False Positives

By | March 21, 2013
0 Comment
Print Friendly, PDF & Email

Today’s Computer Lesson: False Positives
All computer users

Let’s say your name is Listen up, class. We’re featuring a serious choice for today’s class. Come on, turn those frowns upside down. Our classes can’t always be fun and folly. I know, I know, you all love to see me pick on EB, but we have to get serious every once in a while or, The Windows Enquirer will think we are bigger buffoons than they already think we are.

OK. Let’s get right to today’s lesson which is about “False Positives”. No, we’re not going to force you to sit through an English grammar lesson – and yes “false-positives” is an oxymoron. An oxymoron or not, false-positives” is a computer term used by technophiles to describe files that don’t contain viruses, Trojans, or other bad stuff, but which trigger anti-virus program warnings anyway.

Occasionally a good anti-virus program which is updated and working well, will detect viruses, Trojans, or other bad things in a file that is perfectly clean; a file that doesn’t contain anything bad. When this happens it’s called a “false positive”. And it will happen to you eventually, no matter which anti-virus application you use. The only time you need to be concerned about the veracity of your anti-virus program is if it continually reports false positives. In this care you need to consider changing anti-virus programs because obviously something is wrong with yours.

First of all, if you download a file from a site you trust and from which you’ve downloaded before – or one that has a good reputation… and still your anti-virus detects something wrong with the file you downloaded, you should suspect that it’s a false positive.

Some of you won’t trust anything but your anti-virus – which may not always work out well for you. But if you’re one of those “Doubting Thomas” types or you are downloading from a site about which you can’t find much information, we’re happy to tell you that we’ve almost gotten to the point. And, yes, I can hear your collective sighs of relief and I’m happy that you’re sighing because that means you’re still awake.

We’re happy to tell you that there’s a site where you can send that file that got your anti-virus program all worked up. A site that lets you test it to find out if it’s just a false positive or if it’s like Coca Cola – you know, the real thing. Some of you are thinking, “gee, I don’t even want to touch this file because it may blow up my computer”. Well you don’t really have to touch it, and since you’ve already (obviously) downloaded it and it’s already there on your hard drive, you may as well find out if it’s safe or not. Time for a reminder here – we’re talking about the files you downloaded from a site you trust or one with a generally good reputation, which your anti-virus has warned you about. We’re not talking about files you downloaded from some off-the-wall crack site or some obnoxious, um, less-than-savory site that some of you may visit – come on admit it! Don’t lie to me. I’m your teacher!

Here’s a good example for you: When we release a stationery collections, there are always several people who write and think we’ve finally joined Darth Vader on the dark side; or that we had decided to get careless and blow our good reputation which took us fourteen years to build. Some anti-virus programs were detecting a Trojan in our files. Of course, our files were safe – as usual. We haven’t gotten sloppy or careless. Those antivirus programs were reporting a false-positive, Nevertheless, it makes us look bad, when this happens – especially if this is the first time someone has ever had contact with our site. Even though a quick google of “Cloudeight” would have eased their minds most don’t bother. They download something, then the alarms go off and they never come back to our site again. But people don’t always do what they should. No, I’m not looking at you in particular, EB; do you have a guilty conscience?

Now, we’re happy to get to the point. Today we’re going to remind you about a site we’ve told you about before. A site that gives you the opportunity to get a quick assessment of any file that your anti-virus program identifies as a virus, Trojan, etc.. It’s called VirusTotal. It’s a free service that is run by an independent company in co-operation with all the big names in anti-virus software including AVAST, Trend Micro, Symantec, McAfee, Avira, AVG, Panda, and yada, yada, yada. Just about all of them OK? All you have to do is visit VirusTotal, upload the suspicious file, and you’ll be able to tell right away if it’s a false positive or if the file is really infected. If your anti-virus is the only one detecting a virus in the file then you can bet that it’s a false positive – which means the file is safe. If it is a false-positive, then you should report it to the company who makes your anti-virus program so they can fix it. It’s always good to assist your anti-virus company by reporting false-positives. It makes your anti-virus program better.

As your teacher, I’ve asked the developer’s of VirusTotal tell you about this service. Notice how laconic they are:

“About VirusTotal

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware detected by antivirus engines.

Specs:

* Free, independent service
* Use of multiple antivirus engines
* Real-time automatic updates of virus signatures
* Detailed results from each antivirus engine
* Real time global statistics

…Warning:

VirusTotal is not substitute any antivirus software installed in a PC, as it only scans individual files on demand. It does not offer permanent protection for the user’s system either.

Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.

Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. You may become a victim of misleading advertising, if you buy such a product under those premises.”

So, the next time your anti-virus program goes off in a tizzy when you download a file from a site you trust or a site which has a good reputation – don’t assume that the site has suddenly turned into a vile villain viciously determined to infect your computer with all manner of odious stuff. Use VirusTotal to find out if your anti-virus is reporting a false-positive. If it is reporting a false-positive, do your civic duty and notify the company that makes your anti-virus program so they can fix it – and make your anti-virus program better. False-positives mean something’s wrong with your anti-virus program and that’s not a good thing. VirusTotal is a very useful site.. Use it! Visit http://virustotal.com/ and check out them there softwares!

Class dismissed!

Now don’t be late!

Leave a Reply

Your email address will not be published. Required fields are marked *