Very pretty – but too many false positives

  • I’ve been testing this plugin on a number of compromised and not compromised accounts.

    The good.
    Bonus points for initial ease of use and graphical interface. This is quite possibly the tidiest looking security plugin I’ve ever seen.

    The not so good.
    Legitimate coding within WordPress core and coding within many well-regarded plugins and themes is marked in bold red colored text, with phrases like, “Server malware detected. Might be a malicious or hacker’s scripts” or “Danger! Malicious or suspicious files have been detected on the website”.

    A fresh installation of WordPress with stock plugins, themes and a few well-known plugins installed from the WordPress repository return the warning, “Danger! Malicious or suspicious files have been detected on the website.”

    An example:
    The readme.txt file of a well know security plugin with over 2 million active installs is marked as “Server malware detected. Might be a malicious or hacker’s scripts.”

    Obvious false positives like the one above are immediately followed by the phrase:
    “Most likely the website has been compromised. Please, contact security experts or experienced webmaster immediately to clean up the website from malware” and then,
    “Feel free to contact us, and for a reasonable fee we will be glad to help you!”

    Conclusion.
    A person who is not familiar with basic security terminology or able to read basic PHP coding may find the results of the scans run by the Security Antivirus Scanner – CWIS troubling, to say the least.

    • This topic was modified 7 years, 2 months ago by hackrepair.
Viewing 1 replies (of 1 total)

  • Dear hackrepair,
    Thank you for your review.

    The main advantage of our plugin and what sets us apart from our competitors is that, apart from using a known, constantly updated signature list, we apply a heuristic algorithm. But this is also our weak spot. When we apply the heuristic algorithm you get false positives and trying to get rid of all of them is something we are working on. We are constantly updating our white list.

    In case of marking other scanners as malware – the scanner detects their signature list and marks it as a malware.


    Kind regards,
    CobWeb Security Ltd.

Viewing 1 replies (of 1 total)
  • The topic ‘Very pretty – but too many false positives’ is closed to new replies.