Back to Courier Columns Page

by Ray Carlson

Q. My computer suddenly got stuck. The repair person only told me the problem was an antivirus false positive. What does that mean?

A. Virus checkers use a variety of methods to scan for malware. For example, many antivirus programs look for small signatures or software codes that are commonly used in viruses. If they find such a signature in a program, the antivirus assumes it is malware. Sometimes, though, the program is a valid one that just happened to use the same component as a virus. If the checker automatically deletes the program, your computer may run poorly because it no longer has that program. This event is called a false positive meaning the virus checker made an incorrect positive identification of a virus.

How can you avoid this? First, setup your virus checker to send alerts before it deletes suspected viruses. When you receive the alert, note the location of the suspected program and go to a website like Virustotal that uses several free antivirus programs to check files. Identify the suspected file in your computer, and let the programs analyze it. If several of these programs agree that the file is infected, have your antivirus program quarantine it. If most programs suggest the file is ok, paste the file’s name into a search engine like Google. The search will normally give you information about the use of the program. If the use seems valid, you are probably dealing with a false positive that can be ignored.

Published: Courier 6/20/10 - Page 7C