Almost every time I write an article about some web site or perhaps about a Windows program that can be downloaded and installed on your computer, I will receive at least one email message or other report from someone saying something like, “I downloaded it but my anti-virus program says it has a virus or a trojan”
My response usually is, “Well, maybe…”
In many cases, the claim of a virus or trojan or other malware (malevolent software) is a so-called “false positive.” That is, the anti-virus program reported a problem that isn’t really there. In fact, there is no virus or other problem at all, but the anti-virus program thinks there is. All anti-virus programs will occasionally report “false positives.”
How do you determine the truth? Actually, there are several ways.
Of course, the conservative approach is to not take a chance and to not view web sites that are are reported to have a possible problem or to delete any newly-downloaded programs. That always works, but you do miss out on numerous things that have no viruses or other problems.
I’d suggest you first check to make sure your anti-virus program’s definitions have been updated within the last day or so. If not, manually update them now, and then check again. In many cases, an anti-virus program will add new definitions, only to find that some program will trip the alerts improperly. When the programmers of the anti-virus program are notified, they normally fix the false positives and issue brand-new definitions within hours that correct the problem. If you are running last week’s definitions, you may be dealing with a false positive report that has already been fixed by an update that you don’t yet have.
You can find numerous tools for checking web sites for potential problems.
My favorite tool for scanning web sites is VirusTotal, a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners. VirusTotal has been around for years and has earned a good reputation.
VirusTotal is very easy to use: simply copy-and-paste a URL (web address) into VirusTotal’s menus and let the online service check the web site for you.
You can find VirusTotal at https://www.virustotal.com.
You also might want to read the article A first shot at false positives in the VirusTotal Blog at http://blog.virustotal.com/2015/02/a-first-shot-at-false-positives.html. The article describes one effort to get rid of false positive reports. It states, “We have been working on this for just one week and with just one company, Microsoft, yet results look very promising: over 6000 false positives have been fixed. ”
Again, VirusTotal is a tool for checking web sites, not programs that you have downloaded.
For checking files or programs downloaded to a Windows computer, you can find a number of available tools to provide a “second opinion.”
If your anti-virus program’s definitions are up to date, you might want to see if one of those definitions may be in error. To do this, go to Google or some other search engine and type in the name of your anti-virus program followed by the term “false positive” in quotes. For instance, if you want to check on a file downloaded to your computer, enter this:
SonicWALL Gateway Anti-Virus “false positive”
Enter the name of your anti-virus program in place of “SonicWALL Gateway Anti-Virus” in the above example. This will show you reports from other users of your anti-virus program so that you can tell if your program is prone to false positives or not.
Again, ALL anti-virus programs will occasionally report false positives. Don’t be concerned if you see a handful of such reports; but, you might want to re-consider your choice of program if you see lots of people have the same problem.
You can also go to Google or some other search engine and see if other people have reported a virus in the program you just downloaded. For instance, if you just downloaded a nifty program called XYZ.EXE, you might go to Google and enter:
XYZ.EXE download virus
Whatever other measures you choose, it’s a good idea to get a “second opinion” from an expert. You can upload the questionable file to any of several online virus testing programs. While these online tests should show any real infections in the file they’re examining, they are not designed to remove those infections; for that task you need to use an antivirus program that is installed on your computer.
As to which testing service to use, I’d suggest Jotti’s Malware Scan, a free virus scanner that lets you upload and thoroughly check files for viruses and trojans online. Jotti’s Malware Scan checks the file you upload with 22 well-known virus databases (including A-Squared, AntiVir, ArcaVir, Avast, AVG Antivirus, BitDefender, ClamAV, CPsecure, Dr.Web, F-Prot Antivirus, F-Secure Anti-Virus, Fortinet, Ikarus, Kaspersky Anti-Virus, NOD32, Norman Virus Control, Panda Antivirus, Sophos Antivirus, VirusBuster, VBA32, etc.). It then gives you a summary report from each of them. By checking the new file with multiple well-known anti-virus programs, you receive a good picture of the truth.
You can find Jotti’s Malware Scan at http://virusscan.jotti.org/en.
Which would you rather believe: the one anti-virus program installed in your computer or more than twenty of today’s leading anti-virus programs?
Occasionally you will see one of the programs produce a “false positive” report while the others will report “no virus.” I prefer to go with the majority vote. In most cases, if you return a few days later and perform the same test again on the same file, all tests will report “no virus.” That’s because the one program has recently had its anti-virus definitions updated.
VirSCAN at http://virscan.org is a another anti-virus scanner that uses many different anti-virus programs to look for potential problems.
Again, both Jotti’s Malware Scan and VirSCAN are designed to check programs that have been downloaded. They do not analyze web sites.
You can find still more free online virus scanners if you search for them. The above are simply the ones I have used and that I trust.
Your computer’s healthcare has this much in common with your own: there is no guarantee that either will be forever free of viruses and other nasties, but the measures you take can go a long way toward their protection. The next time your computer reports that some file is virus-infected, tell yourself, “I want a second opinion!”