Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are AV False Positives Hurting You?

Posted by Cliff on from the this-code-is-not-a-virus dept.

Gerald asks: "After the most recent Wireshark release a certain AV vendor's product started warning users that the installer contained adware. Since then, I've spent several hours verifying this isn't the case, trying to get the AV vendor to fix their stuff, and reassuring affected users that we do not ship adware with our product. Unfortunately, this isn't an isolated case. I've had to do this several times over the past few years, and each incident uses up time that could have been better spent elsewhere. It's even worse for other projects. If you produce software, have you ever suffered collateral damage from AV false positives?"

3 of 97 comments (clear)

  1. yup by TheSHAD0W · · Score: 5, Informative

    I've had false positives from AV software before thanks to my use of NSIS as an installer. Apparently it's also a favorite of malware creators. I don't blame Nullsoft, but instead lazy AV makers who should know about NSIS by now and should test their signatures against it before publishing them.

  2. Yes and no. by c0l0 · · Score: 5, Interesting

    The virus scanner installed at the secretary's machine at the company I worked for fell for a false positive in december last year (that glitch even received some coverage by meainstream media in Europe, as Trend Micro - or whatever, personally I don't know any anti virus software package good enough to tell them apart from each other ;) - identified some Windows-specific and viable system file as a malicious stub of bits), and our CTO immediately erased the installation.
    If I had come to work a few hours earlier, I probably would already have propagated the info about the false alarm I got from colleagues on irc, and we'd be running Windows XP on her box, still.

    This way though, it's running Ubuntu 6.10, and everyone's happy with that. So I find i hard to say that this false positive actually hurt us. Somehow, I'm glad it happened - another system that's easy to admin and use added to our network, one of the few giving me headaches removed. Win-win.

    --
    :%s/Open Source/Free Software/g

    YTARY!
  3. Yes, this has been a problem for Nmap too by fv · · Score: 5, Interesting

    This has been enough of a problem for the Nmap Security Scanner that we warn about McAfee specifically and suggest better alternatives on the Nmap Download Page (See the Windows section). More details about the problems we've encountered are posted here. I've spoken with McAfee executives at conferences and they say they want to fix the problem, but then it just gets lost in their bureaucracy. Sigh.

    Also, it is annoying when free software gets wrongly listed on spyware databases. For example, check out the "Spyware Encyclopedia" entry on Nmap, which says "NMap belongs to the Port Scanner spyware category. It's[SIC] presense[SIC] means that your computer is infected with malicious software and is insecure." WTF? Similarly, Nmap has an entry in the "CA Spyware Information Center". If they want to warn about Nmap because it can be used for network discovery, fine. But it shouldn't be called spyware, adware, or anything like that.

    -Fyodor
    Insecure.Org