Antiviruses and other “security solutions”

I am working in software company and many sometimes we have some enterprise level companies as our clients. And sometimes we have problems with our software with some of these clients. Sometimes it is legitimate bug on our side. But very often there is conflict security software. And sometimes it is so painful to deal with, that I decided to write about.

Let say I bought and installed some software on my home computer. And then I found that it does not work. I contacted support and they asked me to temporary remove my security software to check that there is no interference with their software. I can do it and we quickly can confirm whether this was a problem.

But the bigger company there are way more problems to do this check. Security software is managed via Group Policy, and person who is working on that particular computer does not have administrative right to remove this software. So, they that person has to contact IT with reason, why do they want to remove this software. Then IT will contact their boss, that boss will contact boss of that person who has problems. And there will be a lot of emails between them. As result it takes weeks to resolve while person is not able to use software that company paid a lot of money.

Then finally IT disabled security software even I clearly mention that it should be removed (more on this below). And then after 1-2 more weeks, finally security software is removed, and confirmed our initial suspicion. Then company will add our software to exclusion list or contact vendor of that security software, so they will fix their problem. But in some cases, due to bureaucracy they simply will not remove this software, because nobody wants to take responsibility for that decision, because “somebody can hack us” or something similar. Even when we ask to prepare new PC and just do not install anything except our software. And as result sometimes they cannot use software they paid.

And here any smart reader will raise immediate question. How can we be so sure that problem not in our code? Well, we did spend huge amount of time investigation these cases. And in every situation, we found that problem is in security software. We had many cases when small application with 3-4 lines of code does not work with security software but works simply fine with it. Kind of lines like open file, read file, close file. There is no way to do it any different. Moreover, none of vendors that developed security software ever contacted us and say: looks guys it is clearly problem in your software and provide some details.

Let me explain, how these security solutions work. They had to intercept access to disk and network, so they able to analyze content of the file, or network packets. For some cases it is easy to do because Microsoft kindly provide some open points for security software vendors. But some of them is quite tricky. Also, some of these points are at quite low level. For example, for network it could be at packet level. And as result security software must assemble these packets to analyze content. And if user downloading say .zip file, then security software usually unpacks it to analyze content etc.

As you probably got it by now, that it is quite complex task. And as result there are a lot of bugs there. I already wrote about wasted weeks of developer’s time when our company tried to rollup new security software. Developers spent a lot of time thinking why code that worked for years, suddenly stopped working. They tried many different things and none of them work. And finally, I realized that our company updated security software and quietly rolled it our via Group Policy. I can talk about this for ours, because we tried quite a few different products.

But what makes that problem worst, that disabling such software pretty much never helps. This is because bugs are usually at intercept layer and it is always active. Disabling software will just change analyzer and it will always return “Ok, it is safe”.

And I have to say, that most of these problems usually happens with big companies that use some “enterprise level security solution” I never heard before. Obviously, such software is not that battle tested as most common antiviruses on the market because they have way less users and most of these users use exactly the same software/hardware. And as result these enterprise solutions have way more bugs.

And if you ask me, what security solution I do recommend, I will answer: you already have it on your computer. It called Microsoft Defender. I never had any problem with it and if you check some tests, you will find it is quite decent. And obviously Microsoft knows how to write software for their OS.


Post comment