Detection tools are expected to identify all executables on a system that have been infected by a virus. This task is complicated by the release of new viruses and the continuing invention of new infection techniques. As a result, the detection process can result in errors of two types: false positives and false negatives.
When a detection tool identifies an uninfected executable as host to a virus, this is known as a false positive (this is also known as a Type I error.) In such cases, a user will waste time and effort in unnecessary cleanup procedures. A user may replace the executable with the original only to find that the executable continues to be identified as infected. This will confuse the user and result in a loss of confidence in either the detection procedures or the tool vendor. If a user attempts to ``disinfect'' the executable, the removal program may abort without changing the executable or will irreparably damage the program by removing useful code. Either scenario results once more in confusion for the user and lost confidence.
When a detection tool examines an infected executable and incorrectly proclaims it to be free of viruses, this is known as a false negative, or Type II error. The detection tool has failed to alert the user to the problem. This kind of error leads to a false sense of security for the user and potential disaster.