How do you know if a file is really infected?

By | February 11, 2012
Print Friendly, PDF & Email

Bill says he’d love to use our stationery but Norton says our files are infected
I have tried several times to download your stationery but I get a warning from Norton that there are Trojans in your stationery downloads. What’s up with that? I thought you guys were good guys? Bill

Our answer
It seems every week we’re disparaging Norton for one thing or another. Norton is a brand-name antivirus whose reputation was built back in mid-1990s. Things have changed. Norton made a lot of money in those days because they were at one time the only anti-virus available until McAfee came along.  That was then – this is now. Technology has caught up with Norton and other antivirus programs have surpassed them. Norton’s response, rather than making their antivirus better, has been to add more and more junk to their security suite. Things like anti-spam, safe-surfing, Lifelock (which has been sued by the FTC for false advertising), anti-phishing, anti-spyware, anti-everything. Norton has so much anti-stuff they’ve become anti-user. Sometimes (to us at least) it seems that Norton is worse than the things it supposedly protects you from.

There’s a misconception that many computer users have that more is better. If their antispyware or antivirus detects more things – it’s working better. But that’s not true at all. The only things we want our security software to detect are things which can harm our computers or steal our passwords. Norton has one of the highest rates of false-positives of any security software available. False-positives are like false alarms. If you had a smoke detector in your house that constantly sounded false alarms you’d get a different one – one that worked correctly – wouldn’t you? If a smoke alarm gives you false alarms, how will you know, then, when it’s giving you real warning. You won’t.  So it is with an antivirus that gives you false alarms such as your Norton did with our files. Our files don’t contain anything malicious – they never have, and they never will.

Another misconception: People think that downloading an infected exe file is going to infect their system. It’s not. It’s only going to infect your system if you click on it to install it. Having the file saved on your desktop is not going to infect your computer – just like having an installer for a legitimate freeware program sitting on your desktop is going to install the program. You have to “run” or “execute” the installer before the program is installed. Likewise you’d have to run (or execute) the infected file before it would infect your system. We’re not advising you to download known infected files. But in the case of a site you have come to know and trust – you should assume the files are safe and not infected — and that your anti-virus is giving you a false positive.

So the next time an antivirus program gives you a warning about a file from a site you’ve come to trust – download it, save it to your hard drive, but don’t click on it to run it. Instead, go towww.virustotal.com and check the file with 43 different antivirus programs at the same time.  If 4 or 5 antivirus programs say the file is “infected” and the rest say it’s not – you can be sure that the 2 or 3 which say the file is infected are displaying false positives.

Here is a scan which we did on one of our stationery files this morning at Virus Total – none of the 43 antivirus programs which scanned the file detected any virus or malware.

Cloudeight InfoAve Premum

Look at the screen shot above. Next to “Detection ratio:” you’ll see it says 0 / 43. That means that none of the 43 anti-virus programs that scanned that Cloudeight Stationery file found any threats at all. So the next time you download a file from a site you trust and your antivirus program tells you it’s “infected” – download it by saving it to your hard drive but don’t run it. Instead go towww.virustotal.com and scan the file to make sure. And even if you see 4 or 5 antivirus programs finding an “infection” – if the vast majority find no infection, you can be sure that the file is safe.

Just for the record – right now the top-rated antivirus is Esset’s NOD32 – it generally comes in at the top of most independent lab tests. However the difference between #1 and #5 is negligible – NOD32 isn’t free – but they have a free online scanner you can use to double-check your current antivirus. You can find it at http://www.eset.com/us/online-scanner/ .

3 thoughts on “How do you know if a file is really infected?

  1. Muriel S

    I am so frustrated with family, friends, and acquaintances
    who continue to use, and feel safe with Norton, McAffee, Trend Micro, etc. just because it “came” with their computer, or they read reviews in some “experts” article in a magazine, or is forced upon them by their ISP. I’ve forwarded some of your past reviews and comments. I’ve talked ’til I could spit nickels. All to no avail. Yet,
    they still keep asking me for advice when their computer runs amok and I KNOW it’s the so-called, all-purpose, unreliable, monsrtosity of a “Security Suite” causing the problem.

    Thanks TC for the virustotal link. You’ve wrapped it up, put a bow on it, and now I’ll print a few dozen copies and just hand it to’em. Bless you.

    Reply
  2. Janice

    Another GREAT acticle…and I, too thank you for the virustotal.com tip! You two are the most trust worthy techies I know!

    Thanks so much for your honesty!

    Reply
  3. Vicki R

    I love ESET Nod32 Antivirus & Antispyware software. It has saved me from serious infections several times in the last year and is worth every penny you will spend on it.

    Reply

Leave a Reply to Muriel S Cancel reply

Your email address will not be published. Required fields are marked *