14 DAY TRIAL // Online file scanning service VirusTotal deployed a new project designed to reduce the number of false positive results shown on its pages and now adds a “trusted source” mark to files labeled as safe by a reputed antivirus vendor.
A scanned file will appear with this distinction only if it is available in the software catalog of the vendor participating in the project and an antivirus vendor erroneously marks it as a threat.
Antivirus vendors are notified of incorrect detections
False positives are most often the result of generic signatures and heuristic analysis that may interpret as malicious certain routines in the scanned file, although they are perfectly legitimate.
The project is at an early stage and VirusTotal’s first step is to convince large software developers to share their database of programs with the service. Of course, this would also help Google build up a safe software database and lower its false positive rate when files are downloaded through its services.
When an erroneous result emerges from one of the antivirus vendors included in the service, they receive a notification about the mistake, allowing them to correct the issue.
Furthermore, only the “safe” checkmark will be displayed on the result page for a file that has been identified in the software catalog of a trusted source. The erroneous detection is not completely eliminated, though, and the incorrect results are available at the bottom of the scan report.
Project appears to be promising
The first partner in the project is Microsoft and although the effort towards false positive remediation is only one week old, some very promising results were recorded, with more than 6,000 false positives having been fixed.
Huge software development companies can participate in the project and submit their programs to VirusTotal, which would take the necessary steps towards lowering the false positive detection rate of antivirus products.
The choice for large developers is obvious, since they have a reputation to defend in order to continue doing business as efficiently as possible.
VirusTotal warns that their initiative is not open to all developers, though, regardless of how large they are. “Please note that this initiative is not open to potentially unwanted applications and adware developers,” explained Emiliano Martinez in a blog post on Tuesday.
