{"id":3703,"date":"2012-02-11T12:11:14","date_gmt":"2012-02-11T17:11:14","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=3703"},"modified":"2012-02-11T12:11:14","modified_gmt":"2012-02-11T17:11:14","slug":"how-do-you-know-if-a-file-is-really-infected","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/how-do-you-know-if-a-file-is-really-infected\/","title":{"rendered":"How do you know if a file is really infected?"},"content":{"rendered":"<p><strong>Bill says he&#8217;d love to use our stationery but Norton says our files are infected<br \/>\n<\/strong>I have tried several times to download your stationery but I get a warning from Norton that there are Trojans in your stationery downloads. What&#8217;s up with that? I thought you guys were good guys? Bill<\/p>\n<p><strong>Our answer<br \/>\n<\/strong>It seems every week we&#8217;re disparaging Norton for one thing or another. Norton is a brand-name antivirus whose reputation was built back in mid-1990s. Things have changed. Norton made a lot of money in those days because they were at one time the only anti-virus available until McAfee came along.\u00a0 That was then &#8211; this is now. Technology has caught up with Norton and other antivirus programs have surpassed them. Norton&#8217;s response, rather than making their antivirus better, has been to add more and more junk to their security suite. Things like anti-spam, safe-surfing, Lifelock (which has been sued by the FTC for false advertising), anti-phishing, anti-spyware, anti-everything. Norton has so much anti-stuff they&#8217;ve become anti-user. Sometimes (to us at least) it seems that Norton is worse than the things it supposedly protects you from.<\/p>\n<p>There&#8217;s a misconception that many computer users have that more is better. If their antispyware or antivirus detects more things &#8211; it&#8217;s working better. But that&#8217;s not true at all. The only things we want our security software to detect are things which can harm our computers or steal our passwords. Norton has one of the highest rates of false-positives of any security software available. False-positives are like false alarms. If you had a smoke detector in your house that constantly sounded false alarms you&#8217;d get a different one &#8211; one that worked correctly &#8211; wouldn&#8217;t you? If a smoke alarm gives you false alarms, how will you know, then, when it&#8217;s giving you real warning. You won&#8217;t.\u00a0 So it is with an antivirus that gives you false alarms such as your Norton did with our files. Our files don&#8217;t contain anything malicious &#8211; they never have, and they never will.<\/p>\n<p>Another misconception: People think that downloading an infected exe file is going to infect their system. It&#8217;s not. It&#8217;s only going to infect your system if you click on it to install it. Having the file saved on your desktop is not going to infect your computer &#8211; just like having an installer for a legitimate freeware program sitting on your desktop is going to install the program. You have to &#8220;run&#8221; or &#8220;execute&#8221; the installer before the program is installed. Likewise you&#8217;d have to run (or execute) the infected file before it would infect your system. We&#8217;re not advising you to download known infected files. But in the case of a site you have come to know and trust &#8211; you should assume the files are safe and not infected &#8212; and that your anti-virus is giving you a false positive.<\/p>\n<p>So the next time an antivirus program gives you a warning about a file from a site you&#8217;ve come to trust &#8211; download it, save it to your hard drive, but don&#8217;t click on it to run it. Instead, go to<a href=\"http:\/\/www.virustotal.com\/\">www.virustotal.com<\/a> and check the file with 43 different antivirus programs at the same time.\u00a0 If 4 or 5 antivirus programs say the file is &#8220;infected&#8221; and the rest say it&#8217;s not &#8211; you can be sure that the 2 or 3 which say the file is infected are displaying false positives.<\/p>\n<p>Here is a scan which we did on one of our stationery files this morning at Virus Total &#8211; none of the 43 antivirus programs which scanned the file detected any virus or malware.<\/p>\n<p><span style=\"font-family: sans-serif;\"><img loading=\"lazy\" decoding=\"async\" style=\"border-image: initial; border: 0px initial initial;\" src=\"http:\/\/thundercloud.net\/infoave\/images\/2012\/virus-total-2.png\" border=\"0\" alt=\"Cloudeight InfoAve Premum\" width=\"522\" height=\"385\" \/><\/span><\/p>\n<p><span style=\"font-family: sans-serif;\">Look at the screen shot above. Next to &#8220;Detection ratio:&#8221; you&#8217;ll see it says 0 \/ 43. That means that none of the 43 anti-virus programs that scanned that Cloudeight Stationery file found any threats at all. So the next time you download a file from a site you trust and your antivirus program tells you it&#8217;s &#8220;infected&#8221; &#8211; download it by saving it to your hard drive but don&#8217;t run it. Instead go to<a href=\"http:\/\/www.virustotal.com\/\">www.virustotal.com<\/a> and scan the file to make sure. And even if you see 4 or 5 antivirus programs finding an &#8220;infection&#8221; &#8211; if the vast majority find no infection, you can be sure that the file is safe.<\/span><\/p>\n<p><span style=\"font-family: sans-serif;\">Just for the record &#8211; right now the top-rated antivirus is Esset&#8217;s NOD32 &#8211; it generally comes in at the top of most independent lab tests. However the difference between #1 and #5 is negligible &#8211; NOD32 isn&#8217;t free &#8211; but they have a free online scanner you can use to double-check your current antivirus. You can find it at <\/span><a href=\"http:\/\/www.eset.com\/us\/online-scanner\/\">http:\/\/www.eset.com\/us\/online-scanner\/<\/a> .<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bill says he&#8217;d love to use our stationery but Norton says our files are infected I have tried several times to download your stationery but I get a warning from Norton that there are Trojans in your stationery downloads. What&#8217;s up with that? I thought you guys were good guys? Bill Our answer It seems every week we&#8217;re\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.thundercloud.net\/infoave\/new\/how-do-you-know-if-a-file-is-really-infected\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1655,1656,10],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/3703"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=3703"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/3703\/revisions"}],"predecessor-version":[{"id":3704,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/3703\/revisions\/3704"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=3703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=3703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=3703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}