Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ultimately Is there no way to be certain if a file is


  • Please log in to reply
5 replies to this topic

#1 rhoadesb

rhoadesb

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania, USA
  • Local time:08:46 AM

Posted 17 October 2010 - 12:46 PM

I know to use http://virustotal.com to assist in knowing, etc., but is there a way to KNOW for certain if an indication of malware is a false positive ... or real?


Thank you.

Edited by rhoadesb, 17 October 2010 - 12:47 PM.


BC AdBot (Login to Remove)

 


#2 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:01:46 PM

Posted 17 October 2010 - 01:22 PM

Virustotal will only show malware already known to av databases, so does not recognise completely new malware. The only defense against that is whitelisting or maybe behaviourblocking. With Comodo CIS for example, anything unknown to them will be sandboxed so that it is very restricted.
James

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:46 AM

Posted 17 October 2010 - 03:36 PM

In addition to VirusTotal, you can also get a second opinion at:If you confirm or suspect a false detection of a particular file, then you should contact the anti-virus vendor's Tech Support and advise them so their technicians can investigate and make corrections to its database definitions. Most anti-virus vendors have instructions for sample file submissions posted on their web sites. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.

For submission to a specific anti-virus vendor, please see:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 17 October 2010 - 04:04 PM

Ultimately, it is not possible to develop an algorithm that can perfectly detect all malware. Fred Cohen produced a mathematical proof that this is not possible. This proof is related to the halting problem.

But is your question general, or do you have a particular file you're not sure to trust?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 rhoadesb

rhoadesb
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania, USA
  • Local time:08:46 AM

Posted 18 October 2010 - 11:24 AM

"But is your question general, or do you have a particular file you're not sure to trust?"

It's really a general question, thank you.

And thanks for the new link I did not have (VirSCAN), and the other data.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:46 AM

Posted 18 October 2010 - 11:32 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users