Google safe browsing is using a poor quality engine or fault algorithm and is false flagging sites as containing malware and false flagging download files as containing m… (tuilleadh eolais)
Google safe browsing is using a poor quality engine or fault algorithm and is false flagging sites as containing malware and false flagging download files as containing malware/viruses.
Here is one example:
Google flagged AutoHotkey_104805.zip as containing malware or a virus.
Analysis of AutoHotkey_104805.zip in June of 2018 by virustotal.com (https://www.virustotal.com/ro/file/c8bf1c3dc4622559963b6626316ba1d083bb8a8af605f78382e371e5294d435a/analysis/) shows that out of 59 engines used to test the file only Cylance detected a problem with the file. Cylance is not a top rated engine and that detection is almost certain to be a false positive.
The follow engines passed AutoHotkey_1.1.28.00.zip as CLEAN:
Ad-Aware, AegisLab, AhnLab-V3, Alibaba, ALYac, Arcabit, Avast, Avast Mobile, AVG, Avira, AVware, Babable, Baidu, BitDefender, Bkav, CAT-QuickHeal, ClamAV, CMC, Comodo, DrWeb, Emsisoft, ESET-NOD32, F-Prot, Fortinet, GData, Ikarus, Sophos ML, Jiangmin, K7AntiVirus, K7GW, Kaspersky, Kingsoft, Malwarebytes, MAX, McAfee, McAfee-GW-Edition, Microsoft, eScan, NANO-Antivirus, Panda, Qihoo-360, Rising, SUPERAntiSpyware, Symantec, TACHYON, Tencent, TheHacker, TotalDefense, TrendMicro, TrendMicro-HouseCall, VBA32, VIPRE, ViRobot, Webroot, Yandex, Zoner
NOTE: 9 of the these engines are in the top 10 anitvirus/malware engines (UNDERLINED). All reported that AutHotkey_1.1.28.00.zip is CLEAN. F-Secure was not run on this file.
Google safe browsing claims that this file is INFECTED.
Similar analysis of multiple other Google Safe Browsing "infected" files from this site show similar CLEAN results when tested by virustotal.com.
Mozilla should report this issue to Google and demand that Google employ only quality engines to screen files. Google should employ better quality algorithms to prevent false flagging of files and web sties.
If Firefox is going to block web access to sites and to downloads based upon bad data from Google, then I am going to be forced to switch to another browser.
Mozilla. Stand up, take action, and provide the quality service you have provided IN THE PAST.
THERE IS A SECOND MAJOR ISSUE.
Once a download file is flagged as containing malware there is a bug in Firefox. The only options offered by Firefox are "REMOVE FILE" or "OPEN". "OPEN" should not be an option at this point. The options should be "DOWNLOAD ANYWAY" or "REMOVE FILE". With the current options and an .exe file (if downloaded) will be immediately executed resulting in infection if the file is tainted. With my suggested options, If a user chooses to "DOWNLOAD ANYWAY" then Firefox should remind the user the file may be infected and should recommend that the file be scanned by the user's antivirus/malware software before opening.