Why Does My Antivirus Program Sometimes Give Out False Positives?

If you have a computer that is connected to the web then it is essential that you have an antivirus program set up and running full time.

There are so many new dangers that are out there that one has to make sure that they are always safe when they are surfing the internet.

But, occasionally, even the best laid plans can go astray.

This can happen to your antivirus software as well.

false-positives

There are times when your antivirus software will give out a false positive even though the item that is just scanned is safe.

There are a couple of reasons that this happens – some are legitimate mistakes, while others are fake scans that are done on purpose.

In this article I will go over both types:

Hash Number Confusion And Code Behaviour

When your antivirus software gives out a false positive on a piece of software a lot of times this happens because of how antivirus software works in general.

The software has a database of what it calls signatures that is stored on your computer.

These are the same signatures that you get when you (hopefully) download an update of the software every day.

There are always new threats that are out there so these signatures must always be updated.

The signature itself is nothing more than a hash number of a certain piece of code that the virus may have.

When the scanner sees this code, it reports it as a piece of malware and tries to get rid of it.

Sometimes legitimate code will have this same hash and the antivirus will report a false positive.

Other times it is the behaviour that a certain piece of code has.

Some antivirus software that is out on the market will not only track the signature of the code, but the behaviour of the code as well.

There are certain behaviours that the code might exhibit that will set the alarms off on the antivirus software.

Even though the software may have your permission to do what it is doing, the antivirus may still activate anyway.

This is another way that legitimate software may be labeled bad as well.

Keyword Triggers

One last way that your antivirus program can report a false positive is that it is on the lookout for certain keyword in the title of the software.

Some antivirus software will report a virus on any piece of software that is labeled a keygen.

There have been so many reported instances of viruses being in software like this that they just skip the middle man and do not bother to scan it – they just automatically see it as being guilty.

There are unconfirmed reports that some antivirus companies take payola when it comes to reports as well.

This means that if they scan a crack or keygen to a big company’s software then they will automatically say that the software is bad because they are paid to do so. Allegedly. Perhaps.

So these are the reasons why your antivirus program will at times give out a false positive.

Even so, it is still better to trust your antivirus software than not.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. I spent several days trying to figure out recently why everytime i logged on i got a virus warning, drove me nuts till i started digging around. It was a false alert an i knew it but i had to find out what was triggering it.
    It was my Firefox profile, after rasing heck with FF an AVG it all got fixed an i dont get the alerts anymore.

    • Do you have contacts at FF and AVG or did they just respond to you on an individual basis?

      • i wish i had contacts,lol,,, i used the bug report in FF an used Twitter with AVG,, worked out fairly well.
        Just to let you know i have been hearing that support thru twitter can be real good – for Dell its top notch if you get ahold of the right person.

        • I tell you what Dave, I have met a few really, really good people through Twitter.

          Not only people such as your good self but also, as you mentioned, helpful contacts in large organisations who I would guess I would never have otherwise interacted with.

Trackbacks

  1. […] This post was mentioned on Twitter by Network Box, Lee. Lee said: Why Does My Antivirus Program Sometimes Give Out False Positives? http://bit.ly/b2LpIt […]

Speak Your Mind

*