Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘false positive’
July 1st, 2014

TextSecure reclassified as a false positive

On occasion, even the most well thought-out systems can break down. In the antivirus business, we try hard to minimize something termed false positive. A false positive is merely a mistake or a false alarm. It happens when your antivirus software erroneously identifies a file or a download as being malicious.

The AVAST Virus Lab receives more than 50,000 samples of new potential viruses every single day. There are so many that we cannot look at each individually, so we use techniques with super-techie names like Malware Similarity Search and Evo-Gen.  (These techniques are explained in a previous blog post, New Toy in the Avast Research Lab.) When a file is confirmed as malicious, we add it to our virus database. With this amount of new samples, every now and then a false positive occurs. There is no way to avoid it completely, but we try to limit it and its impact.

Over the weekend, avast! Mobile Security erroneously detected the TextSecure app as a Trojan. TextSecure is an app developed by Open Whisper Systems that protects your privacy by encrypting your text and chat messages, which means that they can only be read by your intended recipients. The AVAST Virus Lab discovered the error, fixed it and sent out an update.

Unfortunately, wires got crossed between our Virus Lab analyst and our social media community manager, and the wrong message was sent to people on Twitter and Facebook who inquired about the detection. You see, at the same time as the TextSecure detection was being reported, another unrelated detection was made, and it was indeed a malicious file. It was a simple case of mistaken identity. Later in the day, we discovered the mistake and followed up by communicating it across AVAST social channels.

AVAST confirms that TextSecure Private Messenger is a genuine and safe application for Android, and contains no malicious scripts. We apologize for the inconvenience caused to TextSecure users and Open Whisper Systems.

Please be assured that AVAST does not intentionally recognize valid software as suspicious. The last thing we want to do is disrupt businesses or our customers. However, to provide maximum protection against genuine virus threats, false positive alerts sometimes arise.

howto2_enHow to report a suspected false positive

If you suspect that AVAST has incorrectly identified a file as suspicious, please submit a report to http://www.avast.com/contact-form.php?subject=VIRUS-FILE. This form will generate an email to our Virus Lab research team, and they will investigate it.

Before you do that, you may want to upload a file or a URL to online virus scanning service VirusTotal. This free online service scans the file against multiple antivirus engines and website scanners at the same time.

TextSecure protects your privacy

The fine developers of the TextSecure app deserve a happy ending, so we want to throw our support behind this innovative app. We developed avast! Mobile Security to protect Android users from malware and theft and have included numerous features to protect the privacy of our users. The TextSecure app takes that further by providing end-to-end encryption when you are communicating with other TextSecure users. It also keeps your messages away from prying eyes if your phone is lost or stolen.

Install TextSecure Private Messenger for free from Google Play. Don’t forget to leave a review and a 5-star rating!

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

 

October 25th, 2013

Google flagged PHP.net as suspicious website

PHP.net users that would like to access php.net were unpleasantly surprised today. Google flagged the website as suspicious and users of the Google Chrome and Mozilla Firefox browsers saw a security warning when they tried to visit the website.

php_mozilla

According to the Google diagnostic page, suspicious content was found on php.net on October 23rd, 2013. Three domains were mentioned; cobbcountybankruptcylawyer.com, stephaniemari.com, and northgadui.com (owned by the same GoDaddy account) which were said to distribute malware to visitors of the site. Read more…

Comments off
May 11th, 2012

Deeper and deeper

Don’t worry, we’re not gonna watch movies marked with an asterisk :P. However, from the malware analyst’s point of view, following lines might be somehow “spicy”. We’ll take a look at a suspected false positive promoted as a regular GameMaster setup. The file appeared in our FP submission system with an usual comment “it’s clean” or something like that, thus we can only guess that the file has not been obtained from official source.
Read more…

April 23rd, 2012

AVAST gets Advanced Plus rating in AV-Comparatives’ Test

Avast! Free Antivirus 7 has the distinction of being the only free antivirus to receive the Advanced Plus certification rating from the annual “On-Demand Detection of Malicious Software” test from Anti-Virus Comparatives.

Approximately 300,000 pieces of malware were used in the testing, and avast! Free Antivirus 7 detected 98% of them; the highest detection rate of all tested free solutions which outperformed a number of paid-for products from other AV vendors. Complementing the high malware detection rate, avast! was also recognized for detecting few false positives during the test. The number of avast! false alarms was 14. The average was 48 false positives. Avast! Free Antivirus 7 is the only free antivirus to receive the Advanced Plus certification rating.

AV-Comparatives chooses which antivirus products are to be tested from a field of internationally well-known, up-to-date antivirus products. In order to ensure that test results give a complete and accurate picture of a product’s capabilities, AV-Comparatives has strict rules about which tests every product must take part in, and which tests are optional. A dynamic “real world” protection test is conducted which measures file-detection rates, the number of false positive alerts raised, as well as other tests that cover different features of the products.

September 13th, 2011

Three strikes and you’re out

Don’t worry, this article is not about baseball, something which I find boring (well, reading sporadic gossip from Virus Lab might be boring as well). We are talking about “unwise” people here. Frankly, I would like to use some harder adjective (unwise is a real euphemism), but it’s up to you to give them a proper name :-). So, let me show you the chain of events that resulted in these strikes — and let you make your own decision.

FP submissions

Read more…

February 18th, 2011

Finding the virus, finding the cure

The main role of antivirus being of course to catch viruses, borrowing computer terminology from the human environment is fitting… virus spreads from machine to machine, infecting them just like a flu. And just like in the case of influenza or other virus-type diseases, knowing the virus is the first step to a cure.

In the case of computers, it gets slightly complicated, because while nature presents a new influenza subtype about once a year and only now and then does it really get out of hand, virus creators are getting much faster at “turnaround” in their development of new viruses. Read more…