Microsoft and Google subsidiary VirusTotal have teamed forces on a project which it is claimed will help reduce the number of 'false positive' detections suffered by anti-virus users.
The majority of anti-virus packages on the market rely on a mixture of signature-based detection which looks for a particular string or hash within infected files and heuristic detection, the latter using rudimentary 'intelligence' to find viruses that have not yet had signatures created or that have been modified such to change their signatures. This combination does a pretty good job of picking out the nasties, but comes with a cost: the better the heuristic is at finding unknown viruses, the more likely it is to accidentally flag a valid file as suspicious - known as a 'false positive' detection.
False positives are at least as dangerous as false negatives, where a piece of malware is mistakenly given a clean bill of health by the anti-virus software: a false positive in a system file can lead a user to quarantine or even delete the file, resulting in a system that can no longer boot. That's no theory, either: Windows has found itself kneecapped in the past by packages including McAfee
, while other packages have broken everything from World of Warcraft
Now, malware analysis specialist VirusTotal, acquired by Google in 2012
, has teamed up with Microsoft to help anti-virus makers reduce false positives. 'VirusTotal is strongly committed to helping the antivirus and security industry, this is why we also wanted to collaborate on this front. Our first shot at this is a project that we call trusted source,
' explained VirusTotal's Emiliano Martinez in the project's announcement
. 'The goal of this first stage is to have huge software developers share the files in their software catalogue. These files are then marked accordingly at VirusTotal and whenever an antivirus solution (mistakenly) detects them, we notify the pertinent vendor, allowing them to quickly correct the false positive. Additionally, when files get distributed to antivirus vendors, they are tagged so that potential erroneous flags can be ignored, preventing a snowball effect with detection ratios.
The figures are certainly impressive: its partnership with Microsoft has resulted in over 6,000 false positives being fixed in various anti-virus vendors' packages. With that success under its belts, VirusTotal has indicated it is looking for other very large software vendors to provide metadata on their valid software packages in order to expand the project's horizons.