Nirsoft publishes antivirus list of shame

[Batu69]

If you are using tools from Nirsoft, and you should if you are running a flavor of Windows on a machine, then you may have ran into issues before when an antivirus solution notified you that the program you were about to run was malicious in nature.

Nirsoft has been fighting with false positives for a long time, and I can only imagine how many support requests Nir Sofer gets about that.

What makes this even worse for him is that companies may blacklist his website or pages on it because of these false positives.

Google's SafeBrowsing service for instance blocked Nirsoft tools from being downloaded in 2014, and since it is being used by Chrome, Firefox and other browsers, it was certainly devastating at that time for Nirsoft.

Nir Sofer tried to make changes to some of the programs but the result, as of today, is still the same. He then decided to create a report about the issue by scanning all of his programs on Virustotal and ranking antivirus engines based on false positives.

Virustotal scans files that you upload to the service against 56 different antivirus engines. The ranking calculation is simple: each antivirus engine starts with a score of 100 points. Negative points are awarded for alerts which vary depending on whether it is a generic alert or one that points to malicious code in particular.

The results

Only 12 of the 56 antivirus solutions did not report a single false positive while the remaining 44 antivirus engines did report at least one.

The engines with a perfect score are: AegisLab, Alibaba, ALYac, ByteHero, ClamAW, Emsisoft, Panda, Qihoo-360, Tencent, Total Defense, VBA32, Zoner.

Many popular antivirus solutions did not rank well. TrendMicro got a score of 67 and 24 alerts, Nod32 a score of 57 and 26 alerts, Symantec a score of 71 and 20 alerts, and Malwarebytes a score of 83 and 11 alerts.

Three antivirus engines ended the test with negative scores: Antiy-AVL with -6.5 points, TheHacker with -230.5 points and Bkav with -1280.5 points.

You can check the full listing over on the Nirsoft blog for additional details.

Conclusion

False positives are a big issue for Nirsoft and -- likely -- other software developers -- and users on the Internet.

The ranking does not reflect how effective an antivirus engine is as a whole and one at least has to wonder whether the good placement of certain antivirus engines is due to them being really good at avoiding false positives or other factors.

Nirsoft could use the findings in several ways. First, it is shaming companies who report false positives even though it is clear that Nirsoft programs are not malicious in nature. Second, by informing security companies about the results and hoping that they will do something about it.

Considering that these companies had years to fine tune their engines, it seems unlikely that this is going to happen though.

Source

[Israeli_Eagle]

Never had any problems with ESET NOD32 and Nirsoft tools, so... :sun:

[steven36]

Never had any problems with ESET NOD32 and Nirsoft tools, so... :sun:

This test don't tell you much no how over all for most false positives for most things ESET has very little false positives. Its all in how you set it up . If you enable PUP detection in NOD32 it give more false positives . If you scan programs on VT before you install them there's really no need to enable this. And many sites list if programs have toolbars and such . Even Kaspersky has more than ESET. But Avast has more false positives than both of these programs I have a windows 10 with Kaspersky ,Windows 8.1 with NOD32 and Windows 7 with Avast . :lol:

[steven36]

just antiviruses react on nirsoft tools that read passwords

imo, these antiviruses are imperfect

No antivirus is prefect I have External Drives were I plug in to my computers and on one of the drives is a program that's generic If I Plug it to the pc with kaspersky it will flag it so I have to exclude it With Nod32 its fine . But NOD will flag some keygens that kaspersky don't.. And Avast flags almost everything :lol:

Its just like they all put false positives in them on purpose as well Kaspersky flags sites and cracks that has keys for there software , NOD32 and MAM has FP for cracks and sites for software as well .

[Israeli_Eagle]

Never had any problems with ESET NOD32 and Nirsoft tools, so... :sun:

This test don't tell you much no how over all for most false positives for most things ESET has very little false positives. Its all in how you set it up . If you enable PUP detection in NOD32 it give more false positives . If you scan programs on VT before you install them there's really no need to enable this. And many sites list if programs have toolbars and such . Even Kaspersky has more than ESET. But Avast has more false positives than both of these programs I have a windows 10 with Kaspersky ,Windows 8.1 with NOD32 and Windows 7 with Avast . :lol:

PUP is enabled years, but still zero with Nirsoft.

