Trend Micro fails anti-malware test

All three of the anti-malware products submitted by Trend Micro for Virus Bulletin's independent tests failed because they produced false positives.

Of the 20 products submitted for testing, six generated false positives when scanning a set of known clean files and failed to meet the requirements for VB100 certification.

"Trend Micro, one of the 'big four' anti-malware companies, submitted no fewer than three of its anti-virus products, all of which falsely identified a Microsoft development tool as spyware," said a statement from Virus Bulletin.

"Other products to generate false positives were Fortinet's FortiClient, Ikarus Utilities, and VirusBuster."

The anti-malware tests were the first to be carried out by Virus Bulletin on 64-bit Windows Vista.

John Hawes, a technical consultant at Virus Bulletin, said the tests had included known clean files that were mostly taken from the 'most-popular' lists on free download sites.

"It is a concern that the additions have caused such an upsurge in false detections," Hawes said.

"A false positive can cause as much disruption as a virus infection and false warnings often lead end-users to delete valid files in the belief that they are some form of attack. The resultant damage can be significant."

Hawes said that many of today's products showed an increasing reliance on heuristic detection techniques, and anti-malware vendors had to work hard if they were going to minimise false detections.

Microsoft received widespread criticism in February 2007 after its OneCare consumer AV product failed to achieve VB100 certification on the 32-bit version of the Vista platform.

"This time its enterprise product, Forefront, put in a strong performance and was awarded VB100 status for Vista x64," the Virus Bulletin statement said.

Virus Bulletin's VB100 tests pit anti-virus products against a test set of viruses from the WildList, which are known to be circulating on computers around the world.

To earn VB100 certification, products must be able to detect 100 per cent of the viruses contained in the WildList test set and must not generate any false alarms when scanning a set of clean files.

In June three anti-virus makers failed to meet the VB100 standard for virus detection on Windows XP.