For the past few years, a common problem that most antivirus software experiencing is the high memory usage which causes the computer to slow down. Do you still remember the super bloated Norton Antivirus 2006 and also Kaspersky Internet Security v7? Fortunately the antivirus companies are aware of this and they’ve improved the memory usage on the current versions, although there are some still taking up hundreds of megabytes of memory usage…
Today, instead of complaining about the memory usage, we should worry about the amount of false positives detection that an antivirus software is reporting. False positives is another way of saying “mistake”. A false positive occurs when the program mistakenly flags an innocent file as being infected and this is very common nowadays because of “heuristic” detection method. Heuristic detection is a method that an antivirus can analyze the instructions of a program and determine if it is a virus or not. This is mainly used to detect undetectable virus or trojan.
False positives is so common nowadays and I personally think that EVERY antivirus company should do something about it. If you think that false detection is not such a big deal, let me try to convince you.
One of my work place is frequently being infected by Brontok virus even when every computer has Symantec Antivirus Corporate Edition installed. The joke is the antivirus cannot prevent Brontok virus from infecting the computer BUT it can block and auto delete Brontok Washer which I use to disable Brontok virus. So Symantec Antivirus CE can’t remove Brontok virus from the computer and doesn’t allow me to use third party tools that CAN clean the virus. Seems like a pretty useless antivirus to me…
There are also times when I posted others tools on this blog and as usual, some super paranoid antivirus that is installed on the reader’s computer found that it’s a threat. I do get a few very nasty comments and emails telling me that I am trying to infect their computer and steal their information. Come on, I get nothing by doing this. I wouldn’t tarnish this blog’s reputation which I took 3 and a half years to build. Because of antivirus false detection, this site has certainly gained a few angry and pissed off readers…
Another example is iSergiwa, the developer of Remove Restriction Tool, CaSIR, iPMS and many other useful virus removal tools. 2 months ago, one of iSergiwa’s client reported that Kaspersky detected iPMS as a rootkit which obviously is a false positives. Although he managed to get Kaspersky to fix the false positives, but during those 48 hours of this false positive alarm he received tons of complains, his website visitors and sales fell back and many of his potential customers left.
The message that I am trying to convey here is don’t always 100% listen to what the antivirus that is installed on your computer says because there is always a possibility that it is a false detection. Just treat it as a warning and you can scan the suspicious file in Virustotal first. If you’re still unsure, analyze it in ThreatExpert or Camas.
No worries if the antivirus companies are not going to do something about the false positives. There are ways to undetect an application from all antivirus which I will be sharing with you in a couple of days if I am not busy with work or the wedding preparation. Have a good weekend!
Note: Here is a post in our forum with latest method on how to get a free BitDefender Internet Security 2009 1 year license.
Related posts:
Trend micro is driving me nuts they think that any website that does not use a static ip address is malicious, so if you are on a shared host with out an dedicated ip address your site will be listed as malicious
AV companies should be liable for the damage that false positives cause to other companies that put clean software in good faith out there!
this is outrageous, and I personally advise everyone against those AVs with highest false positive rate.
stonehenge, Many here have praised the Kaspersky. I think its worth of looking for. I use F-Secure Internet Security 2010, but I’m thinking of moving to Kaspersky when my license runs out.
i will agree to all of you guys… so, which AV is the best? currently i’m using AVG internet security V9.0… pls comment…
please share wid us the false-positives problm solver tecnique..
The Trend Micro OfficeScan at work finds false positives all the time. What is worse is that my fellow IT workers do not seem to understand the concept of “false positive”. They believe that if Trend Micro says it may be a virus that it is and must be removed. It is very annoying.
Hi
Great advice – i have lots of false positives, but i have taken the time to research these files, find them in process explorer and a range of file managers etc. When i am using certain files i know are safe i turn off my defense – or when i am not sure i take logical steps to locate the process, and see what it is.
I use the full Avira which i have used for a long time, i also use Comodo and Counter spy depending on the P.c/Laptop I’m using. They work well together on Vista and win 7 7100.
I play alot of games and i always have issues with the network or even .exe itself. I am forever telling people to use you own head and not let the p.c dictate to you. Look at the file extensions, locate them via properties or process explorer etc.
I don’t use some anti virus products because they will remove files without asking, very annoying restoring them.
Cheers.
You can always turn heuristic scanning off if it’s too annoying.
owh raymond, i remember sumthing tonite
u dont tell us bout the biggest mistake by the AVG
when they delete the important file of windows :)
First Symantec Norton is a crap.Also McAffee.
To those saying Kaspersky giving too many false positives; see your settings or got to Kaspersky forums for adjusting your settings.
Since the day i knew Kaspersky i never looked back; its the best AV to me.
Softwares developers also need to do their part in reporting their products to AV companies.KIS flagging iPMS as rootkits is totally agreeable.
Let us all remember there are 2 FACTS about security
1) There are no perfect protection.
2) Security is common sense.
An ideal AV would be one with 100% sensitivity, 100% specificity, 0% false positives and 0% false negatives.
But NOTHING in this world is perfect! We just have to choose one which is most tolerable to us, and it should have the best receiver operating characteristics (ROC) curve. Besides, it should not be resource hungry as well.
My favorite is still what you have suggested all along… KIS.
