If you use its free tools Nirsoft, then it is very likely that you have received false positives from some antiviruses that indicate that the applications are malicious.
Nirsoft has been struggling for a long time to remove its applications from the blacklist of antiviruses, with the danger of being adopted by large browsers.
For example, if Chrome or Firefox blocks Nirsoft's tools, Nirsoft will surely be destroyed.
Nir Sofer, the owner of the page, changed its applications, but the result is still the same.
He then decided to investigate the issue above, scanning all of his programs in VirusTotal and discovering the antiviruses that show false positives.
For those who do not know VirusTotal scans the files you upload to the 56 service with different antivirus engines.
The ranking calculation in Nir Sofer's list below is simple: each antivirus starts with score 100 βαθμούς. Τα αρνητικά σημεία απονέμονται για ειδοποιήσεις οι οποίες ποικίλλουν ανάλογα με το αν πρόκειται για γενική notice or to one that warns of malicious code.
Results
| AV Name | Total Alerts | No Virus | NO PR | Trojan Alerts | Score |
|---|---|---|---|---|---|
| AegisLab | 0 | 0 | 0 | 0 | 100 |
| Alibaba | 0 | 0 | 0 | 0 | 100 |
| ALYac | 0 | 0 | 0 | 0 | 100 |
| ByteHero | 0 | 0 | 0 | 0 | 100 |
| ClamAV | 0 | 0 | 0 | 0 | 100 |
| Emsisoft | 0 | 0 | 0 | 0 | 100 |
| Panda | 0 | 0 | 0 | 0 | 100 |
| Qihoo-360 | 0 | 0 | 0 | 0 | 100 |
| Tencent | 0 | 0 | 0 | 0 | 100 |
| TotalDefense | 0 | 0 | 0 | 0 | 100 |
| VBA32 | 0 | 0 | 0 | 0 | 100 |
| Zoner | 0 | 0 | 0 | 0 | 100 |
| nProtect | 1 | 0 | 0 | 0 | 98.5 |
| Microsoft | 3 | 3 | 0 | 0 | 97 |
| F-Prot | 2 | 1 | 1 | 0 | 96 |
| Avira | 5 | 1 | 0 | 0 | 93 |
| Cyren | 5 | 0 | 1 | 0 | 91 |
| Agnitum | 9 | 9 | 0 | 0 | 91 |
| AhnLab-V3 | 9 | 9 | 0 | 0 | 91 |
| CMC | 6 | 5 | 2 | 0 | 90.5 |
| Ikarus | 5 | 4 | 0 | 1 | 89.5 |
| Baidu-International | 6 | 6 | 2 | 1 | 86 |
| Kingsoft | 8 | 2 | 2 | 0 | 86 |
| AVWare | 3 | 0 | 0 | 2 | 85.5 |
| AVG | 13 | 13 | 1 | 0 | 85.5 |
| Ad-Aware | 10 | 0 | 0 | 0 | 85 |
| BitDefender | 10 | 0 | 0 | 0 | 85 |
| F-Secure | 10 | 0 | 0 | 0 | 85 |
| MicroWorld-eScan | 10 | 0 | 0 | 0 | 85 |
| Jiangmin | 3 | 1 | 1 | 2 | 84.5 |
| Zillya | 10 | 9 | 0 | 1 | 84.5 |
| Avast | 14 | 14 | 1 | 0 | 84.5 |
| Malwarebytes | 11 | 11 | 4 | 0 | 83 |
| Kaspersky | 16 | 16 | 2 | 0 | 81 |
| K7AntiVirus | 17 | 16 | 2 | 0 | 79.5 |
| K7GW | 18 | 17 | 2 | 0 | 78.5 |
| Rising | 6 | 1 | 3 | 2 | 77 |
| VIPRE | 10 | 7 | 1 | 2 | 77 |
| SUPERAntiSpyware | 15 | 14 | 2 | 1 | 76.5 |
| CAT-QuickHeal | 21 | 21 | 3 | 0 | 74.5 |
| GData | 16 | 2 | 0 | 1 | 72 |
| Fortinet | 22 | 22 | 4 | 0 | 72 |
| NANO-Antivirus | 12 | 9 | 0 | 3 | 71.5 |
| DrWeb | 16 | 15 | 5 | 1 | 71 |
| Symantec | 20 | 14 | 4 | 0 | 71 |
| McAfee-GW-Edition | 24 | 21 | 4 | 0 | 68.5 |
| McAfee | 21 | 10 | 4 | 0 | 67.5 |
| Arcabit | 12 | 0 | 0 | 3 | 67 |
| TrendMicro | 24 | 0 | 3 | 0 | 59.5 |
| ESET-NOD32 | 26 | 16 | 8 | 0 | 57 |
| TrendMicro-HouseCall | 25 | 0 | 5 | 0 | 55 |
| ViRobot | 12 | 5 | 2 | 7 | 46.5 |
| Sophos | 34 | 32 | 19 | 0 | 36.5 |
| Comfortable | 13 | 2 | 0 | 11 | 26.5 |
| Antiy-AVL | 27 | 19 | 7 | 13 | -6.5 |
| TheHacker | 113 | 0 | 104 | 1 | -230.5 |
| Bkav | 175 | 0 | 162 | 175 | -1280.5 |
Only 12 from 56 antivirus solutions did not report false positives, while the remaining 44 antivirus engines showed at least one.
The engines with the perfect results are: AegisLab, Alibaba, ALYac, ByteHero, ClamAW, Emsisoft, Panda, Qihoo-360, Tencent, Total Defense, VBA32, Zoner.
Many popular antivirus solutions did not rank well. TrendMicro, say, had 67 and 24 Alerts, Nod32 had 57 and 26 Alerts, Symantec had 71 and 20 Alerts, and Malwarebytes caught 83 with 11 Alerts.
You can see all the post in Nirsoft blog for more details.
Conclusion
False positives are a big issue for Nirsoft and possibly for other software developers.
The above ranking does not reflect how effective antivirus is, and at least one time we will ask whether certain antivirus mechanisms we use as reliable are truly reliable in avoiding false positives.
