False Positive Versus False Negative

The truth behind your antivirus and antispyware software

Steve Smith explains why antivirus and antispyware scanners lull people in false sense of security with their computers and devices, and what can be done to prevent loss of data.

Episode #6-28 released on March 28, 2016

Watch on Youtube

When making sure our computers and devices are clean, and void of viruses and spyware, we tend to believe that antiviruses and antispyware can detect everything made by malicious hackers. In 2013, an average of 82000 new malware threats where unleashed onto the Internet per day, and by April 2015, a million new threats were being unleashed onto the Internet per day. Still feel safe? I definitely hope not.

There is no way to detect and prevent every single virus on the Internet, because it is extremely hard to get our hands on them to analyze them all. The man power alone would be tremendous, so antiviruses, while using a database of known viruses, have had to use some new kinds of software to aid in the fight against the computer virus.

This kind of software employs heuristics, which is a form of artificial intelligence, which combined with some mathematical optimization, allows a program to solve problems. When heuristics are applied to antivirus applications, it allows them to detect previously unknown viruses, and new variants of viruses already out on the Internet.

But wait a minute, if an antivirus has a database of known viruses, and can determine new variants of known viruses, and figure out what else is a virus, why are we vulnerable to viruses, even to this day?

Heuristic scanners are not perfect, and it is based on a set of secret guidelines that allow it to detect what may be a virus, either based on its code, the way the code is written, the way it interacts with the operating system, or even how it functions.

We normally scan our computers with antivirus and antispyware software and presume our computer is clean, or when it has detected something, we presume it is always right. But, I am not the only person who has seen a false positive flag for virus behavior. While, running ESET a few years ago, it flagged a game file as a virus, despite the fact that file was in no way a virus, and many other antiviruses have determined other kinds of files were viruses, merely based on a set of guidelines prebuilt into the heuristic scanner. Normally, you tell the antivirus that this is not a virus, it may take a sample for analysis, and then that false positive is solved for other people. The biggest danger is not the false positive. It is annoying, and for those who know better, easy to fix.

The biggest danger is the false negative. It seems to lull many people into a false sense of security, and the problem is there is no way to confirm our worst nightmares. This is the point where many really vigilant people will know something is wrong, even if the antivirus can't detect it. And, this is where knowing more about how antiviruses are different from each other, matters. AV Comparatives, a web-site, is often the place I referred to most when helping clients determine which antivirus was currently, and statistically the best. It is important to note, that while changing an anti-virus is not always a good idea while you are infected, but you could briefly install two, to help compensate for any short comings in your current solution. You may, also, consider using another computer to scan the hard drive, if it has a different antivirus, but keep in mind, that technique may compromise the other computer. So installing a second antivirus when you are sure something is wrong is a better idea.

Then again, if you are really paranoid, it may be a false-false positive. My suggestions for everyone is as always, backup. And to mitigate the dangers of newer cryptographic viruses, make sure you have a backup drive that is physically disconnected, or powered off, that cannot be accessed via software. 3 or more backups of everything important, and the more that are disconnected, or different in backup type, the better.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources

Community Comments

Share your thoughts, opinions and suggestions

Login or Register to post Your comment.