Living with Virus Scanners
Virus Scanners and other types of Antivirus products aim to protect your computer from malicious software. Over a hundred companies make Antivirus (AV) products with recognized names like Norton, McAfee, Avast, etc. Their products are commonly used on Windows computers, but not so much on macOS. Microsoft includes its own virus scanner, Windows Defender, on new Windows computers.
AV companies have done a great marketing job convincing consumers their products are needed to keep their computer safe. What they fail to mention is the tremendous cost to users in hours of lost productivity, broken software, deleted files and slower performance. For unsophisticated computer users, the damage caused by AV software often far exceeds the damage caused by viruses.
Often the most effective way to prevent a virus infection is to install the latest OS updates and only download software from trusted sources. That said, software vendors must understand how to deal with AV software on their development and customer computers.
If a customer encounters a problem when downloading, installing, activating or running a new software product, their first reaction is to assume that the software has some kind of bug. Virus scanners are often the root cause of most early problems encountered by a customer.
AV Software Pitfalls
- Blocked Downloads - AV Software, Firewalls, Web Browsers or sometimes the computer OS itself may block the download process of an application or installer.
- Deleted Applications - Your customer will typically download your application or installer to their computer from your website. If your software is deleted or aborted on launch, that is often caused by a virus scanner.
- Internet Communication Blocking - When launching a new application, a customer is typically prompted to enter a Serial Number to activate the product by communicating with an online activation server. If that process fails, a virus scanner or firewall may be blocking communication between the App and the online server.
- Missing Files - Some virus scanners delete files created by an application without notifying the user. This type of problem may not be discovered until days later when the user attempts to use the application again. Understandably, the user may be convinced that something is wrong with their computer, the hard drive or the application itself.
- Application Failures - Most applications read and write data to disk. When a virus scanner unexpectedly (and sometimes randomly) deletes a file, the application will likely fail. The malicious actions of a virus scanner are often intermittent which adds to user confusion.
How Virus Scanners Work
There are hundreds of AV products and different versions of each product. Each Virus Scanner works different. Some virus scanners only block known viruses. Others block suspected files that match some kind of signature. Some block almost ALL software until it has been added to a trusted application list. Some Virus Scanners quarantine a suspected file, while others delete it without informing the user and let them discover the negative consequences later.
Reputable virus scanners will have the ability to add new applications to a trusted list so they don't block or interfer with its operation. The burden is on the user to understand how their specific virus scanner works and to mark new applications as trusted.
Virus scanners sometimes report False Positives and flag new software as a potential virus when it is not. A vendor or user can report the problem to the company that makes the AV product and most will eventually update their product to resolve the issue. All software vendors will occasionally encounter a concerned customer when a virus scanner mistakenly flags their product as a potential virus.
Free online resources are available to scan a file or URL for an application or installer. See VirusTotal. Within seconds, a report is presented showing the scan results of up to a hundred virus scanners. Most vertical market software with a user base under a million users will occasionally get flagged with False Positives.
How Vendors Deal with AV Software
- Educate Users - Unfortunately, vendors often face the burden of educating users about the negative affects of using a Virus Scanner. On your download page, instruct users to add your application or installer to the Trusted List if they use a Virus Scanner. Some users may be unaware that Windows Defender is turned on by default and may affect downloaded software.
- Code Sign Apps and Installers - Some virus scanners will trust a Code Signed application or installer. Vendors code sign their product to improve the customer experience. Most virus scanners are content-based so they look at what the application does and make a guess on whether or not it is safe to run. Code Signing helps most with the Software Delivery process.
- Isolate the Problem - Let the user know that if they run into a problem, they should immediately suspect the Virus Scanner. As a quick test, they can temporarily turn off the virus scanner, then install and run the application to ensure that it works as expected. Once the root cause of the problem is identified, corrective action can be taken.
Windows Defender
False positives are a potential problem with all virus scanners including Windows Defender. It can block an application from running, interfer with the normal operation of that application or even delete it without your consent.
Learn how to turn off Real-Time scanning in Windows Defender if you suspect it to be the root cause of a problem.
Code Signing Apps and Installers
To Code Sign an App or Installer, a software vendor must first get a Code Signing certificate. There are many independent Code Signing authorities that issue Certificates for Windows software. The vendor must provide company information, pay an annual fee and after an authentification process that typically takes several days, a Certificate is issued.
For macOS software, the vendor pays Apple $100 for an Apple Developer account. Through a somewhat convoluted process, they can get a Code Signing certificate downloaded to their development computer. With new macOS computers running Sierra, High Sierra and Mojave, Apple has added security features that make it difficult for users to download software until it has been code signed.
Code signing authorities often provide a tool to apply the Certificate to your App or Installer. New versions of QuickLicense, AppProtect, DocProtect and QuickLicense Server can Code Sign applications during the build process.
ClickInstall for macOS can code sign your applications, libraries and the installer itself when building a 64-bit installer for your macOS software. See the 64-Bit Code Signed macOS Installer video on the Development tab for a demonstration.
ClickInstall on Windows can code sign your applications, libraries and the installer itself when building a 32-bit or 64-bit installer for your Windows software. See the ClickInstall Windows video on the Development tab for a demonstration.