Virus report

Frequency Asked Questions

Virus report

Postby support » 14 March 2013, 16:42

Problems caused by false positives

A "false positive" or "false alarm" is when antivirus software identifies a non-malicious file as malware. When this happens, it can cause serious problems. For example, if an antivirus program is configured to immediately delete or quarantine infected files, as is common on Microsoft Windows antivirus applications, a false positive in an essential file can render the Windows operating system or some applications unusable. Recovering from such damage to critical software infrastructure incurs technical support costs and businesses can be forced to close whilst remedial action is undertaken. For example, in May 2007 a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.

Also in May 2007, the executable file required by Pegasus Mail on Windows was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running. Norton AntiVirus had falsely identified three releases of Pegasus Mail as malware, and would delete the Pegasus Mail installer file when that happened. In response to this Pegasus Mail stated: “On the basis that Norton/Symantec has done this for every one of the last three releases of Pegasus Mail, we can only condemn this product as too flawed to use, and recommend in the strongest terms that our users cease using it in favour of alternative, less buggy anti-virus packages.”

In April 2010, McAfee VirusScan detected svchost.exe, a normal Windows binary, as a virus on machines running Windows XP with Service Pack 3, causing a reboot loop and loss of all network access.

In December 2010, a faulty update on the AVG anti-virus suite damaged 64-bit versions of Windows 7, rendering it unable to boot, due to an endless boot loop created.

In October 2011, Microsoft Security Essentials (MSE) removed the Google Chrome web browser, rival to Microsoft's own Internet Explorer. MSE flagged Chrome as a Zbot banking trojan.

In September 2012, Sophos' anti-virus suite identified various update-mechanisms, including its own, as malware. If it was configured to automatically delete detected files, Sophos Antivirus could render itself unable to update, required manual intervention to fix the problem.

[source Wikipedia]


The only way for an antivirus to identify a virus is to look for a "virus signature" in all EXE files. A "virus signature" is just a sequence of bytes found in a virused file, and added in the antivirus database.
Because the database of "virus signature" has now millions of sequences and it is growing everyday, it happen sometimes that one "virus signature" is found in our EXE files. When this happen, the antivirus blocks our software.
With flexible (smart) antivirus, you can set an exception to let our software running.
With the other antivirus, you can send a "false positif" report to the antivus company. They will analyse our software and admit it has no virus, and then they will update the "virus signature" in they database. Unfortunately this can take several days. In the meantime, the only way to run our software is to disable your antivirus.

This problem is presently exclusively under Windows.

When you have a virus report with our software, please let us know. We will also try to inform them.

FYI:
http://en.wikipedia.org/wiki/Antivirus_software > read this wiki chapter: Problems caused by false positives
http://www.cgisecurity.com/questions/fa ... tive.shtml
The Lighting Controller
support
Administrateur
 
Posts: 10538
Joined: 07 December 2009, 16:32

Return to FAQ's

Who is online

Users browsing this forum: No registered users and 7 guests

cron