false positives a question of taste or is it?

I've never admitted this to anyone, especially my wife. Several years ago I was using f-prot for dos with a switch that created extra strong heuristics. It flagged explorer.exe. as a trojan. Without thinking at all, I had f-prot delete it.
Man was I upset at myself!
I learned the hard way to pay attention.

PS. I still haven't told my wife.

 

You should be able to submit a file if you think it's suspicious. I submitted a file to KL a few days ago as it had a double extension i.e. .doc.exe with a long space between the .doc and .exe. Scanning it at the highest settings yielded no alerts, but I was wary of that file so I sent it for analysis. It turned out to be malware and KL added detection for it to their database.

 

fp's should be minimized as much as possible since most users wont be able to tell and just follow the reccomendation of there AV.

 

Thats exactly what I was referring to. As soon as you get hit with a really bad FP, you then start questioning using any products that have lots of FPs.

 

Here is one example of how easy it is for a product to be "trigger happy" and cause customers issues:

http://forum.kaspersky.com/index.php?showtopic=88904

 

Here's another:
http://www.pcworld.com/article/132050/millions_of_chinese_hit_by_symantec_foulup.html
http://www.liquidmatrix.org/blog/2007/07/17/symantec-false-positives-again/
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019958

 

I'm starting to change my mind here as I use Nod32v3 & of course extremely low FP's but my machines have been hit hard & clean up is timely. Granted FP's for the untrained eye is NOT good & those that are inexperience using 'say' kaspersky will not be 'techie' enough to know there exe's & processes & create a nightmare for their machines. I have become a convert to kaspersky but I'd like to think I know my stuff. NO I'm not all intelligent but I will say I respect the fact the kaspersky forum is there & answers come quickly. In these trying times of new malware you can't be too careful & I'm starting to see the value of a ounce of caution (FP) is worth a pound of cure (or time & effort)...

 

Avg gave me some hard time today so i finally ditched it . It finds Bitdefenders files as spyware (some installation files of BD free ) and i checked it then with some other Av and it was a false alarm. recently i had 6 false alarms. back to trend micro

 

Yes absolutley agree,I am just refering to If one does not see a suspicious file or the antivirus does not see it either.

 

Hey do not feel bad when first started computing,I went on a trigger happy deleting stuff that should not have been deleted.OPPS what a Mess.If we Do Not make mistakes then whats there to learn.Once my friend and I took a car engine apart to replace a cam shaft,the valves and lifters and some other things We put a 3/4 race cam and performanced the engine when we where done it started up but we had a few extra bolts we discoverd laying around Needles to say the car ran for yrs with out problems at least that we new about.

 

My point was the AV didn't see it initially, but I was clued up enough to submit the file to be checked just in case.

 

As a more "experienced" user I like to have aggressive heuristics and then decide myself if a file is malicious or not. Therefore I have no problem using Dr.Web that is somewhat known to produce false positives. Had a few during my time with it and all were quickly fixed.

 

I Understand what your saying but keep in mind that you have the knowledge to spot something of a suspicious nature or a file that may not look wright,even if your uncertain its infected you where aware of something but Not everyone does have this knowledge.

 

I had the same experience with NOD32 V3. Way too much time spent cleaning up or restoring images. My machines now either have Avira or Kaspersky and I get occasional FP's but no infections. So, I don't mind researching an alert once in a while. That's a good trade off to me.