Virus Alerts for legitimate applications

Modern anti-virus programs can detect a wide range of potentially dangerous programs. This normally goes far beyond traditional viruses and worms and often includes heuristic alerts, which basically means that you can get alerts when an anti-virus program "thinks it could be ..."

In many cases, users download a keylogger, password cracker, remote access software, PC monitoring software or similar applications, not realizing that these programs could actually be considered a Trojan by your anti-virus software.

These programs are usually detected because they could violate your privacy if they were installed without your knowledge!

If anti-virus software didn't warn you, anybody could trick you into installing such software, or install it on your computer without your consent.

These warnings should be expected for software that:
  • logs or captures keystrokes
  • monitors user activity
  • allows you to recover passwords, registration codes or other personal data
  • monitors or logs Internet or network activity (sniffers)
  • allows you to access or control your PC remotely
  • acts as a server (FTP server, mail server etc.)
  • scans a network for available machines and ports

The reason why anti-virus programs will warn you (or even block the installation) is because the software doesn't know if the software is being installed with your consent and/or if you are aware of the potential security risk.
Here is an example: You want to recover all the passwords that are stored in your browser and migrate them to a secure database. You download a password recovery tool and your anti-virus program warns you of a "Trojan" or some other malicious threat and blocks the software from running.
If this is a legit password recovery tool, why is it blocked? Here's why: Let's say you went out and have a dog sitter/babysitter and he/she sees that your computer is running and decides to get a hold of all your logins and passwords by using the same password recovery software. In this case, you would definitely want your antivirus software to block the password recovery tool. Same legit software, but used under different circumstances. Unfortunately it's impossible for your antivirus protection to determine the reason for installing the potential threat, so it will always take action if a software matches certain characteristics.

In addition, many anti-virus programs will warn you about "hook" related dangers. A "hook" is a way for an application to capture keyboard input. This is often used for hotkeys (press some keyboard keys to start the app, or make it do something) and a common programming technique. Unfortunately the same type of technique is used by many keyloggers - they use the "hook" method to capture your keystrokes, instead of keyboard commands.

If you downloaded the software from us, you can be sure that we verify all products and test them before we include them in our catalog, and we have never had a single incident of a "real" virus or trojan since 1997. So if you run into any "hook" related warnings, it is very likely to be a regular feature of the software that is misinterpreted by your anti-virus software. You may want to check with the anti-virus vendor or the software author if you have concerns.

If you want to read some more about how false positive detections by anti-virus companies can give small developers a big headache: Read Nir's Blog for some insight.

Before you panic, get a second opinion to make sure it's not a false positive. You can use free online scans, they are available from several commercial anti-virus vendors and allow you to upload and scan a file online.



Recommended: VirusTotal - Scan a file with 40+ antivirus products...