September 22, 2020

Microsoft requires software developers to follow the rules to prevent malware and potentially unwanted applications

2 min read

Microsoft Windows Defender anti-virus software is not low on the ability to kill viruses, but the more troublesome problem is that the software’s false positives and false kills are relatively high.

To solve the problems caused by false positives and false kills to software developers and users, Microsoft has issued a security guide to require developers to comply with relevant development rules.

The safety guide explains the operation behaviour of the software and the software description and built-in components to avoid Windows Defender’s false positives and accidents due to violations.

Microsoft’s advice to developers is as follows:

The best way for software developers to avoid false positives is through the Microsoft App Store, which means that Microsoft Windows 10 applications need to be reviewed.

Of course, this advice is not acceptable to all developers, so it is an excellent choice to sign software with a reputable digital certificate.

The use of a digital certificate must ensure that its credit is proper, because if a digital certificate signs a malicious file, then all software it approves will be blocked.

Make sure the software is not malicious or misleading:

Although most developers’ applications do not have malicious behaviour, many developers use misleading statements to induce users to prevent themselves from being uninstalled.

For example, when the software is uninstalled, it claims that the computer has too much junk or computer-healthy content such as Caton. Such misleading statements may also be intercepted.

At the same time, software developers should not download other software directly before notifying the user. Such silent download operations are also illegal and will be intercepted.


Keep transparency to users:

Software developers should explicitly inform users of the software’s operational behaviour and should not use non-traditional installation locations or software names to reduce user selection controls.

Although some obfuscation techniques should not be considered malicious, some technologies may only be intercepted if they are used to evade anti-virus detection.

Instead of using various techniques to bypass the security prompts, you should quietly operate in the background, before the software needs to do anything.

Be careful with some SDK components:

Some third-party parts can be used to analyse user behaviour or provide advertisements, etc., but some elements may perform malicious operations in the background.

If the anti-virus software maliciously intercepts a component provided by a third party, then all software that uses the element will eventually be intercepted.

So choose a component that is reputable and must be used for software. If the element is not used or is not necessary, don’t use it.