On the way to better testing

[ceyfer]

Have you ever found a false positive when uploading a file to a website like VirusTotal? Sometimes it happens that not just one scanner detects the file, but several. This leads to an absurd situation where every product which doesn't detect this file automatically looks bad to users who don't understand that it's just false positives.

Analyst Diary | Viruslist.com

PCmag| Tests Show Problems With AV Detections

[bonishah88]

wow, ceyfer, thanks for the article...it was good read....and also shows that such scanners cant be totally relied on.....

[safeguy]

Agreed...that is why I don't rely on VirusTotal as much as I used to...false positives are becoming more 'common' nowadays...what started out as a service to help users differentiate a clean file from a malicious file has now become a "try-and-guess" service...especially now that it has been widely abused by the warez community....

[hellnoire]

Well, what I like is my application that I've written myself trips off Norton... that kinda tells me Norton and other scanners need to update, and quickly.

[safeguy]

Norton's Sonar is known for being sensitive if I'm not wrong (that's what most users said)...perhaps ceyfer can tell us more in detail...but then again, I'm sure ceyfer would ask you hellnoire to report it to Norton since it's a FP

[dredge]

I could understand them- the malware cleaning industry is now having a stiff competition, no one would like to leave behind.But, understand is not tolerate just like detecting doesn't mean successful clean.Hence, they should carefully analyse the samples before compile it into database...

[safeguy]

Have you ever found a false positive when uploading a file to a website like VirusTotal? Sometimes it happens that not just one scanner detects the file, but several. This leads to an absurd situation where every product which doesn't detect this file automatically looks bad to users who don't understand that it's just false positives.

I forgot that I wanted to say YES!!! Quite a few times in fact

[212eta]

Overall, that's a Dead-End situation:

-"Aggressive" Scanners =>False Positives!
-"Mild" Scanners =>Lower Detection!

Taking this "about FP" Thread as an initiative, I ask you:

-What AV Scanner to Trust?
-Do AV vendors respond *Early enough* to Malware
(through Heuristics, Cloud etc.)
when 50,000 new types of Malware, on Average, come up each day?

Reymond's TEST No.6 revealed much...Summary Results:
http://lookpic.com/i/872/AjUmZCPC.png

Thank you Reymond for your Revealing work!!!

[hellnoire]

Ceyfer can tell me to report a FP, I already have. Norton hasn't gotten back to me yet.

[safeguy]

I guess it'll take time hellnoire...they can't possibly attend to everyone who reports within a short time...what more if it is the developer of the program himself who reports it..