To make sure we don't go off on a tangent, I'm only talking about AVs and how they detect Torjan viruses. AVs can be very complicated in how they gather data and how often that data is updated. For the guy that was confused (PDB), is all you need to know is, when an AV marks a file as a Torjan it is not identifying any specific threat, it is simply seeing a version of software files it does not recognize and therefore marks it as a possible Trojan. This is not at all the same as when a AV matches a specific threat signature that has been generated for a known piece of malware. This is why I'm only speaking to the relevant Trojan part of this. Diving deep into modern AVs is not relevant to this topic and will just cause confusion.
GrumpyGnome,
Your comment is ideal but not very realistic anymore, threats evolve way too fast these days and most of the companies are more concerned with the defined threats that have signatures created for them than generic Trojan warnings. This is exactly why most software companies tell you to turn off AVs when installing software. For software manufactures the solution they can control is to tell you to tun off AVs when you install software and the exclude certain files etc... They are not going to try and spin their wheels getting every AV company to update their files. Companies try to provide AV companies with this info, but many don't keep it up to date and many want money or other incentives to keep your software up to date in their database.
Most users of computers just do to whatever the OS tells them to do. Even years ago, a company had to pay for all testing and then pay an operating system provider around 1 million dollars to get their software whitelisted. I know the cost has only gone up. Most companies say screw that, if you want to use our software you can just bypass the warning. Software is big money and these issues more often than not are determined by money, not whether people are willing to collaborate or not.
