GMail Adds Virus Protection

AxsDeny writes "Google has rolled out virus protection for it's web based email service. Apparently they are scanning incoming and outgoing messages for infected messages. Read more on their "what's new" page."

Final Straw!

[fembots]

That's it, that's EVIL and I'm quitting GMail now!

GMail has been my faithful virus depository, now where can I go today? HoTMaiL?

I wish it gives users the option to still retrieve the virus if they insist.

Re:Final Straw!

[Nom+du+Keyboard]

I wish it gives users the option to still retrieve the virus if they insist.

So you really do want to read the love letter just for you, and view those Anna Kornokorva pics, one more time.

Re:Final Straw!

[davez0r]

i use yahoo to store my viruses. it's like the computer version of the nose garden. so far i have:

  - W32.Sircam.Worm@mm
  - W32.Magistr.39921@mm
  - W32.Sobig.F@mm
  - W32.Sober.F@mm
  - W32.Netsky.P@mm
  - W32.Netsky.D@mm
  - W32.Netsky.Q@mm

anybody got some other good ones they can send me?

Re:Final Straw!

[Curunir_wolf]

What I hate is the way it refuses to send attached executables, even inside a zip file, and silently drops them when incoming. I'd at least like to be told that someone *tried* to send me an email, but the attachment was deleted, or bounce it back to the sender, or something.

The easy work-around for this is to just rename mypgm.exe to mypgm.renametoexe and then it goes through just fine (zipped or not). But if I'm sending it *TO* a gmail account, I don't even know it got dropped...

Re:Final Straw!

[TubeSteak]

(email not shown publicly)
you forgot to give us your e-mail address.

I've got this great virus you can add to your collection. It's called W32.Goatse@cx

It's pretty original, the virus masquerades as a JPEG and when you open it in your e-mail, it makes you go blind. ...Lightyears ahead of the competition

Re:Final Straw!

[_Pablo]

Rename the .zip file to .piz is my workaround.

Re:Final Straw!

[MadJo]

Sony has the answer for you
$sys$virus.exe

will make it invisible for any AV program.

EICAR

[ditto999999999999999]

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIR US-TEST-FILE!$H+H* makes it through fine.

Hotmail has integrated this for years...

[the+computer+guy+nex]

.. can we say Google is now replicating? :)

Re:Hotmail has integrated this for years...

[rincebrain]

No, because theirs actually does something useful, whereas Hotmail's has failed to catch a lot of the viruses people randomly send me while simultaneously denying people legitimate attachments because they fit some extension that Hotmail blocks.

but what powers it?

[caffeinemessiah]

This in itself is not surprising -- it's a natural step that Google had to take in order to compete with the other biggies in the business. What I'm more interested in knowing is if Google has put that army of Ph.D.'s into developing the AV technology. I don't see any other reason to wait so long for adding virus protection -- they could just as easily have licensed some commercial AV months ago, seeing as AV is one of the features that novice Internet users look for most. Now that MS is into AV, will Google follow suit? I'm hoping...

Re:but what powers it?

[temojen]

Or just use ClamAV.

Re:but what powers it?

[garcia]

This in itself is not surprising -- it's a natural step that Google had to take in order to compete with the other biggies in the business.

Of course it's not surprising. They've been blocking "bad" attachments for quite some time (and possibly since I started using it on 6/22/04).

If they were doing that (which gets rid of most viruses and non-sense) all along, I certainly wouldn't be surprised by this.

Re:but what powers it?

a non-trivial investment in servers to scan the mails, I would imagine.

Re:but what powers it?

[Zeinfeld]

Hopefully GMail use the most secure, most effective form of virus scanning, block all executable attachments.

Traditional virus scanning based on a blacklist of known bad code is hopeless. By the time a new piece of trojan code has been identified a hundred million copies have been blasted out from a botnet. There is almost no legitimate use of email to send executable code, way over 99% of all executable attachments are malicious.

