Antivirus and anti-malware apps fill an important need on our computers, but they're not foolproof (*ahem*, McAfee). More often than you'd think, they're just plain wrong. Here's what to do when you're not sure whether a download has a virus.
Photo by Daquella manera.
On a regular basis, we get email from readers saying that some download we posted contains a virus, and we assure them that said download is clean. (Over the past five years, our track record in this arena is next to spotless.) So how do you know if a download really has a virus or not?
There's no exact science when it comes to figuring out if a file has a virus or is just being detected as a false positive, but today we'll share a little background and some tips that will help you figure out whether a file really contains a virus or not.
What Is a False Positive Exactly?
A false positive is when your virus scanner detects a file as a virus, even when it really isn't a virus, and then tries to quarantine or delete that file. If you've read about the recent McAfee fiasco, you'll begin to see the problem—they released a virus definition update that detected internal Windows files as a false positive, deleted them, and then suddenly Windows couldn't boot anymore. Antivirus software is not perfect.
Some virus scanners also employ an additional line of defense called heuristic analysis, which attempts to identify new forms of malware right away by scanning for smaller sections of code that might indicate some bad behavior, even if the virus has never been detected before. Unfortunately, because this method is not exact, it also will detect a lot of files as viruses incorrectly.
Posted via web from Firesaw
No comments:
Post a Comment