{"id":4730,"date":"2012-09-06T17:08:07","date_gmt":"2012-09-06T21:08:07","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=4730"},"modified":"2012-09-06T17:08:07","modified_gmt":"2012-09-06T21:08:07","slug":"whoa-how-to-know-for-sure-if-your-virus-scanner-is-wrong","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/whoa-how-to-know-for-sure-if-your-virus-scanner-is-wrong\/","title":{"rendered":"Whoa! How to know for sure if your virus scanner is wrong"},"content":{"rendered":"<p><strong>Bill says he\u2019d love to use our stationery but Norton says our files are infected<br \/>\n<\/strong>I have tried several times to download your stationery but I get a warning from Norton that there are Trojans in your stationery downloads. What\u2019s up with that? I thought you guys were good guys? Bill<\/p>\n<p><strong>Our answer<br \/>\n<\/strong>It seems every week we\u2019re disparaging Norton for one thing or another. Norton is a brand-name antivirus whose reputation was built back in mid-1990s. Things have changed. Norton made a lot of money in those days because they were at one time the only anti-virus available until McAfee came along.\u00a0 That was then \u2013 this is now. Technology has caught up with Norton and other antivirus programs have surpassed them. Norton\u2019s response, rather than making their antivirus better, has been to add more and more junk to their security suite. Things like anti-spam, safe-surfing, Lifelock (which has been sued by the FTC for false advertising), anti-phishing, anti-spyware, anti-everything. Norton has so much anti-stuff they\u2019ve become anti-user. Sometimes (to us at least) it seems that Norton is worse than the things it supposedly protects you from.<\/p>\n<p>There\u2019s a misconception that many computer users have that more is better. If their antispyware or antivirus detects more things \u2013 it\u2019s working better. But that\u2019s not true at all. The only things we want our security software to detect are things which can harm our computers or steal our passwords. Norton has one of the highest rates of false-positives of any security software available. False-positives are like false alarms. If you had a smoke detector in your house that constantly sounded false alarms you\u2019d get a different one \u2013 one that worked correctly \u2013 wouldn\u2019t you? If a smoke alarm gives you false alarms, how will you know, then, when it\u2019s giving you real warning. You won\u2019t.\u00a0 So it is with an antivirus that gives you false alarms such as your Norton did with our files. Our files don\u2019t contain anything malicious \u2013 they never have, and they never will.<\/p>\n<p>Another misconception: People think that downloading an infected exe file is going to infect their system. It\u2019s not. It\u2019s only going to infect your system if you click on it to install it. Having the file saved on your desktop is not going to infect your computer \u2013 just like having an installer for a legitimate freeware program sitting on your desktop is going to install the program. You have to \u201crun\u201d or \u201cexecute\u201d the installer before the program is installed. Likewise you\u2019d have to run (or execute) the infected file before it would infect your system. We\u2019re not advising you to download known infected files. But in the case of a site you have come to know and trust \u2013 you should assume the files are safe and not infected \u2014 and that your anti-virus is giving you a false positive.<\/p>\n<p>So the next time an antivirus program gives you a warning about a file from a site you\u2019ve come to trust \u2013 download it, save it to your hard drive, but don\u2019t click on it to run it. Instead, go to<a href=\"http:\/\/www.virustotal.com\/\" rel=\"nofollow\" target=\"_blank\">www.virustotal.com<\/a>\u00a0and check the file with 43 different antivirus programs at the same time.\u00a0 If 4 or 5 antivirus programs say the file is \u201cinfected\u201d and the rest say it\u2019s not \u2013 you can be sure that the 2 or 3 which say the file is infected are displaying false positives.<\/p>\n<p>Here is a scan which we did on one of our stationery files this morning at Virus Total \u2013 none of the 43 antivirus programs which scanned the file detected any virus or malware.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/thundercloud.net\/infoave\/images\/2012\/virus-total-2.png\" alt=\"Cloudeight InfoAve Premum\" width=\"522\" height=\"385\" border=\"0\" \/><\/p>\n<p>Look at the screen shot above. Next to \u201cDetection ratio:\u201d you\u2019ll see it says 0 \/ 43. That means that none of the 43 anti-virus programs that scanned that Cloudeight Stationery file found any threats at all. So the next time you download a file from a site you trust and your antivirus program tells you it\u2019s \u201cinfected\u201d \u2013 download it by saving it to your hard drive but don\u2019t run it. Instead go to<a href=\"http:\/\/www.virustotal.com\/\" rel=\"nofollow\" target=\"_blank\">www.virustotal.com<\/a>\u00a0and scan the file to make sure. And even if you see 4 or 5 antivirus programs finding an \u201cinfection\u201d \u2013 if the vast majority find no infection, you can be sure that the file is safe.<\/p>\n<p>Just for the record \u2013 right now the top-rated antivirus is Esset\u2019s NOD32 \u2013 it generally comes in at the top of most independent lab tests. However the difference between #1 and #5 is negligible \u2013 NOD32 isn\u2019t free \u2013 but they have a free online scanner you can use to double-check your current antivirus. You can find it at\u00a0<a href=\"http:\/\/www.eset.com\/us\/online-scanner\/\" rel=\"nofollow\" target=\"_blank\">http:\/\/www.eset.com\/us\/online-scanner\/<\/a>\u00a0.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bill says he\u2019d love to use our stationery but Norton says our files are infected I have tried several times to download your stationery but I get a warning from Norton that there are Trojans in your stationery downloads. What\u2019s up with that? I thought you guys were good guys? Bill Our answer It seems every week we\u2019re\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.thundercloud.net\/infoave\/new\/whoa-how-to-know-for-sure-if-your-virus-scanner-is-wrong\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/4730"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=4730"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/4730\/revisions"}],"predecessor-version":[{"id":4731,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/4730\/revisions\/4731"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=4730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=4730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=4730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}