Check out that suspicious file with this Cloudeight Website pick

By | April 25, 2011
Print pagePDF page

False Positives - A tip from CloudeightListen up, class. We’re featuring a serious choice for today’s site pick. Come on, turn those frowns upside down. Our Cloudeight Site Pick class can’t always be fun and games. I know, I know, you all love to see me pick on EB, but we have to feature some useful sites every once in a while or Windows Enquirer will think we are bigger buffoons than they already think we are.

OK. Let’s get right to today’s lesson which is about “False Positives”. No, we’re not going to force you to sit through an English grammar lesson – and yes “false-positives” is an oxymoron. An oxymoron or not, false-positives” is a computer term used by technophiles to describe files that don’t contain viruses, Trojans, or other bad stuff, but which trigger anti-virus program warnings anyway.

Occasionally a good anti-virus program which is updated and working well, will detect viruses, Trojans, or other bad things in a file that is perfectly clean; a file that doesn’t contain anything bad. When this happens it’s called a “false positive”. And it will happen to you eventually, no matter which anti-virus application you use. The only time you need to be concerned about the veracity of your anti-virus program is if it continually reports false positives. In this care you need to consider changing anti-virus programs because obviously something is wrong with yours.

First of all, if you download a file from a site you trust and from which you’ve downloaded before – or one that has a good reputation… and still your anti-virus detects something wrong with the file you downloaded, you should suspect that it’s a false positive.

Some of you won’t trust anything but your anti-virus – which may not always work out well for you. But if you’re one of those “Doubting Thomas” types or you are downloading from a site about which you can’t find much information, we’re happy to tell you that we’ve almost gotten to the focal point: i.e.today’s site pick. And, yes, I can hear your collective sighs of relief and I’m happy that you’re sighing because that means you’re still awake.

We’re happy to tell you that there’s a site where you can send that file that got your anti-virus program all worked up and test it find out if it’s just a false positive or if it’s like Coca Cola – you know, the real thing. Some of you are thinking, “gee, I don’t even want to touch this file because it may blow up my computer”. Well you don’t really have to touch it, and since you’ve already (obviously) downloaded it and it’s already there on your hard drive, you may as well find out if it’s safe or not. Time for a reminder here –  we’re talking about the files you downloaded from a site you trust or one with a generally good reputation here which your anti-virus has warned you contains a virus – we’re not talking about files you download from some off-the-wall crack site or some obnoxious, um, less-than-savory sites that some of you visit – come on admit it – we know some of you do, don’t lie to me, I’m your teacher!

Here’s a good example for you: The last time we released a stationery collection, several people who were using Norton were worried that we had suddenly joined Darth Vader on the dark side or had decided to get careless and blow our good reputation which took us twelve years to build. Norton’s anti-virus component was detecting a Trojan in our files. Our files were safe – as usual. And we hadn’t gotten sloppy or careless. Norton was reporting a false-positive, AGAIN. Nevertheless, it makes us look bad, when this happens  – especially if this is the first time someone has ever had contact with our site. Even though a quick google of “Cloudeight” would have eased their minds; but sometimes people don’t always do what they should. No, I’m not looking at you in particular, EB; do you have a guilty conscience?

Now, we’re happy to get to the point. Today’s site pick gives you the opportunity to get a quick assessment of any file that your anti-virus program identifies as a virus, Trojan, etc.. It’s called VirusTotal. It’s a free service that is run by an independent company in co-operation with all the big names in anti-virus software including AVAST, Trend Micro, Symantec, McAfee, Avira, AVG, Panda, and yada, yada, yada. Just about all of them OK? All you have to do is visit VirusTotal, upload the suspicious file, and you’ll be able to tell if it’s a false positive or if the file is really infected. If your anti-virus is the only one detecting a virus in the file then you can bet that it’s a false positive – which means the file is safe. If it is a false-positive, then you should report it to the company who makes your anti-virus program so they can fix it. It’s always good to assist your anti-virus company by reporting false-positives right away. It makes your anti-virus program better.

As your teacher, I’ve asked the developer’s of VirusTotal tell you about this service. Notice how laconic they are as opposed to yours truly:

“About VirusTotal

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

Specs:

* Free, independent service
* Use of multiple antivirus engines
* Real-time automatic updates of virus signatures
* Detailed results from each antivirus engine
* Real time global statistics

…Warning:

VirusTotal is not substitute any antivirus software installed in a PC, as it only scans individual files on demand. It does not offer permanent protection for the user’s system either.

Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.

Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. You may become a victim of misleading advertising, if you buy such a product under those premises.”

So, the next time your anti-virus program goes off in a tizzy when you download a file from a site you trust or a site which has a good reputation – don’t assume that the site has suddenly turned into a vile villain viciously determined to infect your computer with all manner of odious stuff.  Use our site pick – VirusTotal to find out if your anti-virus is reporting a false-positive. If it is reporting a false-positive, do your civic duty and notify the company that makes your anti-virus program so they can fix it – and make your anti-virus program better. False-positives mean something’s wrong with your anti-virus program and that’s not a good thing. VirusTotal is a very useful site.. Use it!

Class dismissed!

Leave a Reply

Your email address will not be published. Required fields are marked *