back to article VirusTotal slips on biz suit, says Google's daddy will help the search for nasties

Alphabet-owned malware aggregator website VirusTotal has given itself an enterprise-focused makeover. The firm said the reboot "takes advantage of Alphabet's "increased scalability of data collection, processing, and search" to help threat intel teams work faster. Front and centre of the upgrade is the introduction of Private …

  1. lansalot

    so..

    Why don't all browsers run the checksum for whatever they just downloaded past VT before committing the save? Aware you can get various extensions and such, but even so.. it seems like such a minor thing to add.

    1. Lee D Silver badge

      Re: so..

      Because licensing VT for such use would likely be very expensive.

      It's not about "can you", it's about "how much does it cost".

      How much did you pay for your browser? How much would you be willing to pay "per download" that you use it to do?

      Precisely.

      1. lansalot

        Re: so..

        So you're saying Google would be unable to make this particular use case free?

        Interesting technical viewpoint...

    2. sloshnmosh

      Re: so..

      "Why don't all browsers run the checksum for whatever they just downloaded past VT before committing the save? Aware you can get various extensions and such, but even so.. it seems like such a minor thing to add."

      Probably because this would be a huge privacy concern.

      With an extension, the user would be notified of the privacy risks involved and would be opting-in to the T's and C's and also digitally signing that they had (could have) read the privacy policy.

      There are several websites where you can upload a hash and it will show you what the hash correlates to in it's database.

      These antivirus companies can positively identify what a user is downloading by the SHA/MD5 sums and share what it is the user just downloaded (along with the users IP address and browser fingerprint) and passes this info along to it's affiliates (IE: Facebook, Experian etc.)

      Starting to understand the privacy risks now?

      Same thing goes for Google's Safe Browsing and others that collect the users web browsing history.

      Google has partnered with ESET in it's Chrome browser for another example.

      ESET is a cloud based antivirus/security company from a foreign country that isn't held to the same laws as the US or UK.

      (Just like almost all the AV engines on Virus Total)

      This is much more of a cocern.

      1. Anonymous Coward
        Anonymous Coward

        Privacy risks? Re: so..

        "ESET is a cloud based antivirus/security company from a foreign country that isn't held to the same laws as the US or UK."

        I've just done a quick search and it seems that ESET is based in Slovakia, which is part of the EU.

        I think it's reasonable to assume that the laws ESET has to obey regarding storing data about people are pretty much the same as those in the UK, what with GDPR applying to all EU member states.

      2. Anonymous Coward
        Anonymous Coward

        Re: so..

        Kaspersky starts with a K

        Eset starts with an E

        The former is Russian.

        The latter is based in the EU and covered by GDPR and will likely respect it more than the former.

    3. Version 1.0 Silver badge

      Re: so..

      If they did that then the virus writers would be able to check their code without uploading it to VT ... and thus giving the game away.

      1. anthonyhegedus Silver badge

        Re: so..

        But the virus writers can check their code on VT anyway. So it's no more or less risky that having the browser do it automatically.

        1. Anonymous Coward
          Anonymous Coward

          Re: so..

          If you assume only malware is checked.

          If all files are checked there is a privacy issue....think of file hashes as meta data on steorids.

  2. Anonymous Coward
    Anonymous Coward

    owned by google

    I just lost faith in Virus Total. Since google is one of the most compliant to the US government companies.

    Hacking tools of the NSA, CIA, FBI, MI6/8 (others?) (which are used by private criminals too) must be white listed. Making the site a puppet ground and only useful to criminals to test their malware on.

    1. GnuTzu Bronze badge
      Childcatcher

      Re: owned by google -- Public Collaboration

      One thing I like about VirusTotal is that what it aggregates it publicly cites. What I fear is that these public citations will go away. There are others that do this, but not enough. I don't want the public collaboration to go away, turning all the security services into black boxes. That doesn't mean there should be no black boxes. I just think that public collaboration and education is too important to have InfoSec become only black boxes--driven by secretive minions keeping what is crucial knowledge from the public.

    2. Version 1.0 Silver badge

      Re: owned by google

      Virus Total performs a service, and like most things it can be abused but that doesn't mean that it's not useful for lots of people - you really think that Google is any different from any other company? They are all in the business of selling your data.

      Privacy isn't dead - it was never alive, we just thought it was.

      1. Cavehomme_ Bronze badge

        Re: owned by google

        Privacy started to be eroded with the advent of Google. Other companies then jumped onto that bandwagon.

    3. robidy

      Re: owned by google

      Think it through...virus total uses AV packages to scan files.

      It includes Russian, Chinese, American and European vendors amongst others.

      Are you suggesting Google have hacked into all these vendor's packages?

      Are you suggesting no one ever double checks the results?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019