Slashdot Mirror

← Back to Stories (view on slashdot.org)

GMail Adds Virus Protection

Posted by CmdrTaco on from the google-farts-and-people-smell dept.

AxsDeny writes "Google has rolled out virus protection for it's web based email service. Apparently they are scanning incoming and outgoing messages for infected messages. Read more on their "what's new" page."

4 of 355 comments (clear)

  1. but what powers it? by caffeinemessiah · · Score: 5, Insightful

    This in itself is not surprising -- it's a natural step that Google had to take in order to compete with the other biggies in the business. What I'm more interested in knowing is if Google has put that army of Ph.D.'s into developing the AV technology. I don't see any other reason to wait so long for adding virus protection -- they could just as easily have licensed some commercial AV months ago, seeing as AV is one of the features that novice Internet users look for most. Now that MS is into AV, will Google follow suit? I'm hoping...

    --
    An old-timer with old-timey ideas.
    1. Re:but what powers it? by Zeinfeld · · Score: 5, Insightful
      Hopefully GMail use the most secure, most effective form of virus scanning, block all executable attachments.

      Traditional virus scanning based on a blacklist of known bad code is hopeless. By the time a new piece of trojan code has been identified a hundred million copies have been blasted out from a botnet. There is almost no legitimate use of email to send executable code, way over 99% of all executable attachments are malicious.

      ISPs should block executable attachments by default and offer the people who really really think that they can't live without it the option of turning delivery back on. AIDS awareness campaigns have saved millions of lives by persuading people to use condoms even though some people think that they just have to have casual sex without one. Accepting code in email is like having casual unprotected sex, its idiotic.

      There is a very small, largely theoretical problem with non-executable content. Any data that is transferred from one machine to another could be used to exploit a code vulnerability in theory. The use of anti-virus style malicious data lists will still be necessary but the problem is much, much smaller. It is a much easier signal to spot. AV systems spend huge numbers of cycles recursively unpacking program loaders. With a data exploit we know the shape of the lock it fits into.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. So what? by NineNine · · Score: 5, Insightful

    So what? Yahoo and the other big players have had this for years. That's like announcing that Ford is now selling cars with anti-lock brakes and power steering. That's great and all, but I wouldn't consider that news.

  3. Not only are they scanning for infected messages by Anonymous Coward · · Score: 5, Insightful

    ... but they are no longer allowing ANY zipfiles containing .exes to be transmitted to a gmail account.

    That's obviously pretty damned annoying for people who actually work with zipfiles. "Here, give this version a try." "What version?"

    I've sent them polite feedback requests to stop doing that. Other services scan zipfile contents for known viruses; Google is just dropping the zipfiles altogether. In my message to their support folks, I pointed out that letting virus writers dictate the design of your mail service isn't the best long-term business model.