No program is perfect
Monday, October 17, 2016
Everybody (including software developers) wants an anti-virus to run like clockwork—invisibly and seamlessly. But, alas, that’s not possible: people make mistakes, as do the programs they use.
Terminology
- False positives—an anti-virus recognises a "clean", legitimate file as malicious or suspicious.
- False negatives—an anti-virus recognises a malicious file as legitimate, leading to the possible launch of malicious programs.
Skipping over encryption ransomware is a false negative. Blocking an important program is a false positive. Criminals, of course, want the number of false negatives to go up. However, they can take an interest in false positives as well!
Naturally, the developers of anti-virus solutions can’t test all their program updates on all existing applications and the versions of those applications. And cybercriminals can take advantage of this by creating a malicious program whose signatures, once added to virus databases, will trigger the anti-virus, and as a consequence the blocking of a system or a program. After this, criminals can attack the system in which the compromised service was operating. Is this complicated and difficult? Definitely. But, in a day and age when hackers are attacking nuclear plants and rumours abound of tech wizards being able to hack any password with just one glance at a monitor, everything is possible!
The Anti-virus Times recommends
In the event you suspect a false positive has been detected, notify our virus laboratory. If you are protecting your system with a Dr.Web solution, you can do this at https://vms.drweb.com/sendvirus/?lng=en.
If you are protecting your system with a different anti-virus, you can find the relevant developer’s address for reporting a false positive at http://safezone.cc/threads/kuda-soobschit-o-lozhnom-srabatyvanii-antivirusa.23501.
- Many users are advised to send their suspicious files to VirusTotal. This service scans received files using many anti-viruses (scanned files are not launched during testing). Unfortunately, the scan results of this service cannot be considered to be completely accurate. First, your system can be infected by a new modification of a malware program, and if your anti-virus informs you that it is correct, this is probably the case. Second, the tests involve only one component—the anti-virus engine. And your anti-virus could report an infection as having occurred with an entirely different component.
- If your anti-virus reports a possible threat:
- update it and run a full scan;
- until the situation is clarified, restrict your online communications with friends and business partners—they won't be happy if along with receiving news of your problems, they have a Trojan penetrate their system.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
vasvet
06:22:18 2018-07-25
Helen
18:12:18 2016-10-17