ISPs should block executable attachments by default and offer the people who really really think that they can't live without it the option of turning delivery back on. AIDS awareness campaigns have saved millions of lives by persuading people to use condoms even though some people think that they just have to have casual sex without one. Accepting code in email is like having casual unprotected sex, its idiotic.

There is a very small, largely theoretical problem with non-executable content. Any data that is transferred from one machine to another could be used to exploit a code vulnerability in theory. The use of anti-virus style malicious data lists will still be necessary but the problem is much, much smaller. It is a much easier signal to spot. AV systems spend huge numbers of cycles recursively unpacking program loaders. With a data exploit we know the shape of the lock it fits into.

Re:but what powers it?

[IAmTheDave]

No offense to ClamAV, which I currently use, but if an engineering team rivaling the brain power of MIT research teams or NASA decides to make a virus scanner and release it for free, well... I'm gonna at least give it a try.

Re:but what powers it?

[geekoid]

and 80% of statistics are made up on the fly.

I can think of many legitimate reasons for sending programs that execute something.
Movies, pictures, sounds, etc...

Re:but what powers it?

[Leadhyena]

Wouldn't it be better for google to take the ClamAV base and extend/adapt it to their needs? I think that's more likely to happen than them starting from scratch unless there's something weird (aside from size) about the way their email system works.

Funny you should mention that... I read through the headers from an email I sent to our local mail server:(Identifiers mutated for spam reasons)

Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.199]) by ###.###.### (8.13.5/8.13.5/Debian-3) with ESMTP id jB...5 for ; Thu, 1 Dec 2005 11:06:00 -0600 Received: by zproxy.gmail.com with SMTP id x7so21853nzc for ; Thu, 01 Dec 2005 09:06:48 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-ve rsion:content-type; b=DZ...SE/zJ0= Received: by 10.37.12.24 with SMTP id p24mr1718713nzi; Thu, 01 Dec 2005 09:06:48 -0800 (PST) Received: by 10.36.153.11 with HTTP; Thu, 1 Dec 2005 09:06:47 -0800 (PST)

In other words, it looks like they have a cluster of 30 email servers for just the outside representation, and then 2 more levels of multiple clustered mail servers on the 10.37 subnet and 10.36 subnet. Your mail bounces in google's net 3 TIMES before it ever hits the real world. Granted, my experience in setting this stuff up is limited to clustering 2 or 3 servers together, but IMHO something amazing is going on under GMail's hood.

Re:but what powers it?

[slamb]

So I take it you've never had to send an exe via email? It's pain in the ass! Sometimes we just resort to fedex-ing updates to customers.

Dude, don't send the executable. Send a link to where the executable lives on your website. If it's important that no one else get it, then password-protect the directory. (.htaccess on Apache.) This is a much better solution:

• No overflowing mailboxes - your non-GMail customers are likely to have small quotas.
• No 33% base64 overhead.
• No slow involuntary downloads when they log in to check their email over dialup.
• It gives them a location that always has the latest version. And a complete archive of previous versions, if you like. Changelogs. Documentation. Website good.
• ...and it won't be rejected by almost every mail system these days.

NO!

Not on the same day MS starts beta testing their anti-virus solution.

I'm gonna fucking kill this guy, I did it before and I'll do it again, I'm gonna fucking kill google!

Where's a chair?

Re:NO!

[ZachPruckowski]

Steve Ballmer? You read slashdot? Are you by chance a masochist? That would explain everything...

So what?

[NineNine]

So what? Yahoo and the other big players have had this for years. That's like announcing that Ford is now selling cars with anti-lock brakes and power steering. That's great and all, but I wouldn't consider that news.

Re:So what?

[NineNine]

You're right. I'm wrong. I'm a bad Slashdotter. Here's my revised post:

GMail has virus protection?!? Wow! That's so innovative! They've done everything else perfectly, and now they've ended email-based viruses! M$ and Yahoo both suck! Google rocks! Thanks, Google!

