ALSO have the Software Taggant digital signature too. But again, while this standard has been out there since 2011, it seems that even in that case, some antivirus trust their own heuristic more than the standard they promoted.
So yes, we are following all the best practices to prevent false positives, but there's no limit how bugged security software can be. During a Windows update, Windows Defender flagged ITSELF as a threat, and in another case it flagged Flightsimulator.EXE as a threat too, see here:
https://www.avsim.com/forums/topic/584937-exclude-the-flightsimulatorexe-from-anti-virus/And the Firewall too:
https://forums.flightsimulator.com/t/windows-defender-firewall-blocks-some-of-the-features-of-this-app/376624So, following your reasoning, is MSFS itself a "security nightmare", because it can also be blocked by Microsoft own security products, and it's common knowledge that it's best to add Flightsimulator.exe to the antivirus Exclusions too ?
