Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Releases VirusTotal Uploader For OS X

samzenpus posted about 2 months ago | from the check-it-out dept.

Google 37

An anonymous reader writes "Google today announced the release of VirusTotal Uploader for OS X, allowing Mac users to upload suspicious files for scanning. You can download it now directly for OS X 10.8 and 10.9 from VirusTotal. For those who don't know, VirusTotal Uploader for Windows is a popular tool for submitting suspicious files to the online scanning service. The process is as simple as right-clicking any file and selecting the relevant option from the context menu."

cancel ×

37 comments

Macs don't virus, yo! (0, Informative)

Anonymous Coward | about 2 months ago | (#47093523)

If your mac viruses, you're being hand-held by Apple wrong. And it's your fault.

Yet another front on Mac Security (2)

jaeztheangel (2644535) | about 2 months ago | (#47093539)

This will throw up so many false positives for Mac users...

Multi-scanner (3, Informative)

DigiShaman (671371) | about 2 months ago | (#47093541)

Basically, you use VirusTotal when you're unsure of a potential infection or outbreak. This site is basically a giant filter that runs the file against multiple engines and provides a score. I've seen a new outbreak where my AV didn't catch it, but 1/4th of the scanners at VirusTotal did. It was obviously so new that not all of the AV vendors had time to catch up yet within the 12 hour window or less. It happens; quite common in fact.

Re:Multi-scanner (1)

TubeSteak (669689) | about 2 months ago | (#47094065)

I've seen a new outbreak where my AV didn't catch it, but 1/4th of the scanners at VirusTotal did.

I've also seen 1/4th of the scanners at VirusTotal claim known good binaries = generic malware because of the packer used to build the exe.

Re:Multi-scanner (0)

Anonymous Coward | about 2 months ago | (#47096391)

I used to see virus scanners set off all the time with UPX. Such a basic detection is, thankfully, becoming rare. And now executable compression is now rare (or at least in my experience). Seems to be a combination of a problem with 64-bit processors and disk space is not as big of an issue as it used to be.

Re:Multi-scanner (0)

Anonymous Coward | about 2 months ago | (#47097621)

I've also noticed that VT added a few questionable scanning engines to their repertoire. One called Rising Antivirus is an obscure Chinese AV vendor that flags tons of benign software as generic trojans. Another one that behaves the same way and is just as questionable is a two-bit Vietnamese scanning engine called CMC Antivirus. It has the same problem of flagging perfectly fine software as generic malware.
 
I have submitted false positive reports to both of these companies and VT but they have not removed any of the false positives.
 
There needs to be some level of competence to be allowed to scan files for virustotal, but there is not.

Re:Multi-scanner (1)

Anubis IV (1279820) | about 2 months ago | (#47094881)

Neat idea, and thanks for explaining it to those of us who didn't know what it did, but it doesn't seem particularly useful in this case. And I'm not just saying that because Macs have been by-and-large (though obviously not completely) free of malware in everyday use. I say that because normal users, who are the sort that are likely to be afflicted with an infection, will never hear about it, while the sorts of users who do hear about it (i.e. folks like us) already engage in best practices and will essentially never get infected unless they set out to do so.

Aside from trojans aimed at people who think that a browser pop-up window is an authoritative source for learning of a malware infection on their machine, I can't recall any other malware in the wild for OS X in the last 5 years that was significant enough to warrant a mention in the Mac news/rumors circuit (though, I will point out that OS X has had both viruses and worms targeted at it in the past, contrary to what many of my fellow Apple users might claim). With Apple being pretty good at rapidly updating the built-in malware definitions in response to any new sightings, even the people who think pop-ups know everything don't have much to worry about.

what a name! (3, Funny)

Jeremy Erwin (2054) | about 2 months ago | (#47093545)

Virus Total Uploader sounds like a malware development kit. The Headline had me thinking of Google taking the IOS-Android war to new levels of barbarity.

Re:what a name! (0)

Anonymous Coward | about 2 months ago | (#47093669)

I also was wondering what it was from the title alone.

Re:what a name! (2)

munch117 (214551) | about 2 months ago | (#47094287)

It is a malware development kit, you know. Or rather, part of one. The bad guys use tools like this to create virus-scanner-proof malware.

1. Create 1000 random variations of your malware.
2. Select a variation that's given a clean sheet by Virus Total. If there isn't any, just create more variations.
3. ?? (*)
4. Profit.

(*) Release the malware into the wild.

Re:what a name! (0)

Anonymous Coward | about 2 months ago | (#47096085)

Creating 1000 versions is kind of pointless - you will get the first one by almost all the scanners.

