mrkpl125
commented
2 days ago I should add to what was said above: VirusTotal is more of a marketing problem than a technical one. If not for VirusTotal, who would even know names like "AntiyAVL," "Trellix," or "Varist"? These are entities you’d only care about if your customers specifically used their antivirus software.
But VirusTotal exposes detection results from these obscure engines to millions of users, creating the impression that your software is dangerous. This happens because VirusTotal uses red font for any detection, even if it’s just a PUA or PUP. As a result, you might get an email from a prospective customer saying, “I’ve quickly checked your software on VirusTotal, and it says 10/71 malware.” That’s it—no further context.
You’re then forced to waste enormous time trying to convince rogue antivirus vendors to remove their detections, explaining over and over that simply being listed on VirusTotal harms your reputation and misleads your customers and prospects. This cycle is exhausting and counterproductive for independent software vendors.
As a small software vendor in today’s "cybersecurity" world, the biggest issue isn’t false positives (FPs) themselves—it’s the lack of response from antivirus vendors and the total lack of accountability from "aggregators" like VirusTotal and sandboxes that publish unchecked detection results.
Isn’t it time for small and independent software vendors to unite and push back against this “detection madness”?
Take examples like DeepInstinct, Elastic, or the Chinese antivirus engine AntiyAVL—they never respond to FP reports. VirusTotal does nothing to screen the engines and sandboxes it showcases, yet its results damage small vendors by falsely marking legitimate software as harmful. This destroys reputations and erodes customer trust.
We need terms like "rogue detection" and "rogue antivirus engine" for cases where vendors unjustly classify software as PUP, PUA, malware, or trojans and refuse to fix it. A single small vendor has no power to change their minds, especially if the rogue a/v vendor is a big player. The only way forward is publicity. Rogue vendors’ false detections, lack of response, and dismissive behavior must be exposed publicly to their customers. These engines should be flagged as rogue because if they allow false positives, who’s to say they don’t also allow false negatives?
Independent software vendors (ISVs) need a community where they can share false positives, and highlight the role of VirusTotal and rogue vendors in this mess. Ideally with the 'roguemeter' and a title 'Rogue antivirus engine of the month/year' :) Also, the 'rogue YARA-rule writer of the year' and so on.