Maybe It’s A Virus, Maybe It’s Not

avg malware scannerAre third parties damaging your saas? Maybe. The AVG virus scanner recently flagged our software as containing a heuristic virus. We panicked. Our coder spent hours looking but found nothing. I reached out to AVG on their site–no reply, no concern that they are hurting our business.

I decided to try contacting them on social media to ask what was happening, but they removed the posts. How do you work on a problem affecting your business if no one responds? Is it legal for them to hurt our business or your business by scaring away customers with a warning that isn’t even true?

It made me wonder how many other virus scanners or security programs were flagging our software without us even knowing it or being able to look into what they see as a problem. How do we fix an issue that we don’t know about (or may not truly exist) that also may be sending customers running towards a competitor?

While these third-party companies think they are providing a useful service, they may also be damaging the online services they tag without merit and covering their own backs by using phrases like “there MAY be a security issue” or “there MIGHT be a virus.”

In the case of being flagged with a virus, I found a few sites listing known flagged software but ours was not listed. Where do I go from there if the scanner software maker won’t even respond?

In fact, how do you find Internet services hurting your business? It would be a full time job and chances are there’s little you can do about it if they aren’t in the same country.

Removing All Suspicions

Last year, another online service listed our monitoring software service as potentially suspicious. We found out from someone who emailed us a question about the warning and after much reassurance, was willing to download and install our software.  We were grateful to know this listing was out there, although we don’t know how long that site had branded us as “potentially suspicious” nor do we know how many customers were lost due to this listing.

Figuring the best course was to try to get their warning removed, we spent many hours sending detailed business and personal information to have them to take the warning away. We had no idea who these people were but were forced to send them personal details we didn’t want to share, just so that message wouldn’t pop up in the search engines.  It felt like ransom even if it was just paperwork.

Finally they updated the listing, taking away the warning but still listing us as ‘unknown’ or something along those lines. I don’t dare go look as I don’t need the stress. A small victory for all the hard work.

Mail Server Mayhem

We’re not big on emailing our customers because it is easy to get tagged as a spammer and get your mail server blocked.  Unfortunately, even if we’re using our company email in a responsible way, it doesn’t mean our IP address neighbors are behaving the same way.

And while they probably aren’t surprised when their IP gets blocked for spamming, it can mean the entire IP range gets blacklisted as spam when their mail server gets flagged. For example, if the spammer’s email server’s IP address is 1.2.3.4, all of 1.2.3.x get flagged. If the IP range is hosted in a data center and dozens of other companies are using it, they all get blacklisted.

We’ve had that happen to us several times during our years of running ISPs and MSPs. The blacklist company then asks for money to be un-listed otherwise, it’s a waiting game of weeks to months before your mail server is working properly again.

The reason this blacklist company survives is because a few large, well-known webmail providers use their services.  You can imagine these huge companies get their share of spammers creating disposable email addresses that they walk away from after sending out huge dumps of spammy email.

They may disappear, but the damage they inflict in the form of getting their IP addresses blacklisted is like an oil slick spreading across the water – it touches everyone with IP addresses around them. These kinds of activities are damaging your SaaS.

Playing The Numbers

In a world of search engines that favor money over innovation unless they own it, it’s frustrating to spend good money and barely be found. Here is an interesting article on this topic: Monopoly Myths: Is Big Tech Creating “Kill Zones”.

It feels like search engines have algorithms meant to lure new ventures into a spending cycle. They dangle free ad dollars to get you started. Once you pay, you end up in an endless loop of spending to get a few more clicks.  No matter what you spend, they always tell you if you just spent a little more, raised your bids a little higher, you’ll be better optimized to be found. We have never once had a search engine tell us: “Perfect – you are finally spending exactly the right amount of money.”

My experience is the algorithm tries to figure out how far it can push you in terms of upping your budget. I also found that by not following any of the suggested ideas, I was able to get clicks for two pennies, something they terminated after two days, claiming some system problem.

Hidden In Plain Sight

It seems useless unless you have deep pockets. We use many of the same key words and phrases as big ISPs and outage sites. But they are willing to spend anything to take that click away from someone else. It’s interesting how my daily budget gets magically used up, showing analytics I don’t see on our site as real sign ups.

The only hope is that organic traffic will come because people try out and then share or mention your super cool service in forums and other public places. But it’s still challenging to generate organic traffic and be seen amidst the paid advertising on the search engines.

Notice how search results now show answers to questions presumably scraped from web sites and/or AI. No need to visit web sites, the answers are already shown. Then it’s paid placements and finally, well known sites that already see a lot of traffic.

New ventures are well hidden and will continue being hidden. They can only be found if you somehow hit the correct search terms that do not have a large number of results filling up the first or second pages.

All of the above is barely touching on all that is already difficult trying to tell the world about your new service. So it hurts even more when potential customers find you and get scared by third party warnings of a potential virus or other problems that probably do not even exist.

How many times did someone get a scary warning while installing our software only to leave our service? I can’t help but wonder how many other companies are getting hurt by software running on PC’s warning potential users about problems that may or may not exist.

Two Way Street

AVG happily continues making money protecting people while flagging our software without concern. That seems like a skewed and unfair practice. If they are going to list us, the least they should do is contact us and work with us.

We work hard at what we offer, putting viruses or other garbage in our software would be completely non-productive to our efforts, let alone survival. Yet when third parties hurt our business, there is little we can do about it if they won’t even bother to contact us or work with us. Our only option is to wait and hope we’ll be removed from their warning site.

Trust Issues

Perhaps there is an opportunity for a well-known organization to step in or a list of which companies knowingly use the above practices.

What we need is a trusted entity to take this on, not one of the top tech giants that are sponging us for everything we have and killing innovation. They have no interest in anything but opportunities to make money and take everything over.

Maybe we need a new kind of legal help where class action suits aren’t about making the lawyers rich but helping those that would pitch in to sue these companies. Maybe those services need to get blacklisted themselves for earning money at the cost of other companies.

I don’t have the answers but I wanted to share this because I’m sure there are other companies experiencing similar problems. If so, we need to come together, get some attention and work on ways to defend against these practices.

Sometimes, it takes someone to state the obvious to find others who feel the same way. I’m sharing my own situation because I am absolutely sure that many companies don’t even realize this is happening to them, that they are experiencing customer trust issues thanks to third party services that earn money from maligning their hard work without any proof there is actually a problem.

In the meantime, the question remains, do you know of third parties damaging your saas?

Mike Paradis
OutagesIO.com