I'm an amateur programmer, and I'm getting desperate and mad because of a big issue: most of my programs are blocked by avast anti-virus, while some aren't, and I don't understand why. The more I try to investigate, the less I understand what the problem could be.
I'm requesting your help to find a solution so that my programs are no longer blocked, or, as a default, at least some strong clues that would explain why it might be the case. There are already many topics about that on the web. However, most of them give only superficial answers: they just explain how anti-virus works with signatures and detection heuristics, or state that you just have to add the offending application in the white list without asking any other question. While it is certainly correct, it's not acceptable answers in my sens, because I'm still left with my own programs that refuse to work without any concrete idea to start investigating.
First of all, the only anti-virus that blocks my programs is avast 7.x. No other anti-virus see any inconvenient to run my software. Secondly, I haven't avast myself; it is installed on a friend's machine. I have windows 7, he has windows XP. I'm completely sure that the problem is avast only: when it is temporarily disabled, or if the program is added to its white list, everything works nicely as expected.
Three different programs are in trouble :
The first one is open source, I can give a link to the executable and the source code if needed. The two others are closed source but free to use, I can give a link to the executable of the current version only. the only obvious common things between these three programs are me as a developer, my windows 7 machine that compiled them, the compiler family which is MinGW/GCC, and they are all win32 GUI applications without any framework (no MFC, no WPF, no QT, WXWidgets or whatever; just pure win32/C GUI applications)
Here are my observations and though so far :
The problem is caused by avast 7.x auto-sandbox. The following happens when one try to start a program disliked by avast :
This is unacceptable. newbie users of my program, especially the game, don't know how anti-virus works; don't know how to put it into the white list and why it will unblock it; don't know how to change settings of their anti-virus; if they see the pop-up, wont understand it and will end up being afraid or disappointed because they can't play without knowing why; and if they don't see the pop-up, I can't expect them to wait 5 minutes with a half-freezing computer. each time they want to play.
From there, I made the following deductions :
Additionally to that, I also though that the fact I'm distributing my programs as portable zip files may be a reason for avast to block, and conversely, the fact that a program is well installed in program files may be a reason to trust it more. So I made a simple experience: I compiled a new inno-setup 5 installer for the beta 2.0.0 of my game, as well as one for the version 1.3 of my text editor, and discover that the installers themselves were blocked !
I made another experience with my friend, where I tried to find exactly the place where the programs crash, based on using MessageBeep (MessageBox is also blocked !). I didn't noticed anything problematic. The game is blocked when SetDlgItemText is called for the first time in the login dialog box, but if I remove all SetDlgItemText it is blocked further down. IN the text editor, it is blocked while populating the menu bar...
My conclusion is, there is something that avast don't like in the new version of my game, in the old versions of my text editor, and in my audio player. Something that is absent in the newest version of my text editor. What could it be ? Do you have any clue ? Do you have only an idea on how I could proceed to find what it is so that I can hope to fix it ? Is there only a way to analyse such a problem, or is the hole world screwed by avast?
Note that I'm a single person and not a company, all those programs are free to use, I have not pay any IDE to develop them, and I'm not paid by the users when they use them, so I assume that a certificate is probably not affordable at all. Moreover, I don't know if it's a true solution, how to sign an application compiled with GCC, and I really don't want to switch to an "usine à gaz" like MSVC. I would prefer strongly forget that option if there is any other solution, even a very dirty one.
Thank you for reading.
A nice way to increment the confidence of all AV software is to digitally sign your code. Thawte has the cheapest well-recognized certificates starting below 100 € / year.
-- update after @Herr_Doktor's comment nearly two years later --
I recently ran into a new situation when code signing was not an option - I write open source for Joomla in php. After I received the first indications that Avast marked my file as a (false) positive, I contacted them and they whitelisted my file within hours.
In order to make my life easier, I am creating a separate file with the supposedly "dangerous" function, so that future changes to the program won't require to re-submit it for whitelisting.
Possibly the speed in their response was helped by the fact that reading a short php file is faster than reverse engineering compiled code; nonetheless they were kind, quick and effective.