Re:what a name! (1)

Hypotensive (2836435) | about 2 months ago | (#47106421)

Indeed. "This is a virus that totally uploads all your stuff to Google."

Yeah! (-1)

Anonymous Coward | about 2 months ago | (#47093583)

Does it clean the file and save a copy of the file to same directory with "-cleaned" -suffix?

Otherwise NO USE!

IMPOSSIBLE (-1, Troll)

Billly Gates (198444) | about 2 months ago | (#47093615)

We all know Macs can't get viruses. Just ask any mac genius? It is really nice to run everything as root without those annoying prompts and as a plus I can run simplified PHP 4 code with taking user input directly into SQL with MySQL 3.52 with no password and be perfectly secure!

Re:IMPOSSIBLE (2)

BitZtream (692029) | about 2 months ago | (#47093919)

...

What mac user runs as root? OSX never has by default allowed root to login, and Classic Mac OS didn't really have a concept of users. It most certainly does require you to provide your password to do administrative tasks just like SUDO. To access a root shell you must tweak some preferences so you can login as root directly or sudo bash to get a root shell.

OSX doesn't come with MySQL, so if you installed it with no password, thats because you're a moron like your other posts imply. My machine shows postgresql listening and 2 other ports. PostgreSQL I installed the other 2 are CUPS and Xsan management ports, neither are on by default. So what exactly you're trying to refer too is beyond me.

PHP shows version 5.4.24, but Apache isn't running by default. If you're playing with scripting languages and do stupid shit like using user input in ad-hoc SQL statements, again, thats your problem.

Do you ever post anything that doesn't look retarded? You're not even trolling, you're just that stupid.

Re:IMPOSSIBLE (2)

angel'o'sphere (80593) | about 2 months ago | (#47093983)

Contenance my friend, contenance! Look at his name ;)

Re:IMPOSSIBLE (0)

Anonymous Coward | about 2 months ago | (#47094343)

The sense of sarcasm never evades.

Re:IMPOSSIBLE (1)

exomondo (1725132) | about 2 months ago | (#47095603)

You're not even trolling

Your powers of deduction are mindblowing! ... your sarcasm detector is clearly overloaded though, perhaps for people like you he should include a sarcasm disclaimer at the bottom next time. I know the mac fanboys are a rabid bunch but come on, are you really suggesting that isn't sarcastic? Really?

Easy to use, just upload your files! (2, Interesting)

Anonymous Coward | about 2 months ago | (#47093625)

Just right click and send all your personal files to Google. They'll keep them safe and scan them for viruses.

Big Brother doesn't have to work hard when we so willingly hand over anything and everything.

Re:Easy to use, just upload your files! (2)

ledow (319597) | about 2 months ago | (#47093795)

Nobody's making you do it.

And with Virustotal, you're free to calculate the hash yourself and go look up the URL it goes to (in fact, VirusTotal clients do this - generate a hash, lookup the hash, and only upload if it doesn't already exist).

And why would you be uploading personal files to check for viruses? Surely your personal files are the ones you KNOW are clean? It's the random crap you download and are sent that you have to scan.

Re:Easy to use, just upload your files! (0)

Anonymous Coward | about 2 months ago | (#47093981)

The "personal file" could be something someone sent me that should remain confidential.
If I test it using VirusTotal, then I'm sending a confidential file to a third party.
If I don't, then maybe opening it will install spyware through a Microsoft Office bug.

Re:Easy to use, just upload your files! (0)

Anonymous Coward | about 2 months ago | (#47094545)

If I don't, then maybe opening it will install spyware through a Microsoft Office bug.

Simple solution: Don't run Microsoft Office, you twit.

Re:Easy to use, just upload your files! (3)

ledow (319597) | about 2 months ago | (#47094617)

Here's a hint then: Don't upload confidential files.

Why does your stupidity of an unrealistic use case (uploading a file you don't want to share to an untrusted third party) render the service untenable?

Fact is, I use VirusTotal a lot of deal with confidential information all the time. I use it to reassure myself that the things I'm handling aren't going to affect the confidential data or the programs that handle it.

Personally, I think every PDF->Word or Word->PDF service is infinitely more dangerous as a source of uploaded confidential information that could be retained.

And, as pointed out, you DO NOT have to use the service, DO NOT have to upload the file at all, and DO NOT have to use this client...

Re:Easy to use, just upload your files! (0)

Anonymous Coward | about 2 months ago | (#47095127)

You should not praise software that has pitfalls even if you're personally smart enough to avoid the pitfalls. If this thing gets glowing reviews, then it's only a matter of time before your identity gets stolen because some dumb employee "right clicked" on a file containing SSNs to "check for viruses".

