Fighting malware and spam

False positive

Clean file mistakenly labelled as malware, legitimate email incorrectly labelled spam

A false positive occurs when anti-malware software erroneously labels a clean file as malware.

False positives can cause considerable problems, particularly when the file in question is important to the operation of a system - if security software blocks access to or deletes a vital component, systems may become unstable or even cease to function altogether. Even when less significant files are mislabelled it can cause difficulties for users, for admins who must spend time ensuring the file is indeed valid, and for manufacturers who may halt production of a product while issues are resolved. The 'no false positives' rule is one of the main requirements for certification in the VB100 test process.

False positives are also encountered in spam filtering, when a piece of legitimate email (ham) is mistakenly labelled as spam. Again, serious consequences can result, for example when an important business document does not reach its intended recipient as a result of being filtered by anti-spam software.

Related news articles

DKIM usage shows significant growth

US banks urged to use authentication method

29 June 2009

McAfee false positive flags Vista component

Innocent file labelled trojan.

22 October 2008

Tough weekend for AV giants as FPs and DNS issues hit

Trend false alert cripples users' systems, Sophos sites taken out by DNS mixup.

10 September 2008

  see all related news stories

Poll

Malware Prevalence

Dropper-misc
Waledac
Agent
NetSky
Invoice