What Anti-virus do you think produces lots of false-positives?

Discussion in 'polls' started by sweater, Jan 27, 2006.

?

What AntiVirus produces lots of false-positives?

  1. Avast

    1 vote(s)
    2.3%
  2. AntiVir

    4 vote(s)
    9.1%
  3. AVG

    1 vote(s)
    2.3%
  4. BitDefender

    1 vote(s)
    2.3%
  5. Norton

    4 vote(s)
    9.1%
  6. Clam

    2 vote(s)
    4.5%
  7. Kaspersky

    4 vote(s)
    9.1%
  8. NOD32

    15 vote(s)
    34.1%
  9. McAfee

    1 vote(s)
    2.3%
  10. Dr. Web

    10 vote(s)
    22.7%
  11. Panda

    1 vote(s)
    2.3%
  12. EZ-Trust

    0 vote(s)
    0.0%
Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I am just concerned w this thing coz how about if the antivirus we’re using produces many false-positive scan results? Could it still be considered as one of the AV with high detection rates even if it is making many mistakes of identifying and separating the good ones from the bad, and can possibly be more dangerous to use because of the possibilities of deleting some important files in our pc’s? :rolleyes: :mad: :'( o_O
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    false positive can be relative, as some AV like KAV has extended or super databases. but for me, avast seems to produce the more FPs. also i remember once using symantec antivirus with heuristics set on high...the second i ran liveupdate, i received numerous FPs.
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Kaspersky. During trial it found way too many F/P's, however they were quick to fix the problems if I submitted the files to them. But submitting every day is a bit too much for me.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's why I suggested (more than once), that each scanner should have a "report f/p" option, that creates and sends automatically a report of false positives to the manufacturer.
    All data is available at the moment of detection to create such a report.
    Along with the options delete, quarantaine, ignore, ... it must be easy to add the option "report f/p".
     
  5. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    I cannot single out any particular application. I have not found one so far that I consider bad in the area of false positives. I have a couple of firewall testing applications almost all hit on at least one of those. I also have Windows Support Tool installed and I have gotten hits on files that are part of the install. Some seem to hit based only on file name and not associated files. Of those I have tried, NOD32 and AVG are the only ones that have NOT given me a false positive.

    Even if a anti-virus product does give a false positive as long as I have the option to exclude scans on single files or folder, then I have no problem with the product.
     
  6. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I uses the free Dr. Web virus scanner...:rolleyes: now that it has the highest in the poll that can possibly produces many false positives results I doubt if I have to still use this AV. But still, I am open minded that maybe results may vary and it really depends on how many people used it and voted in this poll. Maybe, on some other forums and polls, results can be different from here. :cautious:
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    who's gonna decide if it's a false positive or not? will you? will I? only and ónly if you downloaded this program with it's exes/... from a trusted source, you can say it's a false positive and off course only if your computer has not been compromised before. from the moment my computer is compromised, I won't be to sure anymore regarding false positives my scanner finds...

    uploading a file/folder/exe/dll/.... from within a antimalware scanner to backup your "report": "this is a false positive" is a better solution imho ... reporting solely is not enough...

    I haven't had no antivirus yet that gave me headaches about False Positives yet (I rather have false positives then no warning at all like nod32 heuristics gave me some maldetections, but I was glad it did that)
    I had headaches with some other scanner (antispyware) with his f/p's.
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    What can I say? I've only had one FP from McAfee and Kaspersky each, and the rest I've had absolutely no FPs with! Therefore, all AVs have worked nice for me :( :p
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The less-knowledgeable users won't report f/p's, they will delete the f/p's, just like the other threats.
    That's why f/p's are so 'dangerous'.

    The knowledgeable users and certainly the experts won't delete f/p's and will report them, if they have the time and are not too lazy. After all they are human too.

    So you have to make it easy for them and create the report automatically.
    The easier reporting is, the more f/p's will be reported and that will improve the quality of the scanner.
    More important is even that there will be lesser f/p-victims and that's what I want.

    AV manufacturers are qualified enough to evaluate their received f/p's.
    If the reported f/p isn't a f/p they will ignore it, otherwise they will correct it. :)
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Exactly. If I didn't know any better, I would probably delete all the files Kaspersky found prior to submitting them (which few of the "less-knowledgeable" actually do. Not to mention the automatic AV's around. I had Panda and it deleted 300+ files without asking me, just because it thought it was a nasty - It was fixed the next day, but stupid me forgot to make up-to-date backup copies. Years of work wasted in 10 minutes.
     
  11. hemkop

    hemkop Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    61
    I used drweb once and it deleted some files that i know for sure that were not F-P's. So dont judge so much drweb even panda and nod32 can sometime miss and showed on my computer that i have virus but when i subimited the file it returned that it was a F-P from both AV's.
     
  12. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I had NAV and KAV and I've had NOD for 6 months now: No False positives whatsoever. During a trial of Dr WEB I had a coupled, but the program that gave me most false positives is SPYBOT S&D (which is not an AV).
     
  13. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Reallyo_O :eek:

    I haven't experienced yet any false positives w Spybot S&D and w my other anti-spywares. :cautious:
     
Loading...
Thread Status:
Not open for further replies.