NirSoft rates antivirus engines for false positives
If you regularly download small technical Windows tools then you’ll know they’re often incorrectly flagged as malware, even when from very trusted sources.
Which security companies are the worst offenders? Freeware developer NirSoft has released a report scoring Virustotal’s 57 antivirus engines for their response to its utilities.
This is a difficult area to assess, as some NirSoft tools can be used maliciously, in particular password revealers like Network Password Recovery.
Fortunately the report tries to take at least some account of this, awarding bonus points to engines which display an accurate explanation of their alerts ("passwordrevealer", "riskware", "not-a-virus"), and punishing those which use incorrect terms ("malware", "adware").
NirSoft found 12 engines displayed no alerts at all: AegisLab, Alibaba, ALYac, ByteHero, ClamAV, Emsisoft, Panda, Qihoo-360, Tencent, TotalDefense, VBA32 and Zoner.
Engines which displayed alerts for the main password revealers, but rarely raised false alerts for anything else, included AVG, Avast, Kaspersky, K7Antivirus, K7GW and SUPERAntispyware.
Bringing up the rear was TheHacker, and notably Bkav, which raised a total of 175 alerts, and variously and inaccurately -- described the programs at "trojan", "spyware", "malware" or "adware".
These results need to be interpreted with care. Bkav’s alerts may not be using accurate terms, but if you’re scanning a work PC and don’t want any of these low-level tools around then the sheer volume of warnings could make it useful.
Still, it’s good to see someone actually measure how different antivirus engines treat this issue, and we’ll be interested to see if NirSoft reruns the test in future.