Virus False Positives...

Posted June 23, 2008 11:54pm

A bug in the current version of Sophos is causing it to declare a false positive on any application that uses a popular third party licensing utility, including GenSmarts. We've notified Sophos, but didn't get the impression they considered it to be very high on their priority list to fix. So if your a Sophos user and get one of these false positives, please report it to Sophos.

Certain versions of Symantec (e.g. Norton) also will throw a false positive. It's on a piece of the GenSmarts installation (GSVerify.exe).

We've never had a virus in any part of GenSmarts. Ever. For years, we never experienced a false positive (a virus detection product claiming there was a virus when there wasn't). In the past 12 months, I'd say we're seeing a new false positive every other month or so. In general, the companies that make the virus products are not very responsive to fixing these sorts of errors.

Why is this? I suspect the anti-virus products are increasingly relying on "guessing" at what's a virus - call it AI if you will. If someone writes a virus and uses some of the same internal utility libraries we use in GenSmarts... these AI routines just aren't smart enough to differentiate between a good safe application like GenSmarts and a virus. This lack of sophistication in the anti-virus products probably affects GenSmarts more than most applications because of some of the functions GenSmarts has - like typing in your internet browser for you, accessing the internet for you, etc.

Remember, not all the animals in the jungle that have four legs and teeth will eat you... [:)]

A quick way to test a specific concern on a virus is to use the website VirusTotal.com - it will let you upload a suspect file and then it will check it against several dozen of the most popular virus scanners. If only a couple of the scanners find an issue, you can be pretty comfortable that it's a false positive.

So what's a good anti-virus product?

Take a look at:

http://www.av-comparatives.org/seiten/ergebnisse/report18.pdf

and you'll see that AVIRA, NOD32, AVG, McAfee, Microsoft, and AVK all got passing grades. Failing were the popular products Avast, Kaspersky, Symantec, and Sophos.


Tags:  Anit Virus  


Share this blog entry!     Share this page on social media    

Recent Posts

Categories