Carbon Dating and Malware Detection
Carbon Black assert that if an AV company doesn't detect malware within six days of its being flagged on Virus Total, it probably won't after a month. Is that as dangerous as it sounds?
false positives
FPs: everybody’s doing it, doing it…
At the last AMTSO workshop in Munich, a guidelines document on False Positive (FP) testing was approved, and is now available on the AMTSO documents page.
McAfee and SEO poisoning: there but for the grace…
ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please
Cascading False Positives
Security researchers work together and share information in many ways and in many contexts that aren't constrained by company boundaries, but it's unusual for security researchers working for different vendors to join forces in a company blog. However, John Leyden of The Register contacted us both when he was writing an article on the controversy following
Kaspersky, Virus Total, and Unacceptable Shortcuts
Larry Seltzer posted an interesting item yesterday. The article on "SW Tests Show Problems With AV Detections " is based on an "Analyst's Diary" entry called "On the way to better testing." Kaspersky did something rather interesting, though a little suspect. They created 20 perfectly innocent executable files, then created fake detections for ten of them.
False Positives: A Round of Applause…
The anti-malware industry isn’t a suitable environment for the thin-skinned. We get used to receiving “more kicks than ha’pence” (see http://www.virusbtn.com/spambulletin/archive/2006/11/vb200611-OK).. In particular, I’ve grown accustomed to the fact that many people expect all the following from an AV product: Absolute Protection Absolute Convenience Absolutely no False Positives Absolutely no charge False positives (FPs) are
The Retro‑Virus
Nowadays we see lots of malicious software that is designed to steal money and information. A new virus was recently discovered that seems to be all about proving a concept rather than blatant maliciousness. The Win32/Induc.A virus does not infect like most viruses do. Delphi is a programming language. Induc infected the Delphi IDE so
The Only Good Worm is a Gummy Worm
From time to time the discussion of whether or not there are (or can be) good worms comes up, usually specifically in the context of program maintenance, updates and upgrades. In fact, the idea of maintenance viruses goes back at least as far as Dr. Fred Cohen, who pretty much "wrote the book" on early
False Positive Fracas
False positives. Every anti-malware vendor’s worst nightmare. The European publisher Heise, apparently recently reinvented as The H, has pointed out that both GData and Bitdefender were inaccurately flagging winlogon.exe as Trojan.Generic.1423603. In case you were wondering, this doesn’t mean the whole anti-malware industry has gone mad: GData’s product uses two engines, one of which is
You Did Back Up Your Data, Didn’t You?
One of the security best practices is to back up your data regularly. This is sound advice as it helps mitigate the damages from many different threats. Lots of people think of data loss when they think of viruses, but very few viruses actually tried to cause data loss. There have been a few that
Sending Malware Information to ESET
I’ve just picked up a comment to a previous blog that pointed to what I presumed to be a malicious URL. We’re grateful for all such information, but for obvious reasons, we won’t approve comments that point to malicious code! You can find information here about how to forward malware samples, malicious URLs or false positive