Antivirus False Positives Is Now A Common Problem

For the past few years, a common problem that most antivirus software experiencing is the high memory usage which causes the computer to slow down. The antivirus companies are aware of this and they’ve improved the memory usage on the current versions, although there are still some antivirus products taking up hundreds of megabytes of memory usage…

Then,after that,My biggest gripe for all Anti-Virus solutions is the amount of false positives. Sometimes Antivirus scanner reports that a program is infected with a Virus or Trojan, even when the program is not really infected with any malicious code. This kind of problem is known as “False Positive” or “False Alert”.

False positives is so common nowadays and I personally think that EVERY antivirus company should do something about it. If you think that false detection is not such a big deal, let me try to convince you.

Less than a month ago,May 11, 2010,McAfee delivers a false-positive detection of the W32/wecorl.a virus when version 5958 of the DAT file is used, causing tens of thousands of Windows XP computers to crash or repeatedly reboot.

About three month ago,February 17th, 2010,it is AVG’ Turn.  Every 15 seconds an AVG popup warned avg user that Windows Defender was a Trojan. 

There is Another example of  iSergiwa, the developer of Remove Restriction Tool, CaSIR, iPMS and many other useful virus removal tools. 2 months ago, one of iSergiwa’s client reported that Kaspersky detected iPMS as a rootkit which obviously is a false positives. Although he managed to get Kaspersky to fix the false positives, but during those 48 hours of this false positive alarm he received tons of complains, his website visitors and sales fell back and many of his potential customers left.

I am not questioning the value of Anti-Virus in today’s world. The message that I am trying to convey here is don’t always 100% listen to what the antivirus that is installed on your computer says because there is always a possibility that it is a false detection. Just treat it as a warning and you can scan the suspicious file in Virustotal  first. If you’re still unsure, analyze it in ThreatExpert  or Camas.

One Comment