False Positives Is A Common Problem In Todays Antivirus Software
Author: Raymond23 May
For the past few years, a common problem that most antivirus software experiencing is the high memory usage which causes the computer to slow down. Do you still remember the super bloated Norton Antivirus 2006 and also Kaspersky Internet Security v7? Fortunately the antivirus companies are aware of this and they’ve improved the memory usage on the current versions, although there are some still taking up hundreds of megabytes of memory usage…
Today, instead of complaining about the memory usage, we should worry about the amount of false positives detection that an antivirus software is reporting. False positives is another way of saying “mistake”. A false positive occurs when the program mistakenly flags an innocent file as being infected and this is very common nowadays because of “heuristic” detection method. Heuristic detection is a method that an antivirus can analyze the instructions of a program and determine if it is a virus or not. This is mainly used to detect undetectable virus or trojan.
False positives is so common nowadays and I personally think that EVERY antivirus company should do something about it. If you think that false detection is not such a big deal, let me try to convince you.
One of my work place is frequently being infected by Brontok virus even when every computer has Symantec Antivirus Corporate Edition installed. The joke is the antivirus cannot prevent Brontok virus from infecting the computer BUT it can block and auto delete Brontok Washer which I use to disable Brontok virus. So Symantec Antivirus CE can’t remove Brontok virus from the computer and doesn’t allow me to use third party tools that CAN clean the virus. Seems like a pretty useless antivirus to me…
There are also times when I posted others tools on this blog and as usual, some super paranoid antivirus that is installed on the reader’s computer found that it’s a threat. I do get a few very nasty comments and emails telling me that I am trying to infect their computer and steal their information. Come on, I get nothing by doing this. I wouldn’t tarnish this blog’s reputation which I took 3 and a half years to build. Because of antivirus false detection, this site has certainly gained a few angry and pissed off readers…
Another example is iSergiwa, the developer of Remove Restriction Tool, CaSIR, iPMS and many other useful virus removal tools. 2 months ago, one of iSergiwa’s client reported that Kaspersky detected iPMS as a rootkit which obviously is a false positives. Although he managed to get Kaspersky to fix the false positives, but during those 48 hours of this false positive alarm he received tons of complains, his website visitors and sales fell back and many of his potential customers left.
The message that I am trying to convey here is don’t always 100% listen to what the antivirus that is installed on your computer says because there is always a possibility that it is a false detection. Just treat it as a warning and you can scan the suspicious file in Virustotal first. If you’re still unsure, analyze it in ThreatExpert or Camas.
No worries if the antivirus companies are not going to do something about the false positives. There are ways to undetect an application from all antivirus which I will be sharing with you in a couple of days if I am not busy with work or the wedding preparation. Have a good weekend!
Note: Here is a post in our forum with latest method on how to get a free BitDefender Internet Security 2009 1 year license.
Technorati Tags: antivirus, mistake, false, positives, detection
: Copying this article to your website is strictly NOT allowed. However, if you like this article, you can use the HTML code below to directly link to this article.
Related Articles
Undetecting Windows Software from Antivirus Using Crypter NoVirusThanks is a Free Multi-Engine Anti-Virus Files Scanner FREE GData BootCD 2010 Scans for Virus With Dual Antivirus Engine Avast and BitDefender 2 Free Tools to Recover Firefox Saved Usernames and Passwords Restore or Reinstall Missing User32.dll c0000135 Error Caused by AVG False Positive FREE Kaspersky Anti-Virus 7.0 Genuine Serial Number or License Key List of Google Search Strings for Finding MP3
Incoming Search Terms for the Article
avira false positives - keygen trojan false positive - keygen virus false positive - keygen false positive - avg false positive - why keygens are false positives - antivirus false positive - avira false positive - avg keygen false positive - false positive keygen - false positive avg - false positive antivirus - avast keygen problem - avg keygen trojan - vcore.dll - antivirus false positives - avast keygen false positive - anti virus false positive - false positives antivirus - trend micro false positive - AV false positives - keygens false positives - avg and false positives - avg+false positive - avg 9.0 false positives - Win32: brontok false positive? - anti virus false positives - false positives in keygens - false positive avira - norton antivirus false positive - anti-virus false positive - avast false positive keygen - avira give many false positives - avg keygen problem - norton keygen false positive - stop false positives norton - avira and false positives - avira too many false positives - keygen virus false alarm - cracks keygens false positives trojan - do keygens give false positives - avg falsely reports malware - keygen as symantec false trojan - false positive dll KIS 2010 - how do you know it's a false positive keygen - keygen false positive norton is - why do antivirus give false positives keygens - av ‘false positive’ - avg false positive rootkit - avira false threat explorer.exe as virus -
Categories
Recent Comments
- Raymond: Why would you want to
- hailalpha: instead of using http use
- hailalpha: i have question i have
- jan: Uou gave an example how
- Sat: to use netcut on windows
- shariff: Thanks raymond
- Human Performance Unlimited Marketing: Will this tool -AllowUSBJumpDrives.exe override
- ojosh: hi could i please have
- Alex: I accidentally deleted some of
- HM: Sadly this Lockhunter doesn't unlock
Have computer technical problems? Get FREE help from Raymond.CC FORUM
41 Responses for "False Positives Is A Common Problem In Todays Antivirus Software"
I haven’t noticed Kaspersky having alot of false positives, but either way it goes, companies should strive for not only resource light but non false positives as well by modifing the Heuristics portion of the software.
