If you use Nirsoft's free tools, you are likely to have received false positives from some antivirus software that report malicious features.
Nirsoft has been struggling for a long time to remove its applications from the blacklist of antiviruses, with the danger of being adopted by large browsers.
For example, if Chrome or Firefox blocks Nirsoft's tools, Nirsoft will surely be destroyed.
Ο Nir Sofer, ιδιοκτήτης της σελίδας άλλαξε τις εφαρμογές του, αλλά το αποτέλεσμα εξακολουθεί να είναι το ίδιο.
He then decided to investigate the issue above, scanning all of his programs in VirusTotal and discovering the antiviruses that show false positives.
For those who do not know VirusTotal scans the files you upload to the 56 service with different antivirus engines.
Ranking in the list of Nir Sofer below is simple: every antivirus starts with 100 scores. Negative spots are awarded for alerts that vary depending on whether it is a general alert or someone who warns of malicious code.
The Results
| AV Name | Total Alerts | No Virus | NO PR | Trojan Alerts | Score |
|---|---|---|---|---|---|
| AegisLab | 0 | 0 | 0 | 0 | 100 |
| Alibaba | 0 | 0 | 0 | 0 | 100 |
| ALYac | 0 | 0 | 0 | 0 | 100 |
| ByteHero | 0 | 0 | 0 | 0 | 100 |
| ClamAV | 0 | 0 | 0 | 0 | 100 |
| Emsisoft | 0 | 0 | 0 | 0 | 100 |
| Panda | 0 | 0 | 0 | 0 | 100 |
| Qihoo-360 | 0 | 0 | 0 | 0 | 100 |
| Tencent | 0 | 0 | 0 | 0 | 100 |
| TotalDefense | 0 | 0 | 0 | 0 | 100 |
| VBA32 | 0 | 0 | 0 | 0 | 100 |
| Zoner | 0 | 0 | 0 | 0 | 100 |
| nProtect | 1 | 0 | 0 | 0 | 98.5 |
| Microsoft | 3 | 3 | 0 | 0 | 97 |
| F-Prot | 2 | 1 | 1 | 0 | 96 |
| Avira | 5 | 1 | 0 | 0 | 93 |
| Cyren | 5 | 0 | 1 | 0 | 91 |
| Agnitum | 9 | 9 | 0 | 0 | 91 |
| AhnLab-V3 | 9 | 9 | 0 | 0 | 91 |
| CMC | 6 | 5 | 2 | 0 | 90.5 |
| Ikarus | 5 | 4 | 0 | 1 | 89.5 |
| Baidu-International | 6 | 6 | 2 | 1 | 86 |
| Kingsoft | 8 | 2 | 2 | 0 | 86 |
| AVWare | 3 | 0 | 0 | 2 | 85.5 |
| AVG | 13 | 13 | 1 | 0 | 85.5 |
| Ad-Aware | 10 | 0 | 0 | 0 | 85 |
| BitDefender | 10 | 0 | 0 | 0 | 85 |
| F-Secure | 10 | 0 | 0 | 0 | 85 |
| MicroWorld-eScan | 10 | 0 | 0 | 0 | 85 |
| Jiangmin | 3 | 1 | 1 | 2 | 84.5 |
| Zillya | 10 | 9 | 0 | 1 | 84.5 |
| Avast | 14 | 14 | 1 | 0 | 84.5 |
| Malwarebytes | 11 | 11 | 4 | 0 | 83 |
| Kaspersky | 16 | 16 | 2 | 0 | 81 |
| K7AntiVirus | 17 | 16 | 2 | 0 | 79.5 |
| K7GW | 18 | 17 | 2 | 0 | 78.5 |
| Rising | 6 | 1 | 3 | 2 | 77 |
| VIPRE | 10 | 7 | 1 | 2 | 77 |
| SUPERAntiSpyware | 15 | 14 | 2 | 1 | 76.5 |
| CAT-QuickHeal | 21 | 21 | 3 | 0 | 74.5 |
| GData | 16 | 2 | 0 | 1 | 72 |
| Fortinet | 22 | 22 | 4 | 0 | 72 |
| NANO-Antivirus | 12 | 9 | 0 | 3 | 71.5 |
| DrWeb | 16 | 15 | 5 | 1 | 71 |
| Symantec | 20 | 14 | 4 | 0 | 71 |
| McAfee-GW-Edition | 24 | 21 | 4 | 0 | 68.5 |
| McAfee | 21 | 10 | 4 | 0 | 67.5 |
| Arcabit | 12 | 0 | 0 | 3 | 67 |
| TrendMicro | 24 | 0 | 3 | 0 | 59.5 |
| ESET-NOD32 | 26 | 16 | 8 | 0 | 57 |
| TrendMicro-HouseCall | 25 | 0 | 5 | 0 | 55 |
| ViRobot | 12 | 5 | 2 | 7 | 46.5 |
| Sophos | 34 | 32 | 19 | 0 | 36.5 |
| Comfortable | 13 | 2 | 0 | 11 | 26.5 |
| Antiy-AVL | 27 | 19 | 7 | 13 | -6.5 |
| TheHacker | 113 | 0 | 104 | 1 | -230.5 |
| Bkav | 175 | 0 | 162 | 175 | -1280.5 |
Only 12 from 56 antivirus solutions did not report false positives, while the remaining 44 antivirus engines showed at least one.
The engines with the perfect results are: AegisLab, Alibaba, ALYac, ByteHero, ClamAW, Emsisoft, Panda, Qihoo-360, Tencent, Total Defense, VBA32, Zoner.
Many popular antivirus solutions did not rank well. TrendMicro, say, had 67 and 24 Alerts, Nod32 had 57 and 26 Alerts, Symantec had 71 and 20 Alerts, and Malwarebytes caught 83 with 11 Alerts.
You can see all the post in Nirsoft blog for more details.
Conclusion
False positives are a big issue for Nirsoft and possibly for other software developers.
The above ranking does not reflect how effective antivirus is, and at least one time we will ask whether certain antivirus mechanisms we use as reliable are truly reliable in avoiding false positives.
