False positive

Clean file mistakenly labelled as malware, legitimate email incorrectly labelled spam

A false positive occurs when anti-malware software erroneously labels a clean file as malware.

False positives can cause considerable problems, particularly when the file in question is important to the operation of a system - if security software blocks access to or deletes a vital component, systems may become unstable or even cease to function altogether. Even when less significant files are mislabelled it can cause difficulties for users, for admins who must spend time ensuring the file is indeed valid, and for manufacturers who may halt production of a product while issues are resolved. The 'no false positives' rule is one of the main requirements for certification in the VB100 test process.

False positives are also encountered in spam filtering, when a piece of legitimate email (ham) is mistakenly labelled as spam. Again, serious consequences can result, for example when an important business document does not reach its intended recipient as a result of being filtered by anti-spam software.

Glossary


	Similar entries Browser Helper Object Buffer overflow Command and control Cookie Greyware Hacker tool Hosts file Man-in-the-middle attack Open redirect Potentially unwanted Riskware Rogue anti-malware Social engineering Stack overflow Vulnerability Web bug Zero-day exploit See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 10 comments

Malware Prevalence

Autorun
Encrypted/Obfuscated
Heuristic/generic
Sality
Zbot

View this month's full report

Virus Bulletin currently has 224,162 registered users.

Fighting malware and spam

False positive

See also