{"id":7608,"date":"2015-02-12T16:13:11","date_gmt":"2015-02-12T21:13:11","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=7608"},"modified":"2015-02-12T16:13:11","modified_gmt":"2015-02-12T21:13:11","slug":"virustotal-tackles-the-tricky-false-positives-problem-plaguing-antivirus-software","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/12\/virustotal-tackles-the-tricky-false-positives-problem-plaguing-antivirus-software\/","title":{"rendered":"VirusTotal tackles the tricky false positives problem plaguing antivirus software"},"content":{"rendered":"

\"\"<\/a><\/p>\n

VirusTotal, a Google-owned online malware scanning service, is creating a whitelist of products from large software vendors to reduce bad detections by antivirus programs.<\/p>\n

False positive detections are common in the antivirus industry. They occur when a benign program is wrongfully flagged as malicious due to an overly broad detection signature or algorithm used in an antivirus product.<\/p>\n

VirusTotal, which scans suspicious files uploaded by users with products from 48 antivirus vendors, invited large software makers Tuesday to add metadata about their products\u2019 files to a new database maintained by the company.<\/p>\n

If a file that\u2019s later uploaded by users to be scanned with VirusTotal is in that database, the scan report will display a \u201ctrusted source\u201d alert. If any antivirus products flagged the file as malicious during the scan, their detections will be considered false positives and will not be counted toward the final detection score. Vendors of the products that flagged the file as malware will be notified so that they can correct the error.<\/p>\n

Sometimes false positive detections have serious consequences, like the deletion of critical system files or the blocking of popular websites and when that happens, they are usually reported on technology news sites, blogs and tech support forums.<\/p>\n

However, lower impact cases of wrongful detection occur all the time. They don\u2019t get the same visibility as the critical ones, but many users, including this reporter, have been in situations like this one:<\/p>\n

They download a program from a legitimate source and attempt to install it, only to be stopped by an alert from their antivirus program saying it\u2019s potentially malicious. Trying to get a second opinion, they upload the file to VirusTotal and they get a report with detections by only a handful of antivirus engines.<\/p>\n

Are those detections false positives? Or is the malware sample new and therefore detected only by a small number of antivirus products? It\u2019s hard to tell, and there are additional factors that further complicate things.<\/p>\n

For example, some antivirus products share the same detection engine or malware signatures. This is the result of inter-vendor partnerships that regular users are often unaware of. So what appears as a malware detection by three separate products in VirusTotal could actually be the result of a single bad signature shared by all of them.<\/p>\n

Relying on things like digital signatures to verify a file\u2019s authenticity is not sufficient either, because not all legitimate files are signed and there have been cases of malware programs being digitally signed with certificates stolen from legitimate developers.<\/p>\n

False positives are also a headache for antivirus vendors and software developers, not just for users. In the case of bad detections that have a widespread impact, antivirus vendors will have to deal with a surge in technical support calls and even bad press.<\/p>\n

For software developers it can be stressful to track down the appropriate contacts at different antivirus firms spread around the globe and then to convince them to fix a false positive detection. Some developers might not even be aware for days or weeks that their products are wrongfully detected as malware, which can lead to loss of potential customers.<\/p>\n

With VirusTotal\u2019s new trusted source feature, antivirus vendors can be notified even before the affected software maker learns of the problem.<\/p>\n

So far, VirusTotal has worked with Microsoft to add metadata for the company\u2019s files to the database and the effort has already paid off.<\/p>\n

In a single week, over 6,000 false positive detections have been identified, reported and fixed, said Emiliano Martinez, a software engineer at VirusTotal in a blog post. \u201cWe are looking to grow our collection of trusted software; if you happen to be a very large software development company you might want to contact us in order to share this data and help us mitigate the issue of false positives.\u201d<\/p>\n

 <\/p>\n

via VirusTotal tackles the tricky false positives problem plaguing antivirus software | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

VirusTotal, a Google-owned online malware scanning service, is creating a whitelist of products from large software vendors to reduce bad […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,10],"tags":[354,655],"class_list":["post-7608","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-false-positives","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1YI","jetpack-related-posts":[{"id":9655,"url":"https:\/\/nccomputertech.com\/techtalk\/2021\/03\/09\/fuquay-varina-and-holly-springs-computer-repair\/","url_meta":{"origin":7608,"position":0},"title":"Fuquay Varina and Holly Springs Computer Repair","author":"NCCT","date":"March 9, 2021","format":false,"excerpt":"Welcome to our blog. NC Computer Tech services Fuquay Varina, Holly Springs, and surrounding NC areas. We offer prompt, professional, courteous service with over twenty years of experience dealing with residential and small business clients offering them solutions and fixing their computer and network issues at reasonable rates. Our services\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9804,"url":"https:\/\/nccomputertech.com\/techtalk\/2024\/11\/08\/maximum-iceland-scenario-data-caps-3rd-party-android-stores-nuclear-amazon\/","url_meta":{"origin":7608,"position":1},"title":"Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon","author":"NCCT","date":"November 8, 2024","format":false,"excerpt":"https:\/\/youtu.be\/P5MkCwktKz0 Data Caps, 3rd Party Android Stores, Nuclear Amazon \u2022 Google must crack open Android for third-party stores, rules Epic judge \u2022 Google asks 9th Circuit for emergency stay, says Epic ruling \u2018is dangerous\u2019 \u2022 Canceling subscriptions is about to get easier \u2022 The FCC is looking into the impact\u2026","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/nccomputertech.com\/techtalk\/category\/software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/P5MkCwktKz0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=7608"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7608\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=7608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=7608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=7608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}