*

Author Topic: Avast Antivirus reporting false positives in latest update  (Read 3269 times)

Offline Zantor

  • Silver
  • **
  • Posts: 83
Avast Antivirus reporting false positives in latest update
« on: December 02, 2009, 09:50:53 PM »
Hey, folks. I don't know how many people here use Avast Antivirus, but when I updated today, it reported a false positive in Skype.

There is an article about this on DSL Reports: http://www.dslreports.com/shownews/The-Avast-Problem-105773

I thought I'd provide people with the heads-up so that they/you don't get too confused. The article says that false positives were also reported in Spybot Search & Destroy, and other programs.

Offline TechPro

  • Lt. Commander
  • Platinum
  • ****
  • Posts: 1107
  • Where was I?
Re: Avast Antivirus reporting false positives in latest update
« Reply #1 on: December 03, 2009, 11:43:31 AM »
Interesting.  From time to time I've seen where Symantec or McAfee were getting some false positives.  All the anti-virus programs probably all do that on occasion.  Most likely this is only temporary.

I (personally) don't use Avast though I have installed for some of my customers (at their request) and I installed it on one of my systems a few months ago, but I didn't like it's license requirements and I felt like it slowed things down more than I preferred.  I usually use either AVG or Avira.

Offline -<WillyP>-

  • Lt. Commander
  • Purple Heart
  • ****
  • Posts: 2375
  • I can haz personal text?
    • My photo gallery
Re: Avast Antivirus reporting false positives in latest update
« Reply #2 on: December 03, 2009, 02:11:28 PM »
The antivirus programs look at a number of things like if it's signed, if any section of code matches a known virus, and if a combination of criteria matches that of a known virus it's flagged as a virus. If it turns out to be a false positve, they have to come up with more rules to more clearly define the file as infected. If the rules are too restrictive they run the risk of missing an infected file.

In the instance of SpyBot's false positive on Vortex, if was a file that was unsigned, had a file length between (Some) and (Some+More) bytes, and contained a section of code similar to some code known to be an infection.

I read up on this while trying to figure out why SpyBot was hitting on Vortex. The rules don't always get re-written to eliminate the false positive, I assume it depends on how many people complain, how busy they are, etc...
Smart people look like crazy people to stupid people.

 

An Error Has Occurred!

Cannot create references to/from string offsets