Why Developers Hate Antiviruses

I hate antivirus software. I really do. Like almost every desktop software developer.

And the reasons are:

#1 - False-positive alarms

I'm sick and tired that my software is being detected as a "virus"...

• ...in spite of being signed with a trusted Verisign certificate.
• ...in spite of being .NET-based (a platform which is not very "virus-authoring-friendly", so to speak) and not even using any code-obfuscation.
• ...in spite of using the "ClickOnce" installation-technology (in other words - the code runs in a sandbox).
• etc.

Why?

Because if your software has some kind of copy-protection built-in (encrypts and stores serial numbers, hides parts of the source code to protect from reverse engineering etc.) - an antivirus will most likely detect some "very dangerous" trojan.

Because if your software tracks mouse or monitors keyboard (like our AutoText for instance) - an antivirus will detect a malware.

Because if your software is some kind of a "compiler" - i.e. it's capable of building its own EXE-files - an antivirus will detect a self-replicating virus. Oh, and all your EXE-files will also be marked as viruses by the way (since you're most likely using a "self-executing-unpacker-code + data" architecture, which is considered a risk-factor by most antiviruses, no idea why).

Because if your software uses the "ClickOnce" technology (an auto-update framework that comes from Microsoft and is built-in to Windows!) - an antivirus will detect a "trojan downloader" and block your website in some cases.

These are just the few... And these are the actual reports I deal with every week. "Help, AVG blocks your installer saying it's a Trojan!", "Help, Opera has just blocked the downloaded file!".

EVERY. FUCKING. WEEK.

#2 - Antivirus vendors not dealing with false-positive reports properly

Now, dear antivirus companies! I understand - Users come first. Their security is your utmost concern. If someone sends you a virus sample - dealing with it is your #1 priority. I understand. I'm one of your paying users after all.

But please don't forget about us, the developers. We do send samples as well - the "false-positive" samples. We deserve some response. Fine, let it be within a week. Two weeks. A month. Two months. But please react!

Instead, some of you do not even have a feedback form or a forum on your website so we can upload a false-positive... And those who do, sometimes require us to send you our code-signing certificates, home-addresses, company papers and photo-IDs... We're guilty by suspicion. Everything is a virus until the author proves the opposite.

PS. In fairness, though, some antivirus companies do have these feedback forms in place, have nice developer support, and react promptly.

#3 - Antivirus my ass!

Create a simple C program with a code like this:

#include <windows.h>
#include <string>

int __stdcall WinMain(HINSTANCE,HINSTANCE,LPSTR,int)
{
  return MessageBoxA(0,(std::string("->")+GetCommandLineA()+"<-").c_str(),"Cmdline",0);
}


Compile it with a free "express" edition of Visual Studio 2008:
cl -Os -EHs-c- -GR- -MD test.cpp /link -fixed:no user32.lib -incremental:no -out:test.exe

Now test this program with your favorite antivirus. Voila! A "TR/ATRAPS.Gen" has been detected.

Congrats! You've just wrote your first virus!

Our Two Cents on SOPA

Jitbit Software has just transferred all of it's domains away from GoDaddy because of their SOPA bill support.

That's the least I can do. I'm outside the US, so I don't have a congressman to contact. If you are - sending a letter to your congressman is the only way to prevent the bill from being approved.

If you’re not sure what the "Stop Online Piracy Act" is - visit this link and read SOPA For Dummies

Now, there's a question that haunts me these days. Lots of non-tech friends, ex-colleagues, even some fellow hackers keep asking me:

"If you're selling downloadable software online, you're supposed to support SOPA, right?"

Read more »

[Infographics] The Ultimate Career Advice

I'm SO happy to be in the middle.

And don't forget to check the 24 Steps To Success.

Rethinking the Cloud

For months I've been thinking that a "cloud-server" is just an overpriced version of a VPS.

Don't get me wrong, I get the platform - as a software engineer. As a business owner - I even get all the benefits - elasticity, reliability, scalability, flexibility and all the other "bilities". On the other hand...

See, a regular VPS also runs "virtually" - just like the cloud. It's isolated from the host-machine failures - just like the cloud. The latest VPS-software (say, vSphere) can even do load-balancing, shadowing and real-time switching between physical hosts in case of a hardware failure - just like the cloud.

So, what's the difference then?

Read more »

Trying Rails & Mac, confessions of a .NET developer

I run Windows on my MacBook.

Windows - because I'm a .NET developer and our startup is mainly Microsoft-based. And, to be honest, I like Windows 7. Finally, a decent OS from Microsoft.

And MacBook - because it's simply the best hardware you can get for it. The unibody design is awesome, the keyboard & touchpad are great, the 17" screen is fabulous... I love my Mac. I'm practically an Apple fanboy.

The only thing I don't like about my Mac - is Mac OS X.

It just didn't suit me from the very beginning. That blurry font-rendering, that mouse acceleration you can't disable... Also, I'm a gaming junkie and, let's say, Mac is not the most popular gaming platform.

But let's try a Mac for a change

Read more »

Boosting Creativity Tip #1

"Ideas don't come from watching television" Seth Godin.

Stop watching. Start reading books.