false positif..
i hate that thing.
yes. its good for the security
but if they are too frequent, it will be annoying
owh, im using linux rite now. wrong place to talk a lot bout this
thanks for the info ray and i also think they need to review there product about false positive thingy
Symantec AntiVirus CE v10 is the worst AV I’ve ever seen. It misses more than AVG, is slower, and has a HIGH false positive rate.
I agree with you raymond.. nowsday many antivirus report many good software virus removal is a virus threat.. Maybe they think the good software virus removal is a rival / competitor for their company.. Don’t you think that way ?
I agree with you. Unfortunately, I am the one using Symantec also.
Yap false positive are common today antivirus, and some f them deleted licence of some softs and some were completly deleted so had to instal them again or to validate them again.
“Women would be great if we fell in their arms and not in their hands.”
Can´t remember the author but happy celebration and wedding .
By the way, the beer is not in the fridge anymore.
hi ray ….. ur posts are really awesome…….
ur right abt the pissed off readers ray i feel bad how they comment on ur posts when i see them. obviously the companies shud do anything abt this.
but in a world where everyone is hungry for money, dont u think that the antivirus companies are intentionally sending updates to detect these tools as false positives, just because the toolmakers dont bribe them???
I agree with you Raymond. You can’t trust your AV for 100%. I’m using Avast at home and sometimes I have a False Positive. The thing I know it’s a FP. Many others think they are attacked and maybe infected.
People should really learn more about the programs they use and what they are doing on the Internet. But everytime I tell some things they always tend to do it the old way again after I’m gone. Really annoying.
i know man got kaperksy 2009 gives me so mnay flase positives!!!!!
avg is even worse antvi is even worser!!!
norotn is good but it too bloated evenr the new one is!!!
well said and totally correct too.
Well…I for one have complete faith that you will never deliberately spread malicious malware
I’m waiting for “undetect an application from all antivirus (specially norton 2009)”.
thnx Raymond
Even I had faced Brontok in my college days which NOD 32 never detected.At the moment I’m using Avira Premium Int Sec Suite which also gives me false positives.
Thanks a lot for the information Ray, it’s a headache when you delete the file and then realize that it could have been a false positive.
lol I just tried to download Brontok Washer and Avast flagged it as Brontok
Security has always been a double edged sword. It’s like a random check at the airport. Many times, innocent travelers have to bear the annoyance.
Great article Ray… I always annoy about the people who know nothing and complain everything that every single files he downloads is virus…
Thank’s Raymond, have a bless wedding day!
False positives are really annoying, especially if your antivirus has no option to permanently ignore certain processes or files. I am aware that such options could lead some users to allow real threats, but thats something you have to accept to make an antivirus usable.
One thing I noticed when I used Avira was that it seems to hate AutoHotKey. About 50% of my AHK-Scripts were labeled as “trojan”. Other AV-Software doesn`t discriminate AHK in such way.
well, my kaspersky detects a “win32 backdoor..bla bla bla” virus in my brontok washer and auto deletes it..
thanks raymond
this is too common and annoying for users when my antivirus detected a false file, sometimes my antivirus blocked a good websites I don’t know why this happen ???
AVG is the antivirus that always reports false positives D:
Well, your wedding? Congrats Raymond. If it is not yours certainly is someone close so … congrats again!
Raymond it is good what you said.yesterday my very good antivirus false detect the file vcore.dll of my counterspy as a trojan.i send it to their support team they reply me in a few minutes and within 4 o,clock send me the result that it was a false detection and they really corrected the problem in the updates within afew minutes after the reply.this antivirus rarely give false detect but it is possible in one day.in Russia this antivirus very famous and it is realy very very good. it is not the Russian antivirus what you like.Good weekends for you.and i wish to you good luck in preparation to wedding.St.Petersburgh,Russia.
Mr.Ray please answer this I have no one to ask about this but you…
Today my pc get infected by some malicious software.However i was able to get regedit.exe
BUT the problem is
WHENEVER I double click a folder icon or My computer icon in Desktop it TRY TO install Adobe Installer and ask for cd.
Please sir,If i there is a way to solve this????
I would be extremly grateful to you….i’m in great trouble.please help…
Using NOD32 and now a days NOD too gives some false positives
ok, and BIS 2009 report hundreds of “bin.” files as malware….
What’s worse, many false positives are intentional. Avira, an otherwise quite usable free antivirus, has a really bad track record there. I’ve seen many “trojan” reports where the supposed trojan isn’t described in their database, and in the end it comes out that it’s just an executable that uses a packer. Of course opaque packers are a security risk, but the antivirus should mark them as such and not pretend they were recognized as a known trojan. Keygens are also often marked “trojan” by Antivir, also intentionally.
thank you, It was nice !
but would give us a solution for KIS 506 (kaspersky internet security)
key for having a keygen or real trial reset without viruses?
It seems there must be some SPA – MS lobby funding all these AV manufacturers because the majority of the false positives target programs and utilities designed to either hack code or bypass protections, and those programs are definitely not viruses or malware by any definition. I would prefer an AV program that actually protected me against viruses, not an AV program that protects software designers against possible piracy.
An ideal AV would be one with 100% sensitivity, 100% specificity, 0% false positives and 0% false negatives.
But NOTHING in this world is perfect! We just have to choose one which is most tolerable to us, and it should have the best receiver operating characteristics (ROC) curve. Besides, it should not be resource hungry as well.
My favorite is still what you have suggested all along… KIS.
First Symantec Norton is a crap.Also McAffee.
To those saying Kaspersky giving too many false positives; see your settings or got to Kaspersky forums for adjusting your settings.
Since the day i knew Kaspersky i never looked back; its the best AV to me.
Softwares developers also need to do their part in reporting their products to AV companies.KIS flagging iPMS as rootkits is totally agreeable.
Let us all remember there are 2 FACTS about security
1) There are no perfect protection.
2) Security is common sense.
owh raymond, i remember sumthing tonite
u dont tell us bout the biggest mistake by the AVG
when they delete the important file of windows
You can always turn heuristic scanning off if it’s too annoying.
Hi
Great advice – i have lots of false positives, but i have taken the time to research these files, find them in process explorer and a range of file managers etc. When i am using certain files i know are safe i turn off my defense – or when i am not sure i take logical steps to locate the process, and see what it is.
I use the full Avira which i have used for a long time, i also use Comodo and Counter spy depending on the P.c/Laptop I’m using. They work well together on Vista and win 7 7100.
I play alot of games and i always have issues with the network or even .exe itself. I am forever telling people to use you own head and not let the p.c dictate to you. Look at the file extensions, locate them via properties or process explorer etc.
I don’t use some anti virus products because they will remove files without asking, very annoying restoring them.
Cheers.
The Trend Micro OfficeScan at work finds false positives all the time. What is worse is that my fellow IT workers do not seem to understand the concept of “false positive”. They believe that if Trend Micro says it may be a virus that it is and must be removed. It is very annoying.
please share wid us the false-positives problm solver tecnique..
i will agree to all of you guys… so, which AV is the best? currently i’m using AVG internet security V9.0… pls comment…
stonehenge, Many here have praised the Kaspersky. I think its worth of looking for. I use F-Secure Internet Security 2010, but I’m thinking of moving to Kaspersky when my license runs out.
Leave a reply