One of the most frustrating aspects of life as a developer is when your application is accidentally detected as malware. This not only makes you look bad, but it could scare away users and damage the brand’s reputation.

Tools like Windows Defender Advanced Protection (Windows Defender ATP) use a multi-layered approach to that improves detection and scalability, but could also lead to more false in certain instances, Microsoft noted in a recent blog post. For developers, Microsoft addressed the ways that false positives can be reduced in the Microsoft ecosystem, starting with how apps are published.

“Avoiding false positives is a two-way street between security vendors and developers,” the post said. “Publishing apps to the Microsoft Store is the best way for vendors and developers to ensure their programs are not misclassified. For customers, apps from the Microsoft Store are trusted and Microsoft-verified.”

SEE: Quick glossary: Malware (Tech Pro Research)

In addition to publishing to the Microsoft Store, there are other steps developers can take to the chances of false positives. According to the post, here are five best practices.

1. Digitally sign files

Digital signatures help ensure that a piece of software hasn’t been changed or tampered with since it was signed by the publisher, the post said. It is not a guarantee that the software is bug-free, but since the publisher’s name is attached to the software, there’s a higher incentive to mitigate any issues.

2. Keep good reputation

According to the post, developers can gain positive reputation by signing files with a digital certificate with positive reputation. But, if one of the files or the certificate is compromised, that could impact the rest of the files associated with that certificate.

“We thus advise developers to not share certificates between programs or other developers,” the post said. “This advice particularly holds true for programs that incorporate bundling or use advertising or freemium models of monetization.”

3. Be transparent and respect users’ ability to choose

To improve a customer’s control over what happens on their device, developers shouldn’t use nontraditional install locations or misleading software names, the post said. Additionally, using techniques like obfuscation, and other behaviors commonly associated with malware, can trigger Windows Defender ATP to flag your software, the post said.

4. Keep good

What programs your file is associated with will also affect its reputation and how it is viewed by Windows Defender ATP, the post noted. What these associated programs install, or what is installed alongside them will also be taken into account. This won’t always lead to a detection, but it could impact your software reputation, the post said.

5. Understand the detection criteria

This may seem obvious, but learning how Microsoft makes detections can also help you avoid a false positive. Click here to see Microsoft’s criteria.

For more information on how to dispute a false positive, check out the original blog post.

Also see

developer.jpg  - developer - Microsoft: 5 tips for developers to reduce malware false positives

Image: iStockphoto/nd3000



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here