Your browser is obsolete!

The page may not load correctly.

The workshop

Кухня

Other issues in this category (24)
  • add to favourites
    Add to Bookmarks

No program is perfect

Read: 896 Comments: 16 Rating: 47

Everybody (including software developers) wants an anti-virus to run like clockwork—invisibly and seamlessly. But, alas, that’s not possible: people make mistakes, as do the programs they use.

Terminology

  • False positives—an anti-virus recognises a "clean", legitimate file as malicious or suspicious.
  • False negatives—an anti-virus recognises a malicious file as legitimate, leading to the possible launch of malicious programs.

Skipping over encryption ransomware is a false negative. Blocking an important program is a false positive. Criminals, of course, want the number of false negatives to go up. However, they can take an interest in false positives as well!

Naturally, the developers of anti-virus solutions can’t test all their program updates on all existing applications and the versions of those applications. And cybercriminals can take advantage of this by creating a malicious program whose signatures, once added to virus databases, will trigger the anti-virus, and as a consequence the blocking of a system or a program. After this, criminals can attack the system in which the compromised service was operating. Is this complicated and difficult? Definitely. But, in a day and age when hackers are attacking nuclear plants and rumours abound of tech wizards being able to hack any password with just one glance at a monitor, everything is possible!

Dr.Web recommends

  • In the event you suspect a false positive has been detected, notify our virus laboratory. If you are protecting your system with a Dr.Web solution, you can do this at https://vms.drweb.com/sendvirus/?lng=en.

    If you are protecting your system with a different anti-virus, you can find the relevant developer’s address for reporting a false positive at http://safezone.cc/threads/kuda-soobschit-o-lozhnom-srabatyvanii-antivirusa.23501.

  • Many users are advised to send their suspicious files to VirusTotal. This service scans received files using many anti-viruses (scanned files are not launched during testing). Unfortunately, the scan results of this service cannot be considered to be completely accurate. First, your system can be infected by a new modification of a malware program, and if your anti-virus informs you that it is correct, this is probably the case. Second, the tests involve only one component—the anti-virus engine. And your anti-virus could report an infection as having occurred with an entirely different component.
  • If your anti-virus reports a possible threat:
    • update it and run a full scan;
    • until the situation is clarified, restrict your online communications with friends and business partners—they won't be happy if along with receiving news of your problems, they have a Trojan penetrate their system.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments