False negatives (17)

[jj2007]

Just for fun, I downloaded a zip file from a phishing mail. M$ Security Essentials didn't find anything, but five out of 21 AV at Jotti found five different viruses. So seventeen AV scanners didn't find anything suspicious in that executable. Maybe I should run it?
 ;)

[Magnum]

"If you hang around a barbershop, eventually you'll get a haircut."

[Vortex]

Hi Jochen,

In such situations, human is the best antivirus. Identifying the message as phishing , the most simple and effective action is to click the delete button.

[jj2007]

Hi Erol,

I fully agree. The problem is that too many people are confident that their AV can handle the virus attached to the mail (and 17 of them can't handle it, including MSE), and that the same crappy AV cripple the good products of small software companies and hobby coders by falsely declaring them "dangerous".

[Vortex]

Hi Jochen,

Your explanation is perfect, thanks. As you mentioned, the keyword is confidency. We, the assembly coders here in the forum are lucky  as we know more about the internals of the OS and this will encourage us to make decisions about the measures to take against malwares. What is important is to be always careful as much as possible.

[Gunther]

Hi Jochen,

Maybe I should run it?  ;)

delete it and you're on the safer side.

Gunther

[MichaelW]

A failure to detect a problem in a scan does not equate to an inability to detect it, and kill it, when it becomes active on a protected system. If they could rely on scans to detect a problem, there would be no need for real-time protection.

[anta40]

Maybe I should run it?
 ;)

Maybe it would be safer if you run it on virtualized Windows?

[Don57]

I just got nailed with a trojan that went through AVG, but it only takes a couple hours to rebuild my machine. Re installing everything gets rid of alot of crap, and i have an extra 150G of disk space now.The only problem is installing masm, my AV thinks that alot of the examples are viruses, so it takes a little time to set up the exceptions. Still it not a bad thing to clean out your machine once in a while.

[Vortex]

Maybe it would be safer if you run it on virtualized Windows?

or running a sandbox software.

[Greenhorn]

Microsoft relativiert schlechte Ergebnisse von AV-Test
Key lessons learned from the latest test results

Many AV tests are - like benchmarks - unrealistic. It always depends on the setup of the test.

"If you hang around a barbershop, eventually you'll get a haircut."

Full ACK.

Greenhorn

[sys64738]

I'm using AVIRA and I finally had m y first acknolwedged false postive. :)

I was writing a small program which just encrypts some data and suddenly the AV started to tell me that there is a trojan in that program. :) Maybe I should upload it to some online scanners and see what they have to say about it.

[Gunther]

Hi sys64738,

I'm using AVIRA and I finally had m y first acknolwedged false postive. :)

AVIRA tends to produce false positives.

Gunther

[Magnum]

I'm using AVIRA and I finally had m y first acknolwedged false postive. :)

I was writing a small program which just encrypts some data and suddenly the AV started to tell me that there is a trojan in that program. :) Maybe I should upload it to some online scanners and see what they have to say about it.

I have found all scanners to be next to useless.

I have uploaded both live samples and perfectly safe assembly programs.

They have greatly misidentified real anti malware.

They identify perfectly normal small assembly programs as malware.

This includes programs that are so small, that it is impossible to have any payload.

:-)

That's maybe why some Russian nuclear plants got Stuxnet many months after it's very public announcement.

Andy

[dedndave]

AdAware does a decent job for me
i also use MalwareBytes - but it doesn't catch some viruses