[ The PC Guide | System Care Guide | Data Loss and Virus Prevention | Virus Detection and Protection | Virus Scanning and Antivirus Software ]

False Positives and False Negatives

It is the nature of virtually every test that sometimes errors occur, and scanning for viruses is no exception. There are two types of errors that every virus scanning has the potential to make:

• False Positive: A false positive occurs when the scanning reports finding a virus when there is in fact no virus present. The chances of this occurring depend on the type of virus checking being done, and also on the general quality of the software. Scanners that use virus definition files don't report false positives very often; software that looks for "virus-like behavior" will report false positives constantly, because they are only guessing at what "might be" viruses (such as updates to program files, etc., which can be quite legitimate in some cases.)

Note: Using incorrect virus definition files, or ones designed for either an older or newer version of your virus scanner, can result in copious amounts of false positives. I've had this happen myself and it can be quite alarming since I am quite careful about digital hygiene. :^)

• False Negative: A false negative occurs when the scanning software does not find a virus that in fact exists on the system. You of course won't have any way of knowing that this has occurred, until the virus manifests itself in some obvious way on the system (funny messages, file loss, etc.) No virus scanner is perfect, and some viruses will be missed by any of these programs, although good ones will miss relatively few, especially if the virus definition files are kept up-to-date. Using more than one type (or brand) of scanner software can help reduce the exposure you might have if you use only one kind.

Modern virus scanners are very reliable, if given up-to-date virus definition files and especially when combined with virus protection methods. Still, it is important to remember that no scanner is foolproof. Similarly, remember that false positives do occur, so it is possible that you may not have a virus when you initially get a report saying you have one.

Tip: If you get a report of a virus and suspect that it is a false positive, verifying the report with another virus checker is always a good idea (but bear in mind that some scanners may find viruses that others do not.)

Next: Virus Definition Files

Home  -  Search  -  Topics  -  Up