|21 Oct 2010||#1|
| || |
False Positives: When Antivirus Goes Wrong
The Anti-Malware Testing Standards Organization (AMTSO) is currently meeting to discuss, among other things, adoption of guidelines for testing the False Positive (FP) rate for antivirus programs. A False Positive occurs when the antivirus utility erroneously wipes out a file that is not malicious. Protection against viruses is essential, but when that protection backfires it can cause huge problems.
The Worst False Positives
All FPs are not created equal. If the antivirus deletes a brand-new download you can usually mark the file as trusted and try again. But if it deletes an essential system component, which happened to some McAfee users this past April, it can bring down the whole computer.
An antivirus that erroneously wipes out a file present on just 10 computers worldwide hasn't caused as much trouble as one that kills off a file present on 10 million computers. Clearly testers should account for both factors when evaluating a product for false positives, but how do you find out a given file's prevalence?
Many vendors automatically collect statistics about the files found on every user's system, usually after asking permission. For example, Symantec's huge Norton Insight database stores prevalence information that's integral to malware detection in Norton Antivirus 2011. Serious testers and researchers can apply to Symantec for access to a prevalence tool that allows direct queries to the Norton Insight database.
The best source of information on a file's prevalence, then, may come from the antivirus vendors. Naturally the tester would collect and collate information from all willing vendors. Just how accurate would this information be?
False Positives: When Antivirus Goes Wrong | News & Opinion | PCMag.com
|My System Specs|
|21 Oct 2010||#2|
| || |
Good read! There's one thing for sure in that false positives are a common problem seen at times with any av program. A few years back Grisoft(AVG) had a bug in one of their updates according to one blog writer. What most don't realize however is that FPs go well beyond just av products alone into other protection programs.
Whether essential or non essential adware and spyware removal programs will often misidentify things. Generally the better written programs allow you to make a last minute decision on what to do once the scan result have pointed out a particular file or process.
That depends primarily on what options are seen. With many programs you tend to see the results only after some file or files have been deleted which can spell troubles fast.
|My System Specs|
|Similar help and support threads for2: False Positives: When Antivirus Goes Wrong|
|I hate false positives||System Security|
|Malwarebytes Update causes Massive false positives.||Security News|
|Malwarebytes false positives?||System Security|
|Gdata Antivirus allowing false-positives||System Security|
|Cascading false positives.||Security News|
|a-square false positives?||System Security|
|malwarebytes DB error false positives||System Security|