VirusTotal is taking a shot at false-positive malware detections.
The Google-owned malware-scanning service is inviting software developers to submit code for a whitelist, dubbed Trusted Source, which will be cross-referenced with future malware and virus detections.
Once developers have shared the files in their software catalogs to the whitelist, those files can then be marked accordingly as safe. So, whenever an antivirus solution mistakenly detects one of the files as malicious, VirusTotal will notify the pertinent vendor, allowing them to correct the false positive.
Additionally, when the files get distributed to antivirus vendors, they will be tagged so that potential erroneous flags can be ignored, preventing a snowball effect with detection ratios.
So far, VirusTotal has put the program into action with Microsoft. It said that in the one week since it was kicked off, more than 6,000 false positives have been fixed.
False positives are a growing issue. “Nowadays antivirus vendors are increasingly required to become more proactive, this includes developing generic signatures and heuristic flags, which very often leads to mistaken detections in an effort to have a more secure user-base,” said VirusTotal’s Emiliano Martinez, in a blog post.
But those mistaken detections have a raft of undesired effects. Software developers take a brand hit when programs are rendered unusable for a large portion of their users, for one, and antivirus vendors' reputations may be severely impacted.
But also, overhead skyrockets: support teams for the affected programs may be suddenly overwhelmed by user emails claiming that the given software is not working correctly. A recent Ponemon study showed that US companies spend $1.3 million each year addressing cybersecurity alerts that turn out to be false alarms, wasting nearly 21,000 man hours.
VirusTotal is mainly looking for large software vendors to grow its collection of trusted software; and the initiative is of course not open to potentially unwanted applications and adware developers.