Virus False Positives: How Can You Be Sure?

Almost every time I write an article about some web site or perhaps about a Windows program that can be downloaded and installed on your computer, I will receive at least one email message or other report from someone saying something like, “I downloaded it but my anti-virus program says it has a virus.”

My response usually is, “Well, maybe…”

In many cases, the claim of a virus is a so-called “false positive.” That is, the anti-virus program reported a virus that isn’t really there. In fact, there is no virus at all, but the anti-virus program thinks there is. All anti-virus programs will occasionally report “false positives.”

How do you determine the truth? Actually, there are several ways.

Of course, the conservative approach is to not take a chance and to not view web sites that are are reported to have a possible problem or to delete any newly-downloaded programs. That always works, but you do miss out on numerous things that have no viruses or other problems.

I’d suggest you first check to make sure your anti-virus program’s definitions have been updated within the last day or so. If not, manually update them now, and then check again. In many cases, an anti-virus program will add new definitions, only to find that some program will trip the alerts improperly. When the programmers of the anti-virus program are notified, they normally fix the false positives and issue brand-new definitions within hours that correct the problem. If you are running last week’s definitions, you may be dealing with a false positive report that has already been fixed by an update that you don’t yet have.

You can find numerous tools for checking web sites for potential problems.

My favorite tool for scanning web sites is VirusTotal, a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

VirusTotal is very easy to use: simply copy-and-paste a URL (web address) into VirusTotal’s menus and let the online service check the web site for you.

You can find VirusTotal at https://www.virustotal.com.

For checking files or programs downloaded to a Windows computer, you can find a number of available tools to provide a “second opinion.”

If your anti-virus program’s definitions are up to date, you might want to see if one of those definitions may be in error. To do this, go to Google or some other search engine and type in the name of your anti-virus program followed by the term “false positive” in quotes. For instance, if you want to check on a file downloaded to your computer, enter this:

SonicWALL Gateway Anti-Virus “false positive”

Enter the name of your anti-virus program in place of SonicWALL Gateway Anti-Virus in the above example. This will show you reports from other users of your anti-virus program so that you can tell if your program is prone to false positives or not.

Again, ALL anti-virus programs will occasionally report false positives. Don’t be concerned if you see a handful of such reports; but, you might want to re-consider your choice of program if you see lots of people have the same problem.

You can also go to Google or some other search engine and see if other people have reported a virus in the program you just downloaded. For instance, if you just downloaded a nifty program called XYZ.EXE, you might go to Google and enter:

XYZ.EXE virus

or

XYZ.EXE download virus

Whatever other measures you choose, it’s a good idea to get a “second opinion” from an expert. You can upload the questionable file to any of several online virus testing programs. While these online tests should show any real infections in the file they’re examining, they are not designed to remove those infections; for that task you need to use an antivirus program that is installed on your computer.

As to which testing service to use, I’d suggest Jotti’s Malware Scan, a free virus scanner that lets you upload and thoroughly check files for viruses and trojans online. Jotti’s Malware Scan checks the file you upload with 22 well-known virus databases (including A-Squared, AntiVir, ArcaVir, Avast, AVG Antivirus, BitDefender, ClamAV, CPsecure, Dr.Web, F-Prot Antivirus, F-Secure Anti-Virus, Fortinet, Ikarus, Kaspersky Anti-Virus, NOD32, Norman Virus Control, Panda Antivirus, Sophos Antivirus, VirusBuster, VBA32, etc.). It then gives you a summary report from each of them. By checking the new file with 22 well-known anti-virus programs, you receive a good picture of the truth.

You can find Jotti’s Malware Scan at http://virusscan.jotti.org/en.

Which would you rather believe: the one anti-virus program installed in your computer or twenty of today’s leading anti-virus programs?

Occasionally you will see one of those 22 programs produce a “false positive” report while the other 21 will report “no virus.” I prefer to go with the majority vote. In most cases, if you return a few days later and perform the same test again on the same file, all 22 will report “no virus.” That’s because the one program has recently had its anti-virus definitions updated.

Another well-known and trusted free anti-virus scanning program is the free online virus scan from Kaspersky Labs. It is only one anti-virus program, but it has an excellent reputation. You can find it at http://www.kaspersky.com/virusscanner.

VirSCAN at http://virscan.org is a third anti-virus scanner that uses 37 different anti-virus programs to look for potential problems.

You can find still more free online virus scanners if you search for them. The above are simply the ones I have used and that I trust.

Your computer’s healthcare has this much in common with your own: there is no guarantee that either will be forever free of viruses and other nasties, but the measures you take can go a long way toward their protection. The next time your computer reports that some file is virus-infected, tell yourself, “I want a second opinion!”

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong> 

Follow

Get every new post delivered to your Inbox.

Join 7,326 other followers

%d bloggers like this: