So tell me... do known virus vectors like JRE or Flash get to be on the whitelist? At least one of them also has the joy of trying to foist crap onto you as part of the standard installer.
VirusTotal wants YOU (but not you) to join its epic AV whitelist
Google-owned VirusTotal wants large software houses to send in their software catalogues so it can build what could well end up being one of the world's biggest anti-virus whitelists. The whitelist would clarify to users that software being checked for cleanliness came from a recognised developer, and warn vendors and anti- …
COMMENTS
-
Thursday 12th February 2015 03:10 GMT Kanhef
Possibly shortsighted
I don't know exactly how AV signatures are generated, but if there's any way to force collisions (like with md5), this could be a very bad idea. I'm sure plenty of people would love to have their malware whitelisted because it's identified as a core Windows component.
-
Thursday 12th February 2015 03:39 GMT John Tserkezis
Re: Possibly shortsighted
"I'm sure plenty of people would love to have their malware whitelisted because it's identified as a core Windows component."
You don't have to. As the article says, with heuristic flags being generated hand over fist, I'm seeing a greater number of false positives than ever before.
Not to mention the worsening flags on crack and key gen software. By default, things look so bad that you'll need to check yourself for odd rashes.
-
Friday 13th February 2015 01:23 GMT Robert Helpmann??
Re: Possibly shortsighted
I don't know exactly how AV signatures are generated...
Whitelisting actually uses a different approach than typical AV products. Similar in approach to a firewall, the default in using a whitelist is to block execution unless specifically allowed. Traditional AV products assume the process should run unless it shows up as known malware, typically through comparison with a signature (blacklists), or as the result of some sort of heuristic analysis.
Done properly, a corporate admin might use the list curated by VirusTotal as a starting point, and then de-list those apps that are not desirable for whatever reason (licensing, appropriateness to the work environment, etc.).
-
-
Thursday 12th February 2015 03:36 GMT Crazy Operations Guy
But most exploits in modern software come from those 'trusted' bits that are being white-listed... Why not have it set up to only have libraries and other bits of code on there that haven't been proved exploitable. I'm sure there are several compiled versions of OpenSSL on that whitelist that have vulnerabilities, especially since there are over 6000 Microsoft-built binaries on that list, one of em has to be vulnerable.
Just because it isn't a virus, doesn't mean it won't bite you in the ass...
-
Thursday 12th February 2015 07:52 GMT Anonymous Coward
This isn't a "not vulnerable" list. It's a list of "known, trusted source" files. It's aim is to avoid false positives when trying to spot files that should not be there, not to identify those that are allowed to be there but are vulnerable to some kind of attack - that would be another kind of list (or an attribute of files in such a list).
-
-
-
-
Thursday 12th February 2015 13:26 GMT VinceH
Re: Are Chrome and Google Toolbar in the list?
How can people not be aware if McAfee Security Sca
nm is on their computers? The blasted thing runs automatically on a regular basis (weekly, IIRC?) and warns users that their computer is insecure if it doesn't have some other McAfee crap installed. Quite hard not to notice, really.
-
-
-
Thursday 12th February 2015 11:35 GMT Mark Allen
It is just another list to frustrate the average user
This list sounds similar to the ones that Chrome use when you download an installer. A list that is a serious PITA at times. I'll often talk to a client over the phone to get them to install something like TeamViewer - only to have Chrome tell them that the installer can't be trusted.
So if they can't even keep a list up to date for big name companies, I worry for the smaller developers. Those companies who will not be able to afford constantly getting their software on the white lists. We all know there will be a fee for this service... and it will become a massive headache for devs as they find PCs become a closed shop unless you pay the fee for entry.
And what is a legitimate application for the list? How will the handle all these SnakeOil registry cleaners? SpeedUpMyPC applications? "Watch Free Sport" toolbars? These types of programs can be argued to be "legit" but have evil Ts and Cs and take over computers. In many cases they do worse damage than an actual virus, but so many of the BigBrand anti-virus products leave these scumware applications in place.
This just sounds a bonkers system for me which will only benefit those software companies with wedges of cash.