Re:Easy to use, just upload your files! (2)

Crash Culligan (227354) | about 2 months ago | (#47094021)

And why would you be uploading personal files to check for viruses? Surely your personal files are the ones you KNOW are clean? It's the random crap you download and are sent that you have to scan.

Because doing so helps strengthen all anti-virus software which VirusTotal uses. The mistake is thinking of VirusTotal as just a big ol' multi-scanner, when under the hood it's a clearinghouse of virus and malware information for the participating vendors of detection and remedy software.

If they get a file that only triggers 17/51 of the scanners, then the other 34 will want to know why they didn't catch it, and research it, and improve their own products in response. So uploading files to them is a way of supporting their efforts.

Re:Easy to use, just upload your files! (1)

Plumpaquatsch (2701653) | about 2 months ago | (#47102421)

Nobody's making you do it.

And with Virustotal, you're free to calculate the hash yourself and go look up the URL it goes to (in fact, VirusTotal clients do this - generate a hash, lookup the hash, and only upload if it doesn't already exist).

And why would you be uploading personal files to check for viruses? Surely your personal files are the ones you KNOW are clean? It's the random crap you download and are sent that you have to scan.

So what you are saying is that the only time you ever have to actually upload something - it's a file unique to you. Which is totally not a personal thing.

Re:Easy to use, just upload your files! (1)

smash (1351) | about 2 months ago | (#47110103)

Nobody's making ME do it, but if i send any of the content i generate to others, there's nothing stopping them uploading my content, is there?

Re:Easy to use, just upload your files! (0)

Anonymous Coward | about 2 months ago | (#47097625)

If you are in the information security industry, virustotal will sell you an API key for 500 euros a month that lets you download some number of the uploaded files that they get. For another very large price per month, you can get all the files that they get.

Use the hash search (1)

Anonymous Coward | about 2 months ago | (#47093667)

There's no need to upload files to Virustotal most of the time. Just calculate the MD5 or SHA-1 hash (or whatever else is supported) for the file, and search [virustotal.com] for it on Virustotal. More often than not someone else has already uploaded the exact same file very recently.

Then again, I guess for some users uploading might actually be easier.

Fake? (0)

Anonymous Coward | about 2 months ago | (#47094103)

What has this company got to do with Google? This smells like a fake set of blogs misusing Google's name, hoping to get this into the echo chamber.

Re:Fake? (1)

exomondo (1725132) | about 2 months ago | (#47095631)

What has this company got to do with Google? This smells like a fake set of blogs misusing Google's name, hoping to get this into the echo chamber.

From TFA:
Google acquired VirusTotal back in September 2012, promising VirusTotal will continue to operate independently.
http://thenextweb.com/google/2014/05/26/google-releases-virustotal-uploader-os-x-hopes-malware-submissions-will-beef-mac-security/ [thenextweb.com]

Here's the code (2)

GrahamCox (741991) | about 2 months ago | (#47095541)

In Objective-C of course ;-)

- (BOOL) isKnownMacVirus:(NSURL*) url
{
return NO;
}

I can see where this is going... (1)

jones_supa (887896) | about 2 months ago | (#47097797)

This is the first step and the convenient slippery slope to a world where you will automatically send all your files needing a virus check to the server. They will reason this by saying that they can offer "better and more up-to-date service" when the system is running remotely instead of a local virus scanning program. And you will reason this by saying that "everyone else does this too" and "I have nothing to hide".

Re:I can see where this is going... (1)

smash (1351) | about 2 months ago | (#47110137)

Already happens... plenty of companies run Microsoft Online Protection for exchange (or whatever they call it this week) which scans all inbound and outbound mail for their domain. Oh, what you never consented to microsoft getting a copy of your files? Too bad...

No digital signature?!?!? (1)

Smerta (1855348) | about 2 months ago | (#47097825)

Wow. Just went over to download the Windows version of the Uploader tool - the installer isn't digitally signed. WTF?!?!?

I'm still shocked that so much software from legitimate companies isn't digitally signed. I do a lot of firmware development, and very few companies' installers are digitally signed (IAR, I'm looking at you). Sheesh. Even a tiny company like Saleae and the main developer of TortoiseSVN ,Stefan Küng, have digital certificates for signing code, why can't a bigger company be bothered with this?

Right click? (0)

Anonymous Coward | about 2 months ago | (#47103095)

Do macs have a right click?

VirusTotal Uploader for OS X (1)

GabrielleeMaria (3672889) | about 2 months ago | (#47152949)

Google today announced the release of VirusTotal Uploader for OS X, allowing Mac users to upload suspicious files for scanning. You can download it now directly for OS X 10.8 and 10.9 from VirusTotal (8.52MB).
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...