For the past few years, a common problem that most antivirus software experiencing is the high memory usage which causes the computer to slow down. Do you still remember the super bloated Norton Antivirus 2006 and also Kaspersky Internet Security v7? Fortunately the antivirus companies are aware of this and they’ve improved the memory usage on the current versions, although there are some still taking up hundreds of megabytes of memory usage…
Today, instead of complaining about the memory usage, we should worry about the amount of false positives detection that an antivirus software is reporting. False positives is another way of saying “mistake”. A false positive occurs when the program mistakenly flags an innocent file as being infected and this is very common nowadays because of “heuristic” detection method. Heuristic detection is a method that an antivirus can analyze the instructions of a program and determine if it is a virus or not. This is mainly used to detect undetectable virus or trojan.
False positives is so common nowadays and I personally think that EVERY antivirus company should do something about it. If you think that false detection is not such a big deal, let me try to convince you.
One of my work place is frequently being infected by Brontok virus even when every computer has Symantec Antivirus Corporate Edition installed. The joke is the antivirus cannot prevent Brontok virus from infecting the computer BUT it can block and auto delete Brontok Washer which I use to disable Brontok virus. So Symantec Antivirus CE can’t remove Brontok virus from the computer and doesn’t allow me to use third party tools that CAN clean the virus. Seems like a pretty useless antivirus to me…
There are also times when I posted others tools on this blog and as usual, some super paranoid antivirus that is installed on the reader’s computer found that it’s a threat. I do get a few very nasty comments and emails telling me that I am trying to infect their computer and steal their information. Come on, I get nothing by doing this. I wouldn’t tarnish this blog’s reputation which I took 3 and a half years to build. Because of antivirus false detection, this site has certainly gained a few angry and pissed off readers…
Another example is iSergiwa, the developer of Remove Restriction Tool, CaSIR, iPMS and many other useful virus removal tools. 2 months ago, one of iSergiwa’s client reported that Kaspersky detected iPMS as a rootkit which obviously is a false positives. Although he managed to get Kaspersky to fix the false positives, but during those 48 hours of this false positive alarm he received tons of complains, his website visitors and sales fell back and many of his potential customers left.
The message that I am trying to convey here is don’t always 100% listen to what the antivirus that is installed on your computer says because there is always a possibility that it is a false detection. Just treat it as a warning and you can scan the suspicious file in Virustotal first. If you’re still unsure, analyze it in ThreatExpert or Camas.
No worries if the antivirus companies are not going to do something about the false positives. There are ways to undetect an application from all antivirus which I will be sharing with you in a couple of days if I am not busy with work or the wedding preparation. Have a good weekend!
Note: Here is a post in our forum with latest method on how to get a free BitDefender Internet Security 2009 1 year license.