Anti Virus False Positive (False alert) Problem is increasing for Personal Computer Users-virustotal.com
In recent years, anti virus false positive is ever increasing for Personal computer users. Everyone using personal computer has to have some anti virus software in their personal computer. For example, these are common anti virus software and you might use one of these in your computer.
- Window Defender
- Avast Free
- BitDefender
- Symantec
- McAfee
- Sophos ML
- Webroot
- etc
For someone who does not know what is false positive in anti virus software, here is some explanation about false positive from pcword.com article:
“False positive detection are common in the antivirus industry. They occur when a benign program is wrongfully flagged as malicious due to an overly broad detection signature or algorithm used in an antivirus product.”
Simply speaking, false positive is false alert or wrong detection of virus or malware on genuine industrial application designed for user’s benefits or technological advancement.
In fact, the problem behind the false positive is the incompetent virus detection engine from the anti virus companies. As it was discussed by Chris Thornton’s answer in Stackoverflow, if this incompetent virus detection engine was equipped as terrorist scanner in the airport, many innocent people would have been shot dead on sight because they are a male with brown hair and brown eyes.
At the moment, the incompetency or frustration is how anti virus software users are feeling with all the anti virus software in the market. Simply their virus detection technology is not better than random picking.
You might ask if paid one is better than free one. The answer is no. Paid one does not provide any edge against free one. You will get the same rate of false positive with paid one too.
Now anti virus software companies is moving forwards with reputation and ranking system putting their detection technology less priority. In Reputation and ranking system, anti virus software uses social network to collect reputation and usage to tell safety of the software.
Once again, this is not going to work but creating another side effects. Firstly, unpopular software or application will be labelled as virus or malware just because they are unpopular. I have personally seen one of the free remote connection software with over 100,000 users are flagged as virus with Avast free and McAfee. Now, it brings the question if it is popular then it is not dangerous?
Secondly, anti virus software companies ask the developer to register if they want their application to remove the flag as virus or malware. Well, contacting and registering several companies will not end this false positive problem. Finally, the developers have to contact over 1000 anti virus software companies to lift the false positive problem with their software. I am doubt very much if any developer can do this.
Finally, collecting data through social network and accepting registration from developers will cost a lot of money for someone. I do not know eventually who has to pay for the cost of all these reputation and ranking system. It could be users or developers or anti virus software company or government.
In my opinion, reputation and ranking system will not going to be the permanent solution in detecting virus and malware. Either it is not so much better than application scanning technology at the huge cost.
At the moment, the best solution I found seems to be using http://www.virustotal.com. What virus total.com is doing is that they are using over 70 different scanners on the market to check virus or malware from application or url. Because virus total.com uses 70 different virus scanners, there is less chance to be fooled by false positive problem. It will nice report how many scanner are unhappy with the application over 70 different scanner.
For myself, I use one third rule with virustotal.com. I take it seriously if more than one third of scanners out of 70 are complaining about virus or malware. For example, more than 23 scanners are complaining out of 70 scanners, then I will take it seriously. But I will take it as false positive (i.e wrong detection) if 5 or 10 scanner are only complaining out of 70. While you are using virustotal.com, you will learn the lesson “Never rely on one scanner in the virus or malware detection.”. Having said that the judgement is entirely up to you. This article is only provided as general guide line. You can use the knowledge in this article at your own risk.
AlgoTrading-Investment.com Blog 