It seems there must be some SPA – MS lobby funding all these AV manufacturers because the majority of the false positives target programs and utilities designed to either hack code or bypass protections, and those programs are definitely not viruses or malware by any definition. I would prefer an AV program that actually protected me against viruses, not an AV program that protects software designers against possible piracy.
thank you, It was nice !
but would give us a solution for KIS 506 (kaspersky internet security)
key for having a keygen or real trial reset without viruses?
What’s worse, many false positives are intentional. Avira, an otherwise quite usable free antivirus, has a really bad track record there. I’ve seen many “trojan” reports where the supposed trojan isn’t described in their database, and in the end it comes out that it’s just an executable that uses a packer. Of course opaque packers are a security risk, but the antivirus should mark them as such and not pretend they were recognized as a known trojan. Keygens are also often marked “trojan” by Antivir, also intentionally.
ok, and BIS 2009 report hundreds of “bin.” files as malware….
Using NOD32 and now a days NOD too gives some false positives
Mr.Ray please answer this I have no one to ask about this but you…
Today my pc get infected by some malicious software.However i was able to get regedit.exe
BUT the problem is
WHENEVER I double click a folder icon or My computer icon in Desktop it TRY TO install Adobe Installer and ask for cd.
Please sir,If i there is a way to solve this????
I would be extremly grateful to you….i’m in great trouble.please help…
Raymond it is good what you said.yesterday my very good antivirus false detect the file vcore.dll of my counterspy as a trojan.i send it to their support team they reply me in a few minutes and within 4 o,clock send me the result that it was a false detection and they really corrected the problem in the updates within afew minutes after the reply.this antivirus rarely give false detect but it is possible in one day.in Russia this antivirus very famous and it is realy very very good. it is not the Russian antivirus what you like.Good weekends for you.and i wish to you good luck in preparation to wedding.St.Petersburgh,Russia.
Well, your wedding? Congrats Raymond. If it is not yours certainly is someone close so … congrats again!
AVG is the antivirus that always reports false positives D:
thanks raymond
this is too common and annoying for users when my antivirus detected a false file, sometimes my antivirus blocked a good websites I don’t know why this happen ???
well, my kaspersky detects a “win32 backdoor..bla bla bla” virus in my brontok washer and auto deletes it..
False positives are really annoying, especially if your antivirus has no option to permanently ignore certain processes or files. I am aware that such options could lead some users to allow real threats, but thats something you have to accept to make an antivirus usable.
One thing I noticed when I used Avira was that it seems to hate AutoHotKey. About 50% of my AHK-Scripts were labeled as “trojan”. Other AV-Software doesn`t discriminate AHK in such way.
Thank’s Raymond, have a bless wedding day! :)
Great article Ray… I always annoy about the people who know nothing and complain everything that every single files he downloads is virus…
lol I just tried to download Brontok Washer and Avast flagged it as Brontok :P
Security has always been a double edged sword. It’s like a random check at the airport. Many times, innocent travelers have to bear the annoyance.
Thanks a lot for the information Ray, it’s a headache when you delete the file and then realize that it could have been a false positive.
Even I had faced Brontok in my college days which NOD 32 never detected.At the moment I’m using Avira Premium Int Sec Suite which also gives me false positives.
I’m waiting for “undetect an application from all antivirus (specially norton 2009)”.
thnx Raymond
Well…I for one have complete faith that you will never deliberately spread malicious malware :-)
well said and totally correct too.
i know man got kaperksy 2009 gives me so mnay flase positives!!!!!
avg is even worse antvi is even worser!!!
norotn is good but it too bloated evenr the new one is!!!
I agree with you Raymond. You can’t trust your AV for 100%. I’m using Avast at home and sometimes I have a False Positive. The thing I know it’s a FP. Many others think they are attacked and maybe infected.
People should really learn more about the programs they use and what they are doing on the Internet. But everytime I tell some things they always tend to do it the old way again after I’m gone. Really annoying.
ur right abt the pissed off readers ray i feel bad how they comment on ur posts when i see them. obviously the companies shud do anything abt this.
but in a world where everyone is hungry for money, dont u think that the antivirus companies are intentionally sending updates to detect these tools as false positives, just because the toolmakers dont bribe them???
hi ray ….. ur posts are really awesome…….
“Women would be great if we fell in their arms and not in their hands.”
Can´t remember the author but happy celebration and wedding .
By the way, the beer is not in the fridge anymore.
Yap false positive are common today antivirus, and some f them deleted licence of some softs and some were completly deleted so had to instal them again or to validate them again.
I agree with you. Unfortunately, I am the one using Symantec also.
I agree with you raymond.. nowsday many antivirus report many good software virus removal is a virus threat.. Maybe they think the good software virus removal is a rival / competitor for their company.. Don’t you think that way ? :)
Symantec AntiVirus CE v10 is the worst AV I’ve ever seen. It misses more than AVG, is slower, and has a HIGH false positive rate.
thanks for the info ray and i also think they need to review there product about false positive thingy :)
false positif..
i hate that thing.
yes. its good for the security
but if they are too frequent, it will be annoying
owh, im using linux rite now. wrong place to talk a lot bout this :)
I haven’t noticed Kaspersky having alot of false positives, but either way it goes, companies should strive for not only resource light but non false positives as well by modifing the Heuristics portion of the software.