Virus checkers are wonderful tools-— when they work. The problem is that you never know if they are telling the truth or not when they claim to have detected a virus on a web site or in a file on your computer.
The problem is called “false positives.” This happens when a virus checking program says there is a virus or there is a POSSIBILITY of a virus when, in fact, there is no virus in the web site or in the file. Sadly, this happens thousands of times every day, mostly to Windows users.
My favorite reference for this issue is How To Tell If a Virus Is Actually a False Positive, an article written by Chris Hoffman four years ago that still seems to be very accurate. He wrote:
“Your antivirus will complain that this download is a virus, but don’t worry — it’s a false positive.” You’ll occasionally see this assurance when downloading a file, but how can you tell for sure whether the download is actually safe?
A false positive is a mistake that happens occasionally — the antivirus thinks a download is harmful when it’s actually safe. But malicious people may try to trick you into downloading malware with this assurance.
The article may be found at https://www.howtogeek.com/180162/how-to-tell-if-a-virus-is-actually-a-false-positive/.
If your virus-checking program suddenly pops up a message claiming there is a virus or a POSSIBLE virus, the first thing you should do is to read Chris Hoffman’s article. You will notice that he recommends an online web site called VirusTotal and explains it this way:
If you download a file and your antivirus jumps into action and informs you the file is harmful, it probably is. If you’ve run into a false positive and the file is actually safe, most other antivirus programs shouldn’t make the same mistake. In other words, if this is a false positive, only a few antivirus programs should flag the file as dangerous, while most should say it’s safe. That’s where VirusTotal comes in — it lets us scan a file with 45 antivirus programs so we can see what they all think of it.
When Chris Hoffman wrote that article in 2014, the VirusTotal service checked each file with 45 anti-virus programs. Since then, even more have been added; now VirusTotal checks with 59 antivirus programs. Here is a screenshot of a test I just made with VirusTotal. You probably will see some familiar names of anti-virus programs in the list.
My screenshot shows only the top part of the list. The full list showing the results of all 59 anti-virus programs is too big to fit into this article.
Also, I tested a DOC file and some of the anti-virus programs only check specific file types, such as EXE or APP files. As a result, a few programs returned a status message of “Unable to process file type.” In other words, that specific file or web site wasn’t tested by those few programs.
I agree with Chris Hoffman. I have bookmarked the VirusTotal web site and use it frequently, such as whenever someone tells me that their anti-virus program claims there is a virus in a web site I mentioned in this newsletter. I never trust one anti-virus program’s claims. Instead, I trust the claims produced by VirusTotal’s 59 antivirus programs.
I then go with the majority. If one or two of those 59 programs claim there is a virus and the other 57 or 58 say there is no virus, I believe there is no virus.
In any case, after reading Chris Hoffman’s article at https://www.howtogeek.com/180162/how-to-tell-if-a-virus-is-actually-a-false-positive/, the second thing you should do is to go to VirusTotal at https://www.virustotal.com/#/home/upload and get a second opinion. Well, in this case, it will be 59 more opinions.