back to article False positives run amok in Vista anti-virus tests

The first independent tests of anti-malware products on 64-bit Windows Vista revealed a rash of false positives. Of the 20 products submitted for testing to independent security certification body Virus Bulletin, six generated false positives when scanning a set of known clean files. As a result, the product failed to earn …


This topic is closed for new posts.
  1. John


    Wanted to get there first - I run linux!

    In fairness though the missus runs XP with AVG free and we have (only) had one problem that went away. We'll be moving to Vista soon enough and would like to know I'm not going to have to disinfect it 2 hours before a deadline for something and it's falling over every third cpu cycle.

    Come on M$, play ball with the smaller anti-virus boys too!

  2. Rob

    Just to let you know John...

    ... I've been using Vista on my laptop (use this for work, which includes video editing and such like). I run Trendmicro's Internet security fully patched and up to date, by accident one day I was editing some footage and the AV scan kicked in while I working, I experienced mild slow down but other than that everything worked fine and no viri were found. (If I'm playing World of Warcraft, I won't even know if it's done a scan unless I look at the summary page of the AV S/W)

    Hope that helps with some of your woes about upgrading.

    P.S. oh and forget to mention I haven't switched off the UAC feature either.

  3. Register Reader


    The thing is that the 'developer tool' probably meets the definition of spyware.. if they add it to a 'clean list', then what happens if someone manages to take over that file, unless it checks the file against a hash, which it probably does..

    Also funny that security firms are complaining about the OS being more secure, making it more difficult for them to hook into the underlying system..

  4. James Penketh

    Laughing my a$$ off.

    sec0nd. I'm a GNU/Linux user, too!

    Now that's over...

    I think it's halarious that a development kit is detected as malware. Well, if the AV software was being entirely truthful, wouldn't it detect all the DRM crap as malware?

    I am going to avoid Vista as long as possible, and if I'm gonna use windows I'll only use XP.

    And who, in their right mind, would buy Vista?

  5. Steven Hewittt

    What the hell?

    Come off it. If these files are from the top list of downloadable apps then the likelyhood of them even going near the kernel is so remote that it can hardly be patchguard.

    Looks like the AV vendors need to learn how to write propper software.

  6. Dam

    re: smug

    Move to vista?

    Now, seriously... almost everyone I talk with who's tried vista has removed it in favour of an old XP.

    Mark my words, you *will* regret *dearly* having moved to vista.

    -memory/cpu hog <-- slow

    -DRRRM RrrrrriiiiiiDDDDdddddleeed <-- slow

    -"new" (sigh) fancy display <-- slow

    -DRM check on every single fucking file <-- slow (thanks ElReg mod for not censoring that word, it's intended, for the extra effect)

    -application compatibility issues; a ton of 2K/XP apps won't run anymore

    -drivers lol; The final straw came when I tried to install my HP laserjet 1010, a fairly new product from a known brand... driver? soon (tm)

    -OpenGL NUKED; DirectX emulates OpenGL with the speed of a pot plant

    If I were you I would really, reaaaally make a good search around the web before upgrading to Vista.

    Again, you *will* regret it *immensely*

    As a side not to the article:

    "Trend Micro submitted three of its anti-virus products, all of which falsely identified a Microsoft development tool as spyware."

    Hahahahaha, well you bet it is once they start serving ADVERTS in their products...

    Btw, any of these products labelled "Windows Genuine Advantage" (rofl) as a malware/spyware/adware ? ;)

  7. Anonymous Coward
    Anonymous Coward

    "False" positives?

    " Trend Micro submitted three of its anti-virus products, all of which falsely identified a Microsoft development tool as spyware. "

    Huh? Are you implying there's any microsoft software (at all) that /doesn't/ phone home?

  8. Mark Powell

    AVG & Vista

    AVG works well on Vista, and got the approval of PC Pro earlier this year.

  9. Cameron Colley

    Glad I went for XP...

    After reading articles like this, and some of the comments, I'm glad I chose XP over fister when I bought a new machine recently.

    Hopefully, by the time I come to buy another machine I'll not need to get MS software on it at all.

  10. Mike Moyle

    Now, I'm not a programmer... this may be way out in left field, but I had an odd thought while reading the article.

