The psychological impact of false positives
Summary: False positives, or the act of marking legitimate content as being malicious, are an unfortunate but unavoidable consequence of rapid response security technologies. They are relatively rare, unseen events, that make the news only when something goes horribly wrong.
False positives, or the act of marking legitimate content as being malicious, are an unfortunate but unavoidable consequence of rapid response security technologies. They are relatively rare, unseen events, that make the news only when something goes horribly wrong. Security filters in both the real world and in the electronic world all work on pretty much the same principles. The computer security filters look for the presence of a set of "features", such as a set of binary strings or the libraries used by a given program, while real world security filters look for weapons in carry-on bags or other suspicious activities.
Both types of systems have error rates that are defined, measured, and hopefully reduced. Type I errors, or false positives, are mistakes where something is marked malicious when it is really clean, while Type II errors, or false negatives, are mistakes where malicious content is marked legitimate. Type I errors consists of legitimate mail going to your spam folder or travelers being told they can't fly due to their name being on a secret list. Type II errors consists of viruses that infect machines that are already running anti-virus and guys who smuggle shoe-bombs onto airliners.
Acceptable numbers for false positive and false negative errors depend on the relative cost of an error and when the last error occurred. As a society we tolerate relatively high false positive error rates as long as false negative errors are zero for the screening of potential terrorists, while we don't tolerate false negative errors at all for desktop anti-virus, as it would affect legitimate software.
As errors fade into memory, our risk tolerance changes. Today, we are far less tolerance of false positives in anti-virus systems, as not too many people remember the days of when the Michelangelo virus would nuke a chunk of the hard drive on a given day. American citizens are also less tolerant of false positives when it comes to finding terrorists, as the current political climate has clearly shown.
All of you are aware that Google had a brief false positive issue on Saturday morning that was rapidly remedied. Their technology is important for providing the average user with a first-line filter for removing web-borne threats. I hope that people will continue to trust it, even with their small increase in false positive rate.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Email and Type I errors
. . . and the absolutely absurd refusal to use proven security technologies like encryption and digital signatures for stuff like email.
Instead, they'd rather play around with their unproven statistical filters.
Digital signatures and encryption can [b]drastically[/b] reduce the number of ham being mislabeled as spam, if widely adopted. And the more widespread the adoption, the more bulletproof it gets.
But nooooo, they have to make sorry excuses for not doing it, they can't agree on a standard, and they can't make the ISPs adopt any new standards, so we're all screwed.
RE: The psychological impact of false positives
really, there are too many benefits. I think, in my view, the principle is
the same. People are used to "false positives", yes a certain amount of
compliance from the security control crying wolf will, for most people, make
them more complacent, as the "feeling part of the brain" might decided not
allow the "thinking" part of the brain the effort or interest.
Typo in Definitions
"Type I errors, or false positives, are mistakes where something is marked clean when it is really malicious"
"Type II errors, or false negatives, are mistakes where malicious content is marked legitimate"
In both cases, you define each type of error as malicious content marked clean/legitimate. Type I errors/false positives are mistakes where something is marked malicious when it is clean/legitimate.
Typo in Definitions - NOT
"Type I errors, or false positives, are mistakes where something is marked malicious when it is really clean, while Type II errors, or false negatives, are mistakes where malicious content is marked legitimate."
The psychological impact of ...
Psychological impact of false positives.
Nice discussion of what false positives are but
what about the psychological impact? I see no
discussion to that. What are the symptoms of
"False Positivical Disorder?" We already know
what causes it, is there anyone out there
infected? Hmmmm...Are we going to be falsely diagnosed?
RE: The psychological impact of false positives
of the article. There is no discussion of
"psychological impact" here, and the fp discussion is
confused:
"Today, we are far less tolerance of false positives
in anti-virus systems, as not too many people remember
the days of when the Michelangelo virus would nuke a
chunk of the hard drive on a given day."
No, if users remember days of their hd being
destroyed, they would be far less tolerant of false
negatives, because they wouldn't want a virus to be
missed.
Also, "while we don?t tolerate false negative errors
at all for desktop anti-virus, as it would affect
legitimate software."
No, we don't tolerate false positives, because we
don't want AV software detecting our legitimate
software as malicious.
Some good ideas in the article, just seems to be
written in haste.
RE: The psychological impact of false positives
<a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>