ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

The DonationCoder "Superior Antivirus" Award/Certification

<< < (3/13) > >>

"Win32.Gen/DOCOVIR/PACK has been detected as a threat. Avast is 35% certain that this is a genuine security threat." -JavaJones (December 01, 2009, 06:53 PM)
--- End quote ---

Then "detects 100% of on-the-wild threats" becomes "detects 100% of what it thinks could be on-the-wild threats".
Doesn't look good on product pages :)

yeah how does this sound on the marketing page:

"We are the only antivirus program to meet the stringent requirements of the 'Superior/Honest Antivirus' certification -- which establishes the highest standards for reporting possible threats to users. read more.."

While false positives are frustrating to those that are having their work flagged, it can be more frustrating to the user when the messages they get from their antivirus leave them confused as to whether or not they should delete it or keep it. Anything that confuses the user more will raise the potential of a real threat slipping through, due to user ignorance.

Anything that could make a real threat seem not so threatening, potentially will lead to the user making the wrong choice.

So, while I understand and share your frustration, it has to be balanced with the need for the security product to effectively do it's job on both the computers of the more savvy power user, as well as the complete newbie, and everyone in between.

The more text, info, and options you give the user at the time of detection, the more they will be confused, the more will go wrong, and the more infected people there will be.

Any alert from an antivirus no matter how simple is likely to put the user in a state of panic, in which they potentially will not think clearly. Yes, this info may help them but more likely the panic will make them unable to mentally process that info at the time it is given.

Now I am not saying this info should not be available to the user. It would be great if it was, but not at the time of detection or bothering the average user. If it were included in an "advanced mode" then I could agree with it and would even welcome it.

one of the rare times i have to disagree with you app, about this being only for an advanced mode.
i could agree to an alert box with a very simple message and then a button to click for this more full info.

but my reasoning is based on agreeing with your statement:
Any alert from an antivirus no matter how simple is likely to put the user in a state of panic, in which they potentially will not think clearly.
--- End quote ---

these virus alerts scare the hell out of people.
and it is my impression that most of the time they are false alerts.

it is imperative that these bright red scare-the-death into you alert boxes tell people the concise information they need to know to make an intelligent decision.

the false positives are like the story of the boy who cried wolf -- you can't keep showing false positives and expect people to take you seriously when you really do find something wrong.

so the alert box, in default mode, has to help the user understand the real nature of the thread and HELP THEM make a decision about what to do.

the purpose of these guidelines are to establish a standard for information that needs to be available to users when an alert comes up.

Carol Haynes:
I would like to add that any warning should be accompanied by the method of identification of the risk. For example if heuristic checking is responsible for the alert it should be made clear with a message like "No actual threat has been detected but some behaviours of this software suggest the possibility of unwanted activity" then all the other information you suggested.

Further if they are using pattern matching I think there should be a score on how many elements of the pattern match the found issue.

I have spent hours tracking down 'viruses' and 'trojans' only to discover that of all the possible indicators of malware presence there was only one possible marker - which turned out to be legitimate.

I am not saying that viruses and trojans exist but in the last few years I have not come across a single genuine attack on any of my computers (other than the odd spam with bad attachments which have almost entirely been removed by googlemail before they got to me). I have had plenty of false positives though and almost always involving dodgy heurisitics.

I have to say I haven't had any false positives with free AVAST!

Personally I think there is a bit of psychology going on here - if expensive secuity apps don't appear to be doing something useful customers will decamp to free solutions consequently almost all of the companies trying to cash in on cyberfear have to promote that fear in faulty heuristics. Maybe I am too cynical but the only people that gain anything from the general public by false alarms are the companies producing those alarms.

In recent months I have been to quite a few clients with viruses. Most are running one of the most popular solution (N or M) and can't understand why there was no warning and they got infected - generally these are the ones that are infected. A large number however have received warnings and been scared and generally these are the clients that have experienced false positive syndrome.

PS: Why don't we just set up a new website called and have it is a gereral rant site for this sort of behaviour. Would fit in well with the donation ethos.


[0] Message Index

[#] Next page

[*] Previous page

Go to full version