joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

Another antivirus program not liking some joeware…

by @ 10:36 am on 10/22/2009. Filed under tech

Just got an email that Symantec is now reporting ChangePW as being infected with a virus. Sure enough, went to Jotti and did the online testing and found that several scanners are reporting changepw has a virus. Like all the other times this occurred, if you got the file directly from my website, this is a false positive.

image

 

I am not going to go too deep into why this happens. The quick version is that most AV programs use what are called “signatures” to detect viruses. They don’t actually run the program and see the virus doing something bad. Using signatures like this is a form of profiling (yeah just like racial profiling). They build a signature out of a set of computer instructions that are present in the actual virus, and then scan the files looking for any occurrence of those same set of instructions. It is akin to saying… we know a bomber is coming through the airport and he has brown hair and brown eyes and a blue jacket and is 6’ tall… Now every 6’ tall male coming through the airport with brown hair and eyes and a blue jacket is considered a bomber. The code identification for Anti-virus is the same way and has the same chance of false positives. The more generic the signature, the more likely you will get false positives.

Rating 3.00 out of 5

Comments are closed.

[joeware – never stop exploring… :) is proudly powered by WordPress.]