We use the term false positive to refer to something that is presumed to be true when, it is not. A false negative  would be just the opposite: something that is supposed to be false or uncertain, ends up being true.

In computing, the expressions “false positive” and “false negative” refer to antivirus programs:

    • False positives often happen when an antivirus program or any other security system identifies, by mistake, as illegitimate a legitimate code, program, application, web address, file etc. (as if it were infected with malware: Trojan horse, virus, worms, etc.).  Although there is a low probability of this happening, it can be caused by:
        • Human activities (classify something incorrectly)
        • Or automatically (the heuristic sensitivity)
    • The opposite would be a false negative:  we are unable to detect something we should be detecting. Consequently, no alerts are received when a piece of malware gets through the security systems.

Why does this happen?

There are several methods that can be used by antivirus to identify malware but, to simplify, we will focus on a couple of them:

    • Signature analysis (this method involves searching for patterns of bytes)
    • Behavior analysis (which consists of searching for correlated actions that may involve malicious activity).

The growing number of new pieces of malware along with their greater complexity and sophistication, makes their detection no longer manageable with traditional methods, forcing companies to use more generic technologies.

¿What are the consequences of a false positive?  And the effects of a false negative?

The consequences can be quite serious. An antivirus can accidentally assume that an essential file is infected and remove it. This could make the system unusable, causing major equipment failures.

As a result, antivirus detection files are becoming bigger and bigger and the number of false positives increases when trying to reduce the cases of false negatives.

Lastly, we should not forget the problem that all this involves for software developers, especially those that are small. Let´s imagine that your legitimate software is detected as malware by a well-known antivirus. How do you prove the giant is wrong and not you?

Say goodbye to this problem

In Randed we have found the solution. Discover ICTech our disruptive technology that guarantees the total protection of your company without having to take unnecessary risks due to false negatives or false positives.