I worked at Symantec on the reputation team, tools I worked on directly generated the reputation behind the WS.Reputation.1 message.<p>First: file a false positive report at <a href="https://submit.symantec.com/false_positive/" rel="nofollow">https://submit.symantec.com/false_positive/</a> . (Options: "When downloading a file", "Norton Internet Security 2012 or Norton AntiVirus 2012", "Download Insight")<p>This goes directly to the team and they should have your programs whitelisted within a few business days.<p>Second: sign your executables. This goes a long way. And no, it doesn't have to be Verisign.<p>Third: don't change domains. This wiped out your known reputation. (Would have been acceptable if your binaries were signed)<p>Symantec is not out to squish the little guy. Sometimes you do have a few more hoops that you are required to hop through. Symantec should have better transparency on how this process works, it's something I pushed for pretty heavily but never had the power to get done.<p>Don't worry, you're not alone.
Example: We weren't able to get Mozilla to sign their beta or developer builds that are shared on multiple mirrors (domains not related to mozilla). We'd get lots of angry (understandably) reports of reputation issues on these builds.<p>If anybody has any questions within reason, I'll be glad to answer them.
It's not just Symantec.<p>I've had issues with multiple AV companies that pertained to binary-string signatures in my code. The AV companies I've dealth with all seem to have online ticketing systems that allowed for rapid correction of these situations.<p>A few months ago, I found that a command-line screen-capture tool that I publish was flagged as malware by multiple AV products due to behavioral characteristics.<p>In ScreenKap, I was experimenting with obfuscation of text-strings used by the code. I removed the obfuscation from the code and resubmitted to VirScan.org. I received a clean bill of health.<p>Note that I did not formally pursue this with any of the AV companies as the string obfuscation was an experiment and was nothing that needed to remain an integral part of my product. If my assumption is correct ( please note that it is an assumption ), we might be restricted to coding in the way the AV companies think we should code.
Norton has caused a large amount of frustration for our GitHub for Windows users - Symantec will basically block any EXE using MSys, because of its use of the CreateRemoteThread API. There is no way I am going to submit all of the 200+ EXEs that comprise MSysGit to that web form, though we will try signing all of the EXEs.
We have Symantec AntiVir at work.<p>Few months ago I was researching way to make DLL's behave like OSX/linux - e.g. while they are loaded, they can get replaced. This is doable with the compiler option /SWAPRUN:CD,NET - e.g. if your dll/exe was running from CD or Network, and the media went down, it should still work. This somehow pulls the whole data somewhere (I guess in the page file), and it can be replaced.<p>Anyway, as soon I as started using this Symantec started reporting virus reports - not for everything - but few were enough for me to stop.
Suppose Symantec started a program where companies were allowed to pay for their apps to be white listed would and precluded from this check. Could this be considered a protection racket under anti-trust rules?
Is there even much point in using AV software?<p>I ask this because I have never installed any on my computer (including on Windows) and I have only ever <i>knowingly</i> been infected once in the last 10 years (I think this happened because I didn't update Windows Media Player and it was still associated with a file type and somehow a rogue media file streamed from a website attacked it).<p>On the other hand people I know who have things like Norton etc installed seem to have <i>way</i> more problems with their computers than me (including fairly tech savvy people). For example programs randomly breaking, tracking cookies being flagged as "malware" , general slowness of the system , nonsensical warning messages etc. Besides that they still seem to end up infected with malware more often than me and usually re-format their systems once every few months.<p>On that one occasion that I did end up infected , I had to install 3 different AV programs and do full scans before it was even detected.<p>Mac and Linux users never bother having AV installed and as far as I am aware there is nothing inherently more secure about either of these systems than there is Windows 7.<p>If you are running a network , surely it would be simpler just to disallow any executable files apart from those explicitly whitelisted and to make sure security patches are installed?
I once worked for a company that ran into this same problem, hence, I have a whole lot of sympathy. However, I also sympathize with Symantec.<p>The biggest problem with the AV world is that it tends to be reactive. A criminal releases a piece of malware, it infects computers and then there is a fix released. The problem is that there is a gap between release and fix and criminals exploit this gap to steal information.<p>Reputation analysis is one possible solution. Alas, when it fails, it fails big (and hurts primarily independent developers).
Software that does this should become illegal. This is technical slander.<p>They are not even trying to explain what this means, the reason for this is simple: they want to show off, how many times they "protected" their customers, so that they are fooled to believe that AV products actually have value in them.