Re: Which Anti Virus to use?
- From: "Shane" <shanebeatson@xxxxxxxxx>
- Date: Mon, 26 Dec 2005 00:27:16 -0000
Hi, Chris,
Been wondering what happened to you.
>>>>>>Microsoft Anti-Spyware
>
>>> I heard it gives a lot of false positives.
>
>>I've *seen* that it gives a lot of false positives.
>
> False positives as in detecting something as being a part of a named
> malware when it was not?
>
Yes. Detecting various items as being CoolWebSearch. Most notably detecting
the Microsoft IE5 Web Accessories as CoolWebSearch components.
> Or in rating an edgy app as malware when you wouldn't judge it that?
>
No. I don't run edgy apps.
> Or raising general heuristic alerts on things that were harmless?
>
Haven't seen anything like that in a long time (lol!, you could probably say
since I stopped using NAV2001!).
> I'd consider only the first as a true false positive, e.g. detecting
> signature material within an av product as if it were that malware.
> If you know of any cases of this, please list them here, as these are
> serious flaws we would wish to act on. In the harder test traditions
> of the av industry, one false positive can disqualify a product.
There's a big list somewhere - that I'm 99% certain Ron knows about. I don't
really see why he's so positive about it. Anyone serious about testing MSAV
should know about these false positives and I can only imagine the knowledge
is being repressed in a lot of cases.
>
> The second is always going to be controversial when you expand malware
> beyond viruses and criminal trojans to generally unwanted commercial
> software, as one must do in the 21st century. If anything, MSAS have
> been accused of being too weak; they detect things OK, but the advice
> on what to do about these detections may be too "soft" for comfort.
>
> The last is simply the way risk management works. Malware scanners
> use the blacklist approach when they tell you they blocked a named
> malware recognised as such; they use the whitelist approach when they
> block all risk behaviors until you indicate it's OK for that
> particular program to initiate that particular risk.
>
> So if by "false positive", you mean "I ran a batch file I wrote, and
> MSAS popped up a dialog warning me a script was trying to run", then
> welcome to the world of risk management - that's not a "false
> positive" because it's not a malware detection as such.
http://groups.google.com/group/microsoft.public.windowsme.general/tree/browse_frm/thread/bd3c0bfa9a0ed03d/5bd8c931b119d222?rnum=1&q=false+positive+silj+shane&_done=%2Fgroup%2Fmicrosoft.public.windowsme.general%2Fbrowse_frm%2Fthread%2Fbd3c0bfa9a0ed03d%2F5bd8c931b119d222%3Ftvc%3D1%26q%3Dfalse+positive+silj+shane%26#doc_519f496d39602241
http://tinyurl.com/7e4kg
Shane
--
The Sugitive
Chapter One: http://tinyurl.com/bcevp
Chapter Two: http://tinyurl.com/ag92o
Chapter Three: Coming to an URL near you soon!
.
- Follow-Ups:
- Re: Which Anti Virus to use?
- From: cquirke (MVP Windows shell/user)
- Re: Which Anti Virus to use?
- References:
- Which Anti Virus to use?
- From: Dan
- Re: Which Anti Virus to use?
- From: kurttrail
- Re: Which Anti Virus to use?
- From: Alias
- Re: Which Anti Virus to use?
- From: Ron Martell
- Re: Which Anti Virus to use?
- From: Alias
- Re: Which Anti Virus to use?
- From: Shane
- Re: Which Anti Virus to use?
- From: cquirke (MVP Windows shell/user)
- Which Anti Virus to use?
- Prev by Date: Re: executables files
- Next by Date: Re: Licence question
- Previous by thread: Re: Which Anti Virus to use?
- Next by thread: Re: Which Anti Virus to use?
- Index(es):
Relevant Pages
|
