Users should be careful with any application–antivirus or spyware, as to the possibility of false positives.

In spyware, it is likely to be more common, since the sheer volume of new spyware coming out and the complexity of dealing with all the various pieces. For example, since many programs are written using various off-the-shelf commercial tools, a nasty keylogger could actually use a component that is completely legitimate and used by other programs (such as a DLL to uncompress graphic files, or a standard help file). An antispyware application might get confused and think that this component is part of the keylogger. Good antispyware programs will have safeguards in place but they are not guarantees.

Good practice with any program that’s going to remove something is to a) quarantine it and set a system restore point so that you can get it back if it was a wrong file and b) look at the files being removed to insure they are valid (sometimes very difficult to figure out but at least give it a shot).

We try very hard to minimize this type of thing from occurring but there is always the chance. Telling the developer can help. I know at Sunbelt, the minute we find out about a false positive, we take rapid action to fix it, and generally have an update out within 24 hours after finding it.

Note that there are some unscrupulous companies out there that use false positives to lure people into buying their product. If you find a developer who doesn’t seem to care about false positives, find another product fast.

Alex