[steven36]

Never had any problems with ESET NOD32 and Nirsoft tools, so... :sun:

This test don't tell you much no how over all for most false positives for most things ESET has very little false positives. Its all in how you set it up . If you enable PUP detection in NOD32 it give more false positives . If you scan programs on VT before you install them there's really no need to enable this. And many sites list if programs have toolbars and such . Even Kaspersky has more than ESET. But Avast has more false positives than both of these programs I have a windows 10 with Kaspersky ,Windows 8.1 with NOD32 and Windows 7 with Avast . :lol:

PUP is enabled years, but still zero with Nirsoft.

I never needed help to tell me if a program is potentially unwanted this flags many programs that you can simply uncheck the toolbars before installing or you could use uncheckey or extract the program with universal extractor .

[Israeli_Eagle]

Never had any problems with ESET NOD32 and Nirsoft tools, so... :sun:

This test don't tell you much no how over all for most false positives for most things ESET has very little false positives. Its all in how you set it up . If you enable PUP detection in NOD32 it give more false positives . If you scan programs on VT before you install them there's really no need to enable this. And many sites list if programs have toolbars and such . Even Kaspersky has more than ESET. But Avast has more false positives than both of these programs I have a windows 10 with Kaspersky ,Windows 8.1 with NOD32 and Windows 7 with Avast . :lol:

PUP is enabled years, but still zero with Nirsoft.

I never needed help to tell me if a program is potentially unwanted this flags many programs that you can simply uncheck the toolbars before installing or you could use uncheckey or extract the program with universal extractor .

PUP is useful sometimes and is simply easier as a warning, often the installers them self are spyware a bit. B)

[steven36]

Never had any problems with ESET NOD32 and Nirsoft tools, so... :sun:

This test don't tell you much no how over all for most false positives for most things ESET has very little false positives. Its all in how you set it up . If you enable PUP detection in NOD32 it give more false positives . If you scan programs on VT before you install them there's really no need to enable this. And many sites list if programs have toolbars and such . Even Kaspersky has more than ESET. But Avast has more false positives than both of these programs I have a windows 10 with Kaspersky ,Windows 8.1 with NOD32 and Windows 7 with Avast . :lol:

PUP is enabled years, but still zero with Nirsoft.

I never needed help to tell me if a program is potentially unwanted this flags many programs that you can simply uncheck the toolbars before installing or you could use uncheckey or extract the program with universal extractor .

PUP is useful sometimes and is simply easier as a warning, often the installers them self are spyware a bit. B)

If you are careful were you get you're programs from , even on the front page here they list if the program is PUP are not , Most all sites I get updates from do. Protecting yourself against PUP is conman sense really .

KIS - better, but ESS (8, not 9) - convenient

I like both :)

I been thinking about uninstalling KAV and putting something else in . It seems to make my pc boot slower vs when I had NOD32 in this one . AV is based on 3 things performance , protection and false positives . I don't use KIS even though we have a family key . They renew it not long ago for 3 pcs I like being able to use a stand alone FW .

[Israeli_Eagle]

Never had any problems with ESET NOD32 and Nirsoft tools, so... :sun:

This test don't tell you much no how over all for most false positives for most things ESET has very little false positives. Its all in how you set it up . If you enable PUP detection in NOD32 it give more false positives . If you scan programs on VT before you install them there's really no need to enable this. And many sites list if programs have toolbars and such . Even Kaspersky has more than ESET. But Avast has more false positives than both of these programs I have a windows 10 with Kaspersky ,Windows 8.1 with NOD32 and Windows 7 with Avast . :lol:

PUP is enabled years, but still zero with Nirsoft.

I never needed help to tell me if a program is potentially unwanted this flags many programs that you can simply uncheck the toolbars before installing or you could use uncheckey or extract the program with universal extractor .

PUP is useful sometimes and is simply easier as a warning, often the installers them self are spyware a bit. B)

If you are careful were you get you're programs from , even on the front page here they list if the program is PUP are not , Most all sites I get updates from do. Protecting yourself against PUP is conman sense really .

Of course I never trust any tool (also not NOD32) fully, only myself.

[straycat19]

PUP is used to identify Potentially Unwanted Program when it should mean Probably Unwanted Program since I have not seen ONE that I would want on any system and some are even front doors for other software packages and ads.

[212eta]

F/Ps are so...shameful... :o