Your browser is obsolete!

The page may not load correctly.

The workshop

Кухня

Other issues in this category (34)
  • add to favourites
    Add to Bookmarks

No program is perfect

Read: 1679 Comments: 2 Rating: 49

Monday, October 17, 2016

Everybody (including software developers) wants an anti-virus to run like clockwork—invisibly and seamlessly. But, alas, that’s not possible: people make mistakes, as do the programs they use.

Terminology

  • False positives—an anti-virus recognises a "clean", legitimate file as malicious or suspicious.
  • False negatives—an anti-virus recognises a malicious file as legitimate, leading to the possible launch of malicious programs.

Skipping over encryption ransomware is a false negative. Blocking an important program is a false positive. Criminals, of course, want the number of false negatives to go up. However, they can take an interest in false positives as well!

Naturally, the developers of anti-virus solutions can’t test all their program updates on all existing applications and the versions of those applications. And cybercriminals can take advantage of this by creating a malicious program whose signatures, once added to virus databases, will trigger the anti-virus, and as a consequence the blocking of a system or a program. After this, criminals can attack the system in which the compromised service was operating. Is this complicated and difficult? Definitely. But, in a day and age when hackers are attacking nuclear plants and rumours abound of tech wizards being able to hack any password with just one glance at a monitor, everything is possible!

The Anti-virus Times recommends

  • In the event you suspect a false positive has been detected, notify our virus laboratory. If you are protecting your system with a Dr.Web solution, you can do this at https://vms.drweb.com/sendvirus/?lng=en.

    If you are protecting your system with a different anti-virus, you can find the relevant developer’s address for reporting a false positive at http://safezone.cc/threads/kuda-soobschit-o-lozhnom-srabatyvanii-antivirusa.23501.

  • Many users are advised to send their suspicious files to VirusTotal. This service scans received files using many anti-viruses (scanned files are not launched during testing). Unfortunately, the scan results of this service cannot be considered to be completely accurate. First, your system can be infected by a new modification of a malware program, and if your anti-virus informs you that it is correct, this is probably the case. Second, the tests involve only one component—the anti-virus engine. And your anti-virus could report an infection as having occurred with an entirely different component.
  • If your anti-virus reports a possible threat:
    • update it and run a full scan;
    • until the situation is clarified, restrict your online communications with friends and business partners—they won't be happy if along with receiving news of your problems, they have a Trojan penetrate their system.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments