How is any kind of antivirus or threat detection software supposed to operate on this standard?

Libel suits can be financially catastrophic, so even a tiny false positive rate could present risk that disincentivizes producing such software at all.

And a threat detection mechanism that has a 0.0% false positive rate is conservative to the point of being nearly useless.

▲

rtsam 5 hours ago | parent | next [-]

I think that is the idea. They shouldn't exist without a prompt mitigation path.

In other words, if you can't deal with the false positives in a timely manner. You SHOULD be liable for the damages.

I can't build a budget car put together in an unsafe manner. Then complain I can't compete due to all the peoples cars crashing and blowing up and suing me.

▲

kevin_thibedeau 5 hours ago | parent | prev [-]

You document your claims with concrete evidence of fraud. That will be your libel defense. No evidence means you bear the full responsibility of a fuckup.

▲

acoustics 4 hours ago | parent [-]

At internet scale, this would roughly be equivalent to not doing any warning or detection at all.

Scalable systems need to use heuristics to catch threats. Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged.

There is a policy argument as to the right balance of concerns here. But there is a clear trade-off to make.

	▲	donmcronald an hour ago \| parent [-]
		> Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged. Giving everyone a fair trial just doesn't scale. It costs too much.