When you read a book, your brain is in the "uber-creative" mode. It analyses the text and tries to visualize what you read. It builds abstractions, pictures, sometimes even a whole new universe... Every time your read something - your brain is working out in gym.

On the contrary, when you watch - everything is pre-created for you. You just sit there and consume the picture. Your brain rests. Everything is pre-constructed.

And just like your body passes through different sleep-phases before it goes to the REM sleeping phase, your brain passes through different creativity phases before it reaches the "uber-creativity" peak. This means, the reading process should last, uninterrupted, 10 minutes least. So we're talking fiction books, not Twitter, not blogs or news feeds. Not even professional literature. Fiction books. Biographies. Semi-fiction books, like Steve Jobs story or Anything You Want by Derek Sivers (highly recommended, by the way).

All the coolest ideas I had - I had while reading a book or listening to a great talk. So here are some tips for reading more:

1. Take reading to where you have to wait - in the lines, at the landromat. Use public transportation - buses and the tube - instead of a car.
2. Use gadgets. Use your smartphone. Buy an electronic reader and take it wherever you go. Since I bought my first Kindle, I read much more. Much more. Though now I prefer Sony over Kindle.
3. Always have something to read. And contrary to common belief - it's great to read several books at a time. It's working out, remember?
4. Use audiobooks when jogging, biking or cooking
5. Read less. Read books you enjoy. If the book doesn't feel "right" after the first chapter - move on, don't force yourself. Don't feel pressured to read a book just because someone gave it to you as a present. Or you got it free at some conference. Stop. Move on. Otherwise only a half of your brain will be actually reading, the other half will be busy fixing your attention.

Outgoing Links Effect for SEO: Experiment

There's been a lot of debate about whether external linking helps or hurts your SEO and most of the SEO experts including the gurus at SEOmoz tend to think of external-linking as a good strategy.

Read more »

Go Get A Cofounder [Mistakes I Made #5]

This is the 5th post in the "Mistakes I made" series, where I share the "donts" of my startup experience.

I'll start from afar. My website has a number of pricing tables and I thought the tables look just fine. Until one morning I realized that they're a complete usability nightmare. Here's the "before" look:

Read more »

"90% of your users are idiots"

I just overheard this conversation between two developers at a co-working site:

"I plan creating a prototype for my new XXXX application, whatcha think it should be - a web-app, or a desktop app?"

The answer was:

"90% of your users are idiots who won't be able to tell the difference"

Read more »

What If Drivers Were Hired Like Programmers?

What if drivers were hired like software developers?

Job title: car driver

Job requirements: professional skills in driving normal- and heavy-freight cars, buses and trucks, trolley buses, trams, subways, tractors, shovel diggers, contemporary light and heavy tanks currently in use by NATO countries.

Skills in rally and extreme driving are obligatory!
Formula-1 driving experience is a plus.

Knowledge and experience in repairing of piston and rotor/Wankel engines, automatic and manual transmissions, ignition systems, board computer, ABS, ABD, GPS and car-audio systems by world-known manufacturers - obligatory!

Experience with car-painting and tinsmith tasks is a plus.

The applicants must have certificates by BMW, General Motors and Bosch, but not older than two years.

Compensation: $15-$20/hour, depends on the interview result.

Education requirements: Bachelor's Degree of Engineering.

Saw this on a programmer's forum, but was unable to locate the original. Let me know, I'd be happy to link.

Rootkit on a brand new Toshiba Laptop

Sorry for the offtopic, this post has nothing to do with startups, web-development or entrepreneurship, but I felt I should still write this

I've just discovered a built-in rootkit in my wife's brand new Toshiba laptop. A non-removable malicious software application right from the manufacturer. That even captured and sent-out screenshots of my wife's work... But first things first.

Read more »

Why I hate IE6. And why I miss IE6

I'm getting kinda tired of cross-browser development. Yes, I know... The more the better, competition rocks, rendering standards are great, FireFox is cool, Chrome is awesome, and the evil MSIE monopoly is sacrilege.

Read more »

Lessons learned from The Traffic Spike

My recent blog post about the Chinese hard drive has attracted HUGE amounts of traffic. It's been featured at TechCrunch, Slashdot, Reddit, StumbleUpon and others. Of course, after being upvoted at HackerNews - my long-time personal favorite.

It was "liked" by 14K (forteen thousand) people on Facebook and retweeted more than 2.5K times. My blog has received about 450 000 visits (and still counting) - thank God I host it at blogger.com, otherwise my server would be dead by now.

But what's in it for me and my startup? Let's have a look at the ups and downs:

Read more »

Electronic Reader Running Doom 2

Being a huge fan of electronic readers, I could not pass this up. This is a leaked video of Doom 2 running on "PocketBook 360 Plus" prototype, recorded by a PocketBook employee. To be precise, it's running PrBoom - a Linux port of the original game from id Software.

This looks pretty amazing - the FPS seems really nice for an e-ink screen.



UPDATE: I've just dug up that the e-Ink screen model being used on this device is "e-Ink Vizplex V110". Full device specs:

Screen - 5″ V110
CPU - FreeScale i.MX35 ARM11 533MHz
RAM - 128mb RAM