Somebody Rated Antivirus Engines Based on the Number of False Positives

NirSoft, a small company that makes all kinds of software, decided it had enough of false positive alerts about its own files on VirusTotal, and ran a test to see what the most common offenders are.

Because the company develops software that can be used by both good and bad guys, meaning hackers, lots of the antivirus engines in VirusTotal flag it as a virus or malware, despite the software not containing any kind of malicious code.

Since Nirsoft produces a lot of "password-cracking" applications, you might understand why some AV engines mark it as malware.

This is an old debate that has also surrounded applications like keygens and game cracks, which, despite not containing malicious code, are generally marked as malware.

This behavior, as antivirus engines argued in the past, is for the user's protection, because many such files are usually detected as infected.

This explanation was not satisfactory for NirSoft, which set out to test each of its files, and see what antivirus engines showed the most false positives.

In-depth infection explanations were taken into account

Besides false positives, the company also analyzed the warnings users were getting, and more specifically, they were looking for antiviruses that showed explanations about the detected infection by telling users the file was not actually malware, but a program that might be used by others to harm their data, privacy, and computer.

Since NirSoft's results are based only on scans of its own applications, the results should be taken with a grain of salt. The full report, results and in-depth methodology can be found on their blog. Below are just the main test results.