    Were I a cynical and suspicious sort of individual (...which, of course, I'm not...!) I might wonder how difficult it would befor MS to insert a subroutine name, or a commented line that happens to be identical to an identifiable bit of code (call it "xyz") from a known virus or trojan, then tell their own AV product:

    if <xyz>

    then if <creator = Microsoft>

    then return <No virus found>

    Thus, MS's AV products would report the program as clean, while other AV programs would report a "false positive" based on spotting "xyz".

    I seem to recall something similsr where an MS product checked to see if the computer was running MS-DOS and, if it found DR-DOS (? I think ?), would crash even though there was no intrinsic reason for it NOT to work under the other OS.

    Just running variations on a theme, really...

    But that's what I might think if I were a cynical and suspicious sort which, of course, I'm not...

  11. Morely Dotes

    "False" postive? Mai non, m'sieur!

    "Trend Micro submitted three of its anti-virus products, all of which falsely identified a Microsoft development tool as spyware.

    That's clearly *NOT* a false positive. It's completely accurate. It's a Microsoft product that was identified; ergo, it *is* malicious software.

  12. Anonymous Coward
    Anonymous Coward

    AV Software

    It's funny that I never see much mention of NOD32. I use it on my home (XP) pc and I think it does a cracking job.

    It's also passed Virus Bulletin's VB100 test 45 times. More than any other anti-virus software. It also detects malware/spyware and rootkits. Plus it's small, it only takes up about 22mb of memory.

    Oh and it also works on Vista.

  13. El Regular

    I don't understand..

    Why Vista was released, at all?

    From all the reports on it, it wasn't ready as a basic package, let alone a wide ranging platform. Vista is a victim of it's developers being pressured to produce novelty to match Mac and create enough range to market to all possible computer using sectors.. As supposed to developping a strong, rugged platform from which to release business and executive models.

    On a side note, the PR on Vista has been exceptional, much like american coverage on Americas "victory" in iraq (2005, remember? "mission accomplished")

  14. James

    NOD32 and other notes

    Did NOD32 get the VB100 ranking with the 64-bit version of Vista? I know it's good, but the article was only speaking to the 64-bit tests.

    I also like NOD32, AVG Free and Clam AV ... on XP (when I have to run it). Our Vista users can't complain enough about it.

    Re: Paranoid delusions (@Mr. Moyle)

    You're only paranoid if they're NOT out to get you. Your comments reflect generational MS practices where they maliciously insert code (or fail to document it) in attempts to cause competitors' products to shine less than brightly than their own. Netscape comes to mind (Did anyone really believe that MSIE3-4 functioned better than Netscape on an even playing field?)(and yes, I can cite the Finding of Fact in that big ol' case).

    It does bear repeating that of the 20 products submitted for testing, only 6 produced the false positives. And it's not at all surprising that MS 64-bit anti-malware product did so well ... even if its consumer-level (32-bit) product continues to be crap.

    I strongly agree with those who recommend AGAINST "upgrading" to or purchasing a new system with any current version of Vista on it. Wait until the first service pack, at the very earliest, or just stick with what's working for you and ignore Vista completely. It's easy to do ...

  15. Jonathan

    Vista and NOD32

    Firstly, NOD32 is fantastic. I've used it for years. It's unobtrusive, small, uses far far fewer CPU cycles than anything else and what's more, it really, really works.

    As for Vista--I remember exactly the same arguments when XP came out. To be fair, there have been far fewer compatibility issues this time around. And as with XP, you'll all be running Vista in the end...

  16. Anonymous Coward
    Anonymous Coward

    "In the end" alright

    Er.. "...far fewer compatibility issues"? Hell yes. Vista is far less likely to be compatible with anything. Hardware or software.

    Use it, and you will feel like you've had something run into your end alright.

    I am still trying to get my supplier to get a XP disk to me to replace the crap that came preinstalled on the laptop. Which, consequently, is barely compatible with the hardware it was installed on.

    While I wait, I'll play with this linux thingy. I hear good stuff about it, and have so far enjoyed many crash free, malware free, problem free hours of productivity. If Vista was as good as XP, I never would've considered installing Linux on this machine. But I was desperate for a WORKING machine, so on went the Linux.

This topic is closed for new posts.