I’m not here to say anything bad about Avast but, if you got to any AV vendors forum you see threads about infections and false positives. Even this forum has them.
I just had a small q to ask… How does one know that an alarm is a false positive
I mean, in statistics we have a concept that we compare to a Gold Standard test to say if a result is a false positive. If we have just Avast as an AV on our computer (or any other AV as a single AV program, as usually happens) can we be certain that the alarm is a false positive?
How does the guy i have quoted from (assuming he is a common user) say that ‘false positives = 0’ instead of ‘positives = 0’ ?
First based on the file name and its location and if it is something that you know and has been on your system for a while, that would give rise to investigate further.
So checking against just one other isn’t good enough.
So check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner 39 different scanners and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first.
Thanks David. You always provide the most lucid answers…
One thing… if i fiddle around with a possible false positive file, eg. in removing it from vault, posting it on the site you mentioned etc.; is there any chance of it causing infection or is it that only clicking on a file can lead to infection?
If you could help me with a related matter, i have set autorun disabled on all my removable drives. I have to use my pendrive on a known infected computer at office, and i use it to carry material from my home comp to office. What i do is to format it always before opening on my home comp. So far it works, but is there a theoretical chance of getting virus by merely inserting the pendrive? (The obvious disadvtg in my method is that the pendrive can only be used oneway, it cant be used to carry material from other comps to mine)
Hi Cimmind.
The reference to false positive can be be misleading at times, since the term is used in more fields than just computers.
Anyhow, try this - false positives=0, therefore positives=1 (one detection of malware)
Not long ago I referred to an example as false positive, which was really a false negative - that is, the message generated to screen is malicious but posing as a genuine Windows, asking for delete or not delete of a necessary system file. A false negative. I haven’t been back to edit my example as yet but this prompt from you may help.
Here is situation put in terms of Type I and Type II errors, which is probably bit clearer.
http://en.wikipedia.org/wiki/Type_I_and_type_II_errors#Statistical_error:_Type_I_and_Type_II
Given of course that false positive takes on an own particular meaning once applied in AV /S
That was a interesting post mkis!
And i perked up on seeing the reference to type I and type II errors! Interestingly, while we are always taught that a false positive is a more cardinal sin than a false negative, in terms of antivirus it would be the other way round. Because here the test object itself is negative i.e. ‘anti-virus’. Whatsay? Hope u get the funda.
Btw, i would beg to differ with what u stated. ‘false postive=0’ would not imply that ‘positive=0’
It may be:
Positive alarms = 1 True P =1 False P=0
Positive alarms = 0 True P =0 False P=0 !
You shouldn’t open or execute the file. The only safe option will be open www.virustotal.com in your browser and access the file from there.
Yes, you can get infected with the merely fact of inserting the pendrive.
Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.
Tech, seeking your clarification on this point. What i infer from your post is that the danger is not from inserting the pendrive, but only if the autorun.inf file (or autorun.bat file that i have seen known infected drives to carry) gets activated.
As i stated, i have autorun disabled. Also, i have “Panda USBVaccine” (http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-10909938.html) which i think does the same job as the software you mentioned. The first thing i do after inserting the pendrive is to immediately format it. Still the risk is there?
false positives=0, therefore positives=1 (one detection of malware)
I stick with my above statement, my friend. A bit blunt, true, but works for me.
And I wont try to argue the pure stuff with you because I will be well out of my depth.
BTW, I have been in those situations like you have at work. What do you do? Hard not to do something and yet is really not your responsibility either. At times I would just say my bit - then watch as they charge the system with AVG Free more or less on the top of the old antivirus. It works for a while.
We are straying way off the original topic, so both points should really be taken out into its own topic.
DavidR, I’ve moved the first question across to a new thread
http://forum.avast.com/index.php?topic=46035.msg386268#msg386268
The second matter about disabling autorun in removable drive may also be worthwhile as own thread, but I will leave that option open for Cimmind or some other contributor.
My post quoted Cimmind and not your post as it was his additional questions which were getting off-topic, all you were doing was trying to answer his additional questions. So it really is up to Cimmind to create a new topic about his additional questions.
Hopefully he will see your new topic and contribute.
Thanks David. as suggested, the question regarding pendrive has been moved to a separate new thread. The original thread should remain focused on the av-comparatives results.