Has False Positive mania taking over

Discussion in 'other anti-malware software' started by trjam, Sep 1, 2009.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    It seems to me I see more and more reports of stuff being falsely detected. This isnt for one product, so dont get me wrong, but all of them, including my sig. I scanned here and a few other forums and it really seems it is almost epidemic. It bothers me, because lesser skilled users can really hose their system. I realize malware is getting harder and harder to detect, but the current path that malware fighters are on, will not work and may cost them their credibility.
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I too have noticed an increase in FPs, though I'm not sure I'm ready to call it "epidemic". It's likely due to security vendors trying too hard to keep up. For every malicious application that tinkers with deep OS files/settings, there's likely two legitimate applications that do the same thing. It's a never-ending fight that can't have a "winner", imho. You can't blacklist because threats change on the hour literally, you can't whitelist because the line between malicious tinkering with system settings/files and legitimate tinkering is way too thin, and HIPS, again, imho, cause a hell of a lot more problems than they prevent/fix.

    I don't know at this point if anything CAN be done about FPs if you want my honest opinion. For every FP found and fixed, there's multiple others.
     
  3. JohnnyDollar

    JohnnyDollar Guest

    Well there is no since in worrying about it. If the problem is increasing, you have done your homework, now the average user will have to do theirs or pay someone to fix it. So relax quit being so paranoid.:D
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Doesnt cut it with me, MSE has yet to detect one FP and from what some have sent me, has found all. So for 64 bit my sig works, minus Sandboxie which is on my other computers. For now, I will wait on Tony to make a 64 bit ShadowDefender.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I've still yet to figure MSE out, I know this isn't the thread for it, but does it scan the web also like some AVs do? MSE, as easy on my system as it seemed to be, looked a bit lacking in features? I've also heard conflicting reports, with more recent ones being negative about it. Anyway, sorry about hijacking your thread here. I'm sure MSE has some FPs too, I don't see how any AV/AS can't with the wide variety of malware out there and the aforementioned tendency for some legit apps to perform "malicious" actions.
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    It will find a rogue site before any others do. To me it works like any AV, has right click scanning and from what I was told today the next beta version should make some users very happy.;)
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Yes, it has previously detected pages such as HTML:FakeXPA that proves this.

    Detection-wise most definitely not, if it's lacking anything, it's simple things like reported recently "no detailed scan log for scheduled scans". Which most enthusiasts that like to run light probably won't care about.

    *every* AV has FP's, nothing escapes this unless it runs a hash signature only database, which is useless. Although MSE probably holds the record for such low FP's, which amazes me, it does have them.
     
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    If one installs many obscure programs then it's likely there will be FPs reported by some vendors. If you look at the packages AV-C reports as FPs, many of them are not as well known as others. That doesn't excuse the FP rating, but you'd only get the FP if you had that application installed at the time it was flagged.
     
  9. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    mse has very few fp if you worry about fp try system protect
     
    Last edited: Sep 2, 2009
Loading...
Thread Status:
Not open for further replies.