Are NIS detection flags accurate?

Hello, this is my first post here.

 

What I want to ask applies to any AV product, but since NIS is what I am using, I'll focus on this one.

 

There are files that when NIS scans them, it flags them as Trojan Horses. However, I have reasons to believe that they may not actually be such, because:

 

1) Executing them in a sandboxed environment (for example, using sandboxie), does not produce any malicious content, no files are copied/deleted, no weird applications start, nothing to be alarmed about.

2) I am getting the feeling from various occurencies that NIS may flag a [i]possibly[/i] malicious file as "Trojan Horse", even though it may not be a trojan horse (a remote access tool), but [i]could[/i] be, say, a security assesment tool, or a protection bypass program, both of which do not belong in the category of a trojan horse.

 

So, when NIS detects a suspicious file, and the infection is "Trojan Horse", would it be possible that it is NOT in fact a trojan horse but some different kind of infection, some greyware, or even not malicious at all? I mean if NIS researchers flag a byte sequence as part of a trojan horse, that means that in their labs, that kind of code acted as a RAT of some sort. So it makes sense that they are not going to use this flag for files that match other greyware (assuming the byte sequence in question is not attached to the file). However this is what I feel is happening and I would like some clarification.

 

Besides, this kind of flagging would give rise and do justice to all those people claiming that AVs falsely flag their software as malicious, when they are not (false positive), and this is frustrating for everyone.

 

Could NIS flag a suspicious file as trojan horse, when it's not a trojan horse (as in researchers hastily throwing all possibly malicious files into certain pre-determined categories, without testing their actions)? Or does it mean that when a flagged Trojan horse is detected, it acted as a RAT in NIS labs?

Message Edited by Digital on 12-27-2009 04:59 AM