Seriously, are there any reports for FP's for reputation based scans

Discussion in 'other software & services' started by Hungry Man, Sep 14, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The NSS labs report shows IE9 to be 99.6% effective against 0 day malware.

    It gives 0 indication of false positives from what I read. Something like this has to give some false positives... if not, how does it manage it?

    Windows 8 applies this system wide so I'm curious.
     
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Maybe someone's telling some little pork pies, or MS have finally got their act together?
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Where are we getting that percentage for 0 days? I very much recall the high percentage for social malware, but not the term "0 day". If that's true, sandboxing aside (I know Chrome will come up, lol), you'd be crazy not to run IE 9. No, I'm not championing the IE cause, I'm simply giving an opinion from a security perspective.

    MS has gotten its act together since IE 8 and Windows XP, imho.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    As Google responded (Yup, there's the chrome response) socially engineered malware only makes up .2% of malicious content, the rest being exploits.

    It may not be 0-day, which could explain the lack of FP's.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    This is coming from Google's many years of championing the anti-virus industry to discover these statistics?

    I'll give it that it's lower than exploits (for now), but no chance it's that low.
     
  6. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    Be able to analyze statistics, which can be used to support or undercut almost any argument. -Marilyn vos Savant

    Definition of Statistics: The science of producing unreliable facts from reliable figures. -Evan Esar

    Facts are stubborn, but statistics are more pliable. -Mark Twain

    There are three kinds of untruths in the world: Lies, damned lies, and statistics. -Mark Twain
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    0 false positives is nonsense, look at all the "unknown" software. Expected nothing more from Microsoft-sponsored tests.
     
  8. estervantes

    estervantes Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    44

    Yes, "it is easy to lie with statistics, but it is a lot easier to lie without them"
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    More-so from their many years of categorizing millions of websites and probably having more data on the web and its contents than nearly any other entity.

    EDIT: " hundreds of millions of users" according to Google. So, hundreds of millions of users over a four year period... that's quite a bit of data to be looking at. And from that data we see exploits that cause drive-by downloads as prevalent.

    Fun quotes to say but really... data is nice.

    @ J_L, well I'm just curious to see this put to the test.
     
    Last edited: Sep 16, 2011
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That's... confusing. So based on that it has at minimum a 30% false positive rate and at worst a 75% false positive rate?
     
  12. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    You asked "how does it manage it?" I believe those quotes give a pretty accurate indication as to 'how it manages it'.

    But if you prefer to buy wholly into whatever data comes out of a Microsoft-sponsored study, and believe that it's pure coincidence that that data reflects incredibly well on a Microsoft product-- then by all means, help yourself.
     
  13. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Well, apart from the fact that Twain 'borrowed' that quote from Disraeli, who acquired it from elsewhere, I think it just about sums up many (if not all) of the statistics you read about browsers on the Internet. I have come to the conclusion that I have been so saturated by 'statistics' I am really ceasing to take any notice of any of them any more.
     
  14. guest

    guest Guest

    @OP

    When will you understand that reputation based scans never give any false positives in the sense you give to these words? They aren't AV engines!

    Reputation based scans only tell that a file is new and/or isn't popular and that sums their function.

    Information about a download not being so common isn't false even if the download happens to be clean of malware traces.

    A false positive by a reputation based scan would be wrongly informing that an old/popular file is new/unpopular. But that never happens.
     
  15. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    That's right, the origin of that quote is murky. I like Mark Twain, the quote fits Twain's writing demeanor, and so simply giving the attribution to him works for me.

    'Who said it' is apart from whether or not it has any ring of veracity to it. IMO, that ring of veracity is there.

    Though you took enough notice of the stat in your O.P. that you started a thread about it.
     
  16. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Do you have any statistics to back that statement up? :D
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Obviously.

    But this test shows it to block somewhere around 98% socially engineered malware. I also want to know how much legitimate software it's blocking as well.

    Perhaps that was unclear...
     
  18. guest

    guest Guest

    It's not blocking, it's just alerting/informing some very specific information! There is a difference. Plus, it will alert/inform about whatever legitimate software that has a new/unpopular installer file available for download.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It is blocking. If you run a low rep application it blocks it and you need admin rights to continue.

    I want to know how much legitimate software it blocks compared to how much malware it blocks ie: False Positives. Granted false positives is the wrong phrase but I think it's fairly clear.
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    It will use the same reputation DB as IE9 so it should already have matured, if that gives you any confidence.
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not really since I don't know much about that haha
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Those that don't like stats can skip 100% of this post (well not quite 100%, because you've already read this far :p).

    According to Microsoft's stats, 92% of programs downloaded via IE 9 show no warning. Of the remaining 8% that show a warning, there would be a 30 to 75 percent chance that the program isn't really malware. So, the "false positive" rate of programs downloaded from the Internet that show a warning but aren't really malware is from (0.08 * 30)% to (0.08 * 75)%, which is 2.4% to 6%.
     
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Ah, thank you.
     
Loading...
Thread Status:
Not open for further replies.