Friendly fire: how security software messes up

Kalvermelk 2c

Have you ever wondered why, in the era of Deep Learning and hover-boards*, security software can still mess up? Why is it so challenging to distinguish clean files from malware? Here are 10 simple tips to make sure your software won’t be blasted off customers’ machines. *(they don’t really hover)

For the past 10 years, I have been hunting down, analyzing and preventing False Positives from Symantec’s Security Stack. In this presentation I would like to demonstrate caveats of typical AV techniques. These techniques struggle with: legitimate packed/obfuscated files (for protecting intellectual property), ambiguous behavior (secure lockers for mobile devices, network proxies), unreasonable deployment techniques, and bad reputation caused by bundled applications.

Through examples and analogies with offline security concepts, I will explain why security software can still mess up.

I will make recommendations as to how a startup or software company can reduce the risk of having their product treated as suspicious by security software.

Cloud & Serverless