VirusTotal wants YOU (but not you) to join its epic AV whitelist Google-owned VirusTotal wants large software houses to send in their software catalogues so it can build what could well end up being one of the world's biggest anti-virus whitelists. The whitelist would clarify to users that software being checked for cleanliness came from a recognised developer, and warn vendors and anti- …
I don't know exactly how AV signatures are generated, but if there's any way to force collisions (like with md5), this could be a very bad idea. I'm sure plenty of people would love to have their malware whitelisted because it's identified as a core Windows component.
"I'm sure plenty of people would love to have their malware whitelisted because it's identified as a core Windows component."
You don't have to. As the article says, with heuristic flags being generated hand over fist, I'm seeing a greater number of false positives than ever before.
Not to mention the worsening flags on crack and key gen software. By default, things look so bad that you'll need to check yourself for odd rashes.
I don't know exactly how AV signatures are generated...
Whitelisting actually uses a different approach than typical AV products. Similar in approach to a firewall, the default in using a whitelist is to block execution unless specifically allowed. Traditional AV products assume the process should run unless it shows up as known malware, typically through comparison with a signature (blacklists), or as the result of some sort of heuristic analysis.
Done properly, a corporate admin might use the list curated by VirusTotal as a starting point, and then de-list those apps that are not desirable for whatever reason (licensing, appropriateness to the work environment, etc.).
But most exploits in modern software come from those 'trusted' bits that are being white-listed... Why not have it set up to only have libraries and other bits of code on there that haven't been proved exploitable. I'm sure there are several compiled versions of OpenSSL on that whitelist that have vulnerabilities, especially since there are over 6000 Microsoft-built binaries on that list, one of em has to be vulnerable.
Just because it isn't a virus, doesn't mean it won't bite you in the ass...
This isn't a "not vulnerable" list. It's a list of "known, trusted source" files. It's aim is to avoid false positives when trying to spot files that should not be there, not to identify those that are allowed to be there but are vulnerable to some kind of attack - that would be another kind of list (or an attribute of files in such a list).
How can people not be aware if McAfee Security Scanm is on their computers? The blasted thing runs automatically on a regular basis (weekly, IIRC?) and warns users that their computer is insecure if it doesn't have some other McAfee crap installed. Quite hard not to notice, really.
This list sounds similar to the ones that Chrome use when you download an installer. A list that is a serious PITA at times. I'll often talk to a client over the phone to get them to install something like TeamViewer - only to have Chrome tell them that the installer can't be trusted.
So if they can't even keep a list up to date for big name companies, I worry for the smaller developers. Those companies who will not be able to afford constantly getting their software on the white lists. We all know there will be a fee for this service... and it will become a massive headache for devs as they find PCs become a closed shop unless you pay the fee for entry.
And what is a legitimate application for the list? How will the handle all these SnakeOil registry cleaners? SpeedUpMyPC applications? "Watch Free Sport" toolbars? These types of programs can be argued to be "legit" but have evil Ts and Cs and take over computers. In many cases they do worse damage than an actual virus, but so many of the BigBrand anti-virus products leave these scumware applications in place.
This just sounds a bonkers system for me which will only benefit those software companies with wedges of cash.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
