Almost every time I write an article about some Windows program that can be downloaded and installed on your computer, I will receive at least one email message or other report from someone saying something like, "I downloaded it but my anti-virus program says it has a virus." I also often receive similar reports from someone saying that their virus program has reported a problem with a certain web site.
My response usually is, "Well, maybe..."
In many cases, the claim of a virus is a so-called "false positive." That is, the anti-virus program reported a virus that isn't really there. In fact, there is no virus at all, but the anti-virus program thinks there is. All anti-virus programs will occasionally report "false positives."
Symantec, the company that produces and sells Norton AntiVirus and Symantec AntiVirus Corporate Edition, agrees. The Symantec web site says (at http://service1.symantec.com/sarc/sarc.nsf/info/html/what.false.positive.html), "A false positive, also known as a false detection or false alarm, occurs when an antivirus program detects a known virus string in an uninfected file. The file, while not infected with an actual virus, does contain a string of characters that matches a string from an actual virus. A false positive can also occur when a program performs an action, which appears to the antivirus program to be a virus-like activity."
How do you determine the truth? Actually, there are several ways.
Of course, the conservative approach is to not take a chance and to delete the newly-downloaded program. That always works, but you do miss out on a possibly good program that has no virus.
I'd suggest you first check to make sure your anti-virus program's definitions have been updated within the last day or so. If not, manually update them now, and then check again. In many cases, an anti-virus program will add new definitions, only to find that some program will trip the alerts improperly. When the programmers of the anti-virus program are notified, they normally fix the false positives and issue brand-new definitions within a few days that correct the problem. If you are running last week's definitions, you may be dealing with a false positive report that has already been fixed by an update that you don't yet have.
If your anti-virus program's definitions are up to date, you might want to see if one of those definitions may be in error. To do this, go to Google or some other search engine and type in the name of your anti-virus program followed by the term "false positive" in quotes. For instance, if you use the SonicWALL Gateway Anti-Virus program, enter this:
SonicWALL Gateway Anti-Virus "false positive"
Enter the name of your anti-virus program in place of SonicWALL Gateway Anti-Virus in the above example. This will show you reports from other users of your anti-virus program so that you can tell if your program is prone to false positives or not.
Again, ALL anti-virus programs will occasionally report false positives. Don't be concerned if you see a handful of such reports; but, you might want to re-consider your choice of program if you see lots of people have the same problem.
You can also go to Google or some other search engine and see if other people have reported a virus in the program you just downloaded. For instance, if you just downloaded a nifty program called XYZ.EXE, you might go to Google and enter:
orXYZ.EXE download virus
Whatever other measures you choose, it’s a good idea to get a "second opinion" from an expert. You can upload the questionable file to any of several online virus testing programs. While these online tests should show any real infections in the file they’re examining, they are not designed to remove those infections; for that task you need to use an antivirus program that is installed on your computer.
As to which testing service to use, I'd suggest Jotti's Malware Scan, a free virus scanner that lets you upload and thoroughly check files for viruses and trojans online. Jotti's Malware Scan checks the file you upload with 20 well-known virus databases. You can see the list of anti-virus programs used on the Jotti web site in the upper right corner. The web site gives you a summary report from each of them. By checking the new file with 20 well-known anti-virus programs, you receive a good picture of the truth.
You can find Jotti's Malware Scan at http://virusscan.jotti.org/en
Keep in mind that no security solution offers 100% protection. Which would you rather believe: the one anti-virus program installed in your computer or twenty of today’s leading anti-virus programs?
Occasionally you will see one of those 20 programs produce a "false positive" report while the other 19 will report "no virus." I prefer to go with the majority vote. In most cases, if you return a few days later and perform the same test again on the same file, all 20 will report "no virus." That's because the one program has recently had its anti-virus definitions updated.
Another well-known and trusted free anti-virus scanning program is the free online virus scan from Kaspersky Labs. It is only one anti-virus program, but it has an excellent reputation and is very popular and well respected. You can find it at http://www.kaspersky.com/virusscanner
HouseCall from Trend Micro at http://housecall.trendmicro.com/ is another highly-respected solution. This free Windows virus scanning service can quickly identify and fix a wide range of threats including viruses, worms, Trojans, and spyware.
You can find still more free online virus scanners if you search for them. The above three are simply the ones I have used and that I trust.
Your computer’s healthcare has this much in common with your own health: there is no guarantee that either will be forever free of viruses and other nasties, but the measures you take can go a long way toward their protection. The next time your computer reports that some file is virus-infected, tell yourself, "I want a second opinion!"