Slashdot Mirror

← Back to Stories (view on slashdot.org)

GMail Adds Virus Protection

Posted by CmdrTaco on from the google-farts-and-people-smell dept.

AxsDeny writes "Google has rolled out virus protection for it's web based email service. Apparently they are scanning incoming and outgoing messages for infected messages. Read more on their "what's new" page."

18 of 355 comments (clear)

  1. "it's"? by keesh · · Score: 1, Insightful

    Oh come on... Why keep up the pretence of being 'editors' if you don't even fix stupid mistakes like it's versus its?

    1. Re:"it's"? by bamf · · Score: 3, Insightful

      If you're going to try to be pedantic, at least be accurate. "pretence" is perfectly valid here.

  2. but what powers it? by caffeinemessiah · · Score: 5, Insightful

    This in itself is not surprising -- it's a natural step that Google had to take in order to compete with the other biggies in the business. What I'm more interested in knowing is if Google has put that army of Ph.D.'s into developing the AV technology. I don't see any other reason to wait so long for adding virus protection -- they could just as easily have licensed some commercial AV months ago, seeing as AV is one of the features that novice Internet users look for most. Now that MS is into AV, will Google follow suit? I'm hoping...

    --
    An old-timer with old-timey ideas.
    1. Re:but what powers it? by temojen · · Score: 2, Insightful

      Or just use ClamAV.

    2. Re:but what powers it? by Anonymous Coward · · Score: 2, Insightful

      a non-trivial investment in servers to scan the mails, I would imagine.

    3. Re:but what powers it? by Zeinfeld · · Score: 5, Insightful
      Hopefully GMail use the most secure, most effective form of virus scanning, block all executable attachments.

      Traditional virus scanning based on a blacklist of known bad code is hopeless. By the time a new piece of trojan code has been identified a hundred million copies have been blasted out from a botnet. There is almost no legitimate use of email to send executable code, way over 99% of all executable attachments are malicious.

      ISPs should block executable attachments by default and offer the people who really really think that they can't live without it the option of turning delivery back on. AIDS awareness campaigns have saved millions of lives by persuading people to use condoms even though some people think that they just have to have casual sex without one. Accepting code in email is like having casual unprotected sex, its idiotic.

      There is a very small, largely theoretical problem with non-executable content. Any data that is transferred from one machine to another could be used to exploit a code vulnerability in theory. The use of anti-virus style malicious data lists will still be necessary but the problem is much, much smaller. It is a much easier signal to spot. AV systems spend huge numbers of cycles recursively unpacking program loaders. With a data exploit we know the shape of the lock it fits into.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    4. Re:but what powers it? by IAmTheDave · · Score: 4, Insightful

      No offense to ClamAV, which I currently use, but if an engineering team rivaling the brain power of MIT research teams or NASA decides to make a virus scanner and release it for free, well... I'm gonna at least give it a try.

      --
      Excuse my speling.
      Making The Bar Project
    5. Re:but what powers it? by slamb · · Score: 2, Insightful
      So I take it you've never had to send an exe via email? It's pain in the ass! Sometimes we just resort to fedex-ing updates to customers.

      Dude, don't send the executable. Send a link to where the executable lives on your website. If it's important that no one else get it, then password-protect the directory. (.htaccess on Apache.) This is a much better solution:

      • No overflowing mailboxes - your non-GMail customers are likely to have small quotas.
      • No 33% base64 overhead.
      • No slow involuntary downloads when they log in to check their email over dialup.
      • It gives them a location that always has the latest version. And a complete archive of previous versions, if you like. Changelogs. Documentation. Website good.
      • ...and it won't be rejected by almost every mail system these days.
  3. So what? by NineNine · · Score: 5, Insightful

    So what? Yahoo and the other big players have had this for years. That's like announcing that Ford is now selling cars with anti-lock brakes and power steering. That's great and all, but I wouldn't consider that news.

  4. This could be a big issue by ZachPruckowski · · Score: 4, Insightful

    If the virus can't be removed from the file, you won't be able to download it.
    ......
    If a virus is found in an attachment you're trying to send, you won't be able to send the message until you remove the attachment.

    Now I know Google is pretty good and reliable, but that's sort of a harsh way to do business. There should be some sort of work-around if Google gets it wrong on what is and isn't a virus (which I assume they are going to do sooner or later). I mean, a false positive would get you cut off from what could be vital information. If that happens to someone, they'll be mad, even though it was done for a good reason. I hope they at least warn the people that there was an attachment.

    1. Re:This could be a big issue by xero9 · · Score: 2, Insightful

      Yahoo is the same way. My ISP uses Yahoo for its email and when a virus comes through it don't let you get the attachement at all. I think it's kind of good though, because you know there's stupid people out there who are just dying to open it, even if it's been flagged as a virus.

  5. Wrong Link by OverlordQ · · Score: 4, Insightful

    Actually the "What's New" page is here, not what was linked to.

    Also, I'm still pissed they havent added the option to empty the spam folder, yes I know it gets automagically deleted after 30 days, but I'd like to clear it out without having to go through 30 pages.

    --
    Your hair look like poop, Bob! - Wanker.
  6. What about false positives? by mmThe1 · · Score: 2, Insightful

    From the page..
    "If the virus can't be removed from the file, you won't be able to download it"

    All that talk about false positive and important (project/contract saving) mails sounds so important suddenly...

    1. Re:What about false positives? by temojen · · Score: 3, Insightful

      You keep important, time-crucial files on a free webmail service?

  7. Re:Hotmail has integrated this for years... by rincebrain · · Score: 2, Insightful

    No, because theirs actually does something useful, whereas Hotmail's has failed to catch a lot of the viruses people randomly send me while simultaneously denying people legitimate attachments because they fit some extension that Hotmail blocks.

    --
    It's only an insult if it's not true.
  8. Not only are they scanning for infected messages by Anonymous Coward · · Score: 5, Insightful

    ... but they are no longer allowing ANY zipfiles containing .exes to be transmitted to a gmail account.

    That's obviously pretty damned annoying for people who actually work with zipfiles. "Here, give this version a try." "What version?"

    I've sent them polite feedback requests to stop doing that. Other services scan zipfile contents for known viruses; Google is just dropping the zipfiles altogether. In my message to their support folks, I pointed out that letting virus writers dictate the design of your mail service isn't the best long-term business model.

  9. Can I send _uninfected_ .exe files now? by Hopieopdepaus · · Score: 2, Insightful

    Because I am getting tired of renaming my files and explaining n00b aunts how to re-rename the files when they receive them.

  10. And the next obvious step - is long overdue by Nom+du+Keyboard · · Score: 4, Insightful
    virus protection for it's web based email service

    The next, obvious, and far too long overdue, step is for Google to flag web-sites that attempt to install malware, redirect you to sites you didn't want to visit, spawn endless pop-up windows, attempt to create a full-screen browser that you can't close, or disable features of your browser like right mouse button clicks. Since they've already spidered it, and in most cases cached it, they can darn well scan it for viruses and other crap at the same time! Their virus, adware, spyware, malware signature files would certainly be more upto date than my own. They could even be protecting surfers now from the current unpatched IE exploit by warning of sites that have dodgy or questionable code while MS takes its own sweet time coming up with a patch.

    The first decent search engine that takes this step to protect its users can count on the majority of my traffic.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."