Unfortunately cases of false positives, no matter how rare, cannot be fully eliminated by anti-virus vendors. In spite of Kaspersky Lab’s attempts to improve its internal system of product testing and to achieve lower percent of false positives from the number of released anti-virus databases, still false positives cannot be avoided all together. The main reason of false positives is quick growth of new malicious programs in the network, whose numbers nowadays are measured in millions.
In 2007 Kaspersky Lab detected on the Internet more than two million new malicious programs and it is not the limit. According to the latest forecasts, in 2008 about 20 000 000 new malicious programs will appear in the world – i.e. 10 times more compared with the previous year.
The number of false positives proportionally increases with the rapidly growing rate of malware. Though the general percentage of false positives from the number of new signatures is constantly decreasing, unfortunately it is much more difficult to fully eliminate false positives.
This is the price for the reliability of user’s protection and for the speed of malware detection. At present Kaspersky Lab provides the quickest reaction to new threats, providing its customers with hourly releases of anti-virus databases (threat signatures) - and Kaspersky Lab is not going to give up this practice.
Alternative method used by some anti-virus vendors is delayed reaction to new threats. This practice seems dubious as in this case customers receive necessary updates after malware may have penetrated the computer and caused harm (for example, has stolen data of the bank account, credit cards, etc.). Thus anti-virus companies have to find an ephemeral balance between protection reliability and full absence of false positives.