Antivirus detections

[Frederick]

I have been unwilling to update MusicBee past version 3.2 due to malware detections for newer versions on Virustotal, which is up to 5 out of 72 vendors for the latest version. Now I may sound paranoid but I'd rather be safe than sorry. I refuse to use ANY software program with more than 2 detections and no signature. Nor can I recommend such programs to others in good conscience.
Here's a link to the Virustotal report on the latest version:
Please contact the vendors to see if they can resolve the detections.

[hiccup]

Please contact the vendors to see if they can resolve the detections.

That's probably what you should do.
Or just don't use software that gets false virus warnings by (less than 5% of) antivirus companies.

[phred]

MB has been around for more than ten years. There have been occasional reports of virus/malware from various AV programs. All have been false positives. It would be your responsibility to contact the various vendors to inform them of the false positives. Which are most likely being caused by the .dll files included in the installation.

Tens of thousands of people are using MB with no issues. If you don't want to update because of these false positives, that's up to you. But note that v3.2 is no longer supported (it's about four years old now) and there have been many new features added and bugs fixed.

If you search the forum you'll see that all the reports of security issues were resolved by white-listing the .exe and .dll files in the user's AV software.

[Frederick]

Thank you for your replies. You fail to get my point. I do not know whether these detections are false positives or not. It is not MY responsibility to notify the antivirus vendors whether the detection is false positive or not when I do not know it for a fact. That would be highly irresponsible on my part. It is the responsibility of the lead author to notify the antivirus vendors, because the lead author is the only person qualified to do so. I simply go by my own standards, which are to err on the side of caution and not use the program or recommend the updates to others. This is NOT an accusation of malware, but a statement of fact, that it fails my security standards.

[Steven]

I have no special insight into how the various anti-virus applications work with MusicBee.
MusicBee doesn't require an anti-virus application to work and its entirely your choice if you choose to use one that's not Windows Defender, so I wont accept being tasked with reporting issues to the various vendors.
If you care about using MusicBee then you will need to notify them yourself so they can take the appropriate action needed - I don't need to be involved at any point in that process.

[hiccup]

This is NOT an accusation of malware, but a statement of fact, that it fails my security standards.

Your standards are unrealistic and probably not based on good insights in the matter.
You could run some actual AV program installers through VirusTotal, and they will likely trigger security warnings by some other AV engines too.
That will be about how the software behaves, and some companies not understanding that, and/or having outdated virus databases.

What you (and anyone else using it) should also do when you refer to VirusTotal:
Check which AV engines are the ones claiming a possible security risk.
In the case of the latest MusicBee installer, none of the respected AV companies are reporting a problem.
Only a few (4 out 69), and those are ones I personally have never heard of.

I think you should educate yourself a little bit better on this matter to be honest.

[Frederick]

Steve says,
"I have no special insight into how the various anti-virus applications work with MusicBee.
MusicBee doesn't require an anti-virus application to work and its entirely your choice if you choose to use one that's not Windows Defender, so I wont accept being tasked with reporting issues to the various vendors.
If you care about using MusicBee then you will need to notify them yourself so they can take the appropriate action needed - I don't need to be involved at any point in that process."
How am I supposed to notify the antivirus vendors myself when I neither A) know that it is safe to use and B) do not know how to assess whether a program is safe. I did not write the program and have no qualifications to assert that a program is safe, especially when warned by people who have more expertise than I do that it is not safe. That is what I rely on antivirus vendors for.  You're probably right. BUT I DON'T KNOW THAT. Steve, you seem to be either the lead developer or a high ranking spokesman for the operation. If you persist in shirking your responsibility to notify the antivirus vendors to remove the "false positive" detections then I have no choice but to not use the program.

[phred]

Steve, you seem to be either the lead developer or a high ranking spokesman for the operation. If you persist in shirking your responsibility to notify the antivirus vendors to remove the "false positive" detections then I have no choice but to not use the program.

STEVEN is the sole developer who maintains MB as a hobby. He is one person who has a life. He does not have the time, nor the need to notify AV vendors of the false positive. Especially since, as stated previously, there are tens of thousands of MB users out there who have no problem with the few false positives being returned from VirusTotal.

If you're that concerned with security, and don't want to notify the vendors of the false positives, then my suggestion is to find some other application and not use MB.

[Frederick]

OK I appreciate that Steve may be doing this as a hobby. Perhaps what I need is something that I have to pay for, so that the lead developer is incentivized to take antivirus detections as seriously as I do. The message I am getting is "buzz off and use something else." So be it. That's what I shall do.

[hiccup]

Perhaps what I need is something that I have to pay for, so that the lead developer is incentivized to take antivirus detections as seriously as I do. The message I am getting is "buzz off and use something else." So be it. That's what I shall do.

Your false insinuations, misconceptions and slandering won't be missed.