Bitcoin Forum>Other>Beginners & Help
Author

Topic: Check links with Virustotal. False positive results, how much they are? (Read 188 times)

masulum
legendary
Activity: 2226
Merit: 1592
hmph..
Check links with Virustotal. False positive results, how much they are?
December 17, 2019, 10:21:14 PM
#7
Quote from: OcTradism on December 17, 2019, 09:40:33 PM
From your answers, it is the best solution by not clicking on links given by the others. Hovering mouse on the link to see the display of links (if not shortened URLs) and stop curious at this.



You can check original URL under short URL too, mostly you just need to add plus (+) at the end of URL. example if you find short URL like https://s.id/96KAO to view original URL just edit to https://s.id/96KAO+ from address bar.
OcTradism
hero member
Activity: 1722
Merit: 801
Re: Check links with Virustotal. False positive results, how much they are?
December 17, 2019, 09:40:33 PM
#6
From your answers, it is the best solution by not clicking on links given by the others. Hovering mouse on the link to see the display of links (if not shortened URLs) and stop curious at this.

Virustotal is a secondary protection layers for us as the other antivirus softwares. The primary protection layer for us is our carefulness.
LeGaulois
copper member
Activity: 2828
Merit: 4065
Top Crypto Casino
Re: Check links with Virustotal. False positive results, how much they are?
December 17, 2019, 03:19:12 PM
#5
Regarding Paste.ee.

It's because hackers make use of websites such as Pastebin and co for detection evasion so your antivirus may not be able to detect it. You can hide several pieces of codes by using this method and infect a machine without your AV notice it. The shortcut for AVs companies is to blacklist the whole domain. I believe ads blockers do the same too.
But it doesn't mean that all the links generated contain a virus or something harmful.
PrimeNumber7
copper member
Activity: 1624
Merit: 1899
Amazon Prime Member #7
Re: Check links with Virustotal. False positive results, how much they are?
December 17, 2019, 12:13:50 PM
#4
It appears that every link at the domain paste.ee is flagged as malware, see https://www.virustotal.com/gui/url/fbdb6fc14448ac7325ca602cf60270cfde7554e320bddd425c9e877e78aac292/detection

I am unsure if this is because there is a malicious cookie or something else on the website, or if it is because enough malware was uploaded to that domain that the domain was blacklisted.
rosezionjohn
sr. member
Activity: 882
Merit: 301
Re: Check links with Virustotal. False positive results, how much they are?
December 17, 2019, 09:16:48 AM
#3
Quote from: OcTradism on December 17, 2019, 08:26:04 AM
There are often false positive / negative results, I know but how about the level of false results with Virustotal? If I use it to check threats in links.
The best way is to try to get more opinion from people who regularly use the service I guess. In the case of Paste.ee, many would probably vouch that it is safe like Darkstar_ and alani123. 

I also read from this article (How To Tell If a Virus Is Actually a False Positive) that if there are only a few AV programs that says it's malicious, then it's probably a false positive.


When using VirusTotal, it is also worth checking their disclaimer: 
Quote from: https://support.virustotal.com/hc/en-us/articles/115002145529-Terms-of-Service
WE DO NOT WARRANT OR GUARANTEE THAT THE SERVICES ARE ACCURATE, RELIABLE OR CORRECT; THAT THE SERVICES WILL MEET YOUR REQUIREMENTS; THAT THE SERVICES WILL BE AVAILABLE AT ANY PARTICULAR TIME OR LOCATION, UNINTERRUPTED, ERROR-FREE, WITHOUT DEFECT OR SECURE; THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED; OR THAT THE SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
Thekool1s
legendary
Activity: 1512
Merit: 1218
Change is in your hands
Re: Check links with Virustotal. False positive results, how much they are?
December 17, 2019, 09:08:10 AM
#2
Quote from: OcTradism
I do not really understand the operations and checking algorithms of Virustotal.

Well, their website clearly explains it on their How it works [1] page.

Quote from: Virustotal
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content.

They basically scan the URL/File with Antivirus providers who they are partnered with. A false Positive in this URL's case which you linked could be, One of their providers could have detected a malicious file/code linked in the paste.ee domain and would have blacklisted the whole domain as a malicious instead of blacklisting the specific URL which resulted in this false positive. They mention this even on one of their pages [2].

Quote from: VirusTotal
False positive detections are common in the antivirus industry. They occur when a benign program is wrongfully flagged as malicious due to an overly broad detection signature or algorithm used in an antivirus product.

As for what's the rate of "False Positive" results from virustotal I couldn't find the error rate on their website nor from doing some googling. So at what rate these occur, it's a hard figure to guess.

Sources:
[1] https://support.virustotal.com/hc/en-us/articles/115002126889-How-it-works
[2] https://www.virustotal.com/gui/monitor-overview
OcTradism
hero member
Activity: 1722
Merit: 801
Re: Check links with Virustotal. False positive results, how much they are?
December 17, 2019, 08:26:04 AM
#1
That link is taken from Re: Overview of Bitcointalk Signature-Ad Campaigns [Last update: 09-Dec-2019]
The link is: https://paste.ee/p/odEQa
I see some posters discussed about false positive with Virustotal and I do not really understand the operations and checking algorithms of Virustotal.

There are often false positive / negative results, I know but how about the level of false results with Virustotal? If I use it to check threats in links.
Bitcoin Forum>Other>Beginners & Help
Jump to: