Citing VirusTotal is therefore like citing wikipedia.Īdditionally, once a file is submitted, control is lost over that data. Without this type of information, using VirusTotal purely as the research project that it should be, is rather useless as a research project. However, it would be nice to minimally know which options the anti-virus engines are being run with, such as what heuristic levels are being used. It’s probably not a good idea for the VirusTotal team to detail the environment that they run the anti-virus engines in, because the malware authors would quickly adapt to make VirusTotal useless to Hispasec’s intended use of the project. VirusTotal should clearly provide these warnings up front and reign in their VT Community project. Assurances from members of VirusTotal’s “community of trust” can actually do the reverse of providing warnings, by offering false assurances. VirusTotal’s file scanning is being offered with no service level agreement, scanning is not being performed in a typical environment, cached/old results are often being displayed, your submission will be stored indefinitely and may be shared with third parties, and results that do not indicate the presence of malware do not indicate the absence of malware. VirusTotal needs to explain exactly what they’re providing and how it might be used, on the front page, or with the results that they provide. Since I’ve had to explain to VirusTotal users the problems with trusting VirusTotal’s results, I know that users aren’t always reading the VirusTotal TOS and FAQs. VirusTotal should always reanalyze the file with the current anti-virus definitions and optionally offer historic results to those interested in them. Virustotal uploader windows 7 software#Many VirusTotal users will now be lead to believe that the software is clean, because the users will be presented with cached results when they scan the file themselves, using VirusTotal. However, if none of the anti-virus engines identify the software as malware, the author not only knows that they have a great 0-day to release, but also that they have just stored cached results on VirusTotal indicating that the file is clean. This is risky for the malware author, because VirusTotal indicates that if just one anti-virus engine identifies the software as malware, that a sample of the software will be sent to the other anti-virus engine vendors that didn’t identify it as malware. I only have anecdotal evidence of this, but I suspect that a large number of malware authors are using VirusTotal to scan their own software. I have a few concerns with how the front-end service is being used and how it is being provided. On the back end, VirusTotal is actually a project of Hispasec Sistemas that relies on the public contribution of new files to provide samples to anti-virus companies for analysis. Although many users of VirusTotal are relying on the front-end service to identify whether a file is identified as malware by any of the large number of anti-virus engines, the service is more like Facebook and Google where the regular users are the ones actually providing the service. If you don’t know what VirusTotal is yet, it’s a “Free Online Virus Malware (and URL) scanner”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |