One of the most frustrating aspects of life as a developer is when your application is accidentally detected as malware. This not only makes you look bad, but it could scare away users and damage the brand’s reputation.
Tools like Windows Defender Advanced Threat Protection (Windows Defender ATP) use a multi-layered approach to security that improves threat detection and scalability, but could also lead to more false positives in certain instances, Microsoft noted in a recent blog post. For developers, Microsoft addressed the ways that false positives can be reduced in the Microsoft ecosystem, starting with how apps are published.
“Avoiding false positives is a two-way street between security vendors and developers,” the post said. “Publishing apps to the Microsoft Store is the best way for vendors and developers to ensure their programs are not misclassified. For customers, apps from the Microsoft Store are trusted and Microsoft-verified.”
SEE: Quick glossary: Malware (Tech Pro Research)
In addition to publishing to the Microsoft Store, there are other steps developers can take to reduce the chances of false positives. According to the post, here are five best practices.
1. Digitally sign files
Digital signatures help ensure that a piece of software hasn’t been changed or tampered with since it was signed by the publisher, the post said. It is not a guarantee that the software is bug-free, but since the publisher’s name is attached to the software, there’s a higher incentive to mitigate any issues.
2. Keep good reputation
According to the post, developers can gain positive reputation by signing files with a digital certificate with positive reputation. But, if one of the files or the certificate is compromised, that could impact the rest of the files associated with that certificate.
“We thus advise developers to not share certificates between programs or other developers,” the post said. “This advice particularly holds true for programs that incorporate bundling or use advertising or freemium models of monetization.”
3. Be transparent and respect users’ ability to choose
To improve a customer’s control over what happens on their device, developers shouldn’t use nontraditional install locations or misleading software names, the post said. Additionally, using techniques like obfuscation, and other behaviors commonly associated with malware, can trigger Windows Defender ATP to flag your software, the post said.
4. Keep good company
What programs your file is associated with will also affect its reputation and how it is viewed by Windows Defender ATP, the post noted. What these associated programs install, or what is installed alongside them will also be taken into account. This won’t always lead to a detection, but it could impact your software reputation, the post said.
5. Understand the detection criteria
This may seem obvious, but learning how Microsoft makes detections can also help you avoid a false positive. Click here to see Microsoft’s criteria.
For more information on how to dispute a false positive, check out the original blog post.