Kaspersky applies for anti-false-positive system patent
In a detailed post on his blog, Eugene Kaspersky, co-founder of Kaspersky Lab, explains how his company's anti-virus software calls home in order to prevent false positives, before notifying users that it has detected malicious software. Before displaying an alert warning users of what it has found, Kaspersky's anti-virus products send information on the suspect file and the signature responsible for detecting it to a special database that is part of the Kaspersky Security Network (KSN).
The cloud-based KSN service checks whether the file is on a whitelist and whether the signature is known to result in false positives. In the past, this information would have been disseminated to clients via signature updates, resulting in delays of up to several hours or even days.
Source: Kaspersky In addition, Kaspersky also revealed that his company works with so-called "silent detections". This approach, he says, is used "to verify the most sophisticated detections" – the user is not informed if the program sounds the alarm in response to such a signature. This allows the company to identify any virus signatures which would cause large-scale false positives on user machines in advance.
The scale of potential problems caused by false alarms was recently illustrated by Avira's anti-virus software, which made the mistake of blocking several harmless Windows system processes. The result was that users' computers were almost completely disabled as they would no longer boot properly.
At the end of the post, Kaspersky notes that his company has applied for patents for its cloud-based anti-false-positive system, saying that "Unfortunately, for now we're in silent mode on this issue to avoid letting the cat out of the bag before all the patent applications have been filed. But I’ll keep you posted!". Whether the process really is that novel is hard to say. According to security specialist Andreas Marx from anti-virus testing lab AV-Test, however, Kaspersky is one of the few security firms that makes good use of cloud computing to fight malware.