Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


May 27th, 2009

False positive alerts in “Tools”

Are you always sure that what you are downloading is safe? Every day, many of our users report “false positive alerts” to us. I use quotes, because most of them are actually malware. See the picture below. The reported “wrong-detection” is Win32:Ardamax-LV [Spy].

false-positive-cracks

False positive alerts report

Ardamax is a well known legitimate keylogger, but the “bad guys” often use it to steal account information. In this case, keylogger is a part of some hack. This is the reason why 90% of antivirus programs detect this keylogger as suspicious (VirusTotal report).

So, do you put your trust in unknown web sources such as RapidShare, MegaUpload etc. or in your antivirus program?

Categories: lab Tags: ,
  • http://www.avast.com Michal Krejdl

    My guess is that’s a high percentage of the total count of FP submissions (and I think other AV companies are observing the same distribution). My experience can confirm a very low count of real false positives against the huge number of valid detections. I can understand it, because people have no clue what are the detections based on and they will (except the experienced users) always rely on their assumption that winamp, photoshop, legit websites etc. can’t be infected. But they can. That’s a reason, why all systems based on community rating are quite far from being perfect. People make good assumptions and wrong assumptions, the question is – what’s the ratio?