Re:So what?

[Burning1]

That's like announcing that Ford is now selling cars with anti-lock brakes and power steering. That's great and all, but I wouldn't consider that news.

It would be if this was an auto enthusiet site. The Dodge Viper getting anti-lock breaks was big news to me, being a car geek.

but but but...

[ellem]

I use GMail on OS X so I don't need it...
</sarcasm>

Re:"it's"?

[NanoGator]

"Oh come on... Why keep up the pretence of being 'editors' if you don't even fix stupid mistakes like it's versus its?"

I was all excited about the virus protection in GMail until you pointed that out.

This could be a big issue

[ZachPruckowski]

If the virus can't be removed from the file, you won't be able to download it.
......
If a virus is found in an attachment you're trying to send, you won't be able to send the message until you remove the attachment.

Now I know Google is pretty good and reliable, but that's sort of a harsh way to do business. There should be some sort of work-around if Google gets it wrong on what is and isn't a virus (which I assume they are going to do sooner or later). I mean, a false positive would get you cut off from what could be vital information. If that happens to someone, they'll be mad, even though it was done for a good reason. I hope they at least warn the people that there was an attachment.

Re:This could be a big issue

[Daniel_Staal]

Or for that matter, for virus-analysis. I know of people who email each other copies of viruses (safely marked) so that they can all examine them.

Re:This could be a big issue

[Mr.+Underbridge]

A lot of filters drop anything encrypted, for that reason.

Re:This could be a big issue

[xero9]

Yahoo is the same way. My ISP uses Yahoo for its email and when a virus comes through it don't let you get the attachement at all. I think it's kind of good though, because you know there's stupid people out there who are just dying to open it, even if it's been flagged as a virus.

Wrong Link

[OverlordQ]

Actually the "What's New" page is here, not what was linked to.

Also, I'm still pissed they havent added the option to empty the spam folder, yes I know it gets automagically deleted after 30 days, but I'd like to clear it out without having to go through 30 pages.

Re:Wrong Link

[alphakappa]

Why do you care? The spam 'folder' does not add to your alloted storage space. The messages do not appear in your inbox or your regular searches (unless you specifically search using in:spam), so why do you care whether there are 0 messages or a gazillion messages in the spam folder?

Is it going to...

[scenestar]

flag mp3s and archives as unsafe by default?

End of .creative.extenstions

[sphix42]

So much for the .zip.remove.everything.after.the.first.zip.includi ng.the.period files.

What about false positives?

[mmThe1]

From the page..
"If the virus can't be removed from the file, you won't be able to download it"

All that talk about false positive and important (project/contract saving) mails sounds so important suddenly...

Re:What about false positives?

[temojen]

You keep important, time-crucial files on a free webmail service?

Nice, I suppose, if you get a lot of them.

[tgd]

I've got 10k+ e-mails in my gmail account, though, and I don't think any have any virus-laden attachments, though.

What I really want is a "yes, I'm unilingual, I speak English and if an e-mail isn't in English, its spam" setting.

Re:Nice, I suppose, if you get a lot of them.

[Nezzari]

Que?

Re:Nice, I suppose, if you get a lot of them.

[niXcamiC]

Lo que quero es un "si, soy unilingüe, ablo ingles, y si mi correo no es en ingles, es spam" opcion.

Re:Nice, I suppose, if you get a lot of them.

[Stephen+Williams]

"yes, I'm unilingual, I speak English and if an e-mail isn't in English, its spam"

That should probably be on by default if the user's IP address is on an American network.

-Stephen (unilingual Englishman, put the flamethrowers away)

Re:"it's"?

[digitaldc]

Its the damn grammar nazis again to ruin the hype.

Not only are they scanning for infected messages

... but they are no longer allowing ANY zipfiles containing .exes to be transmitted to a gmail account.

That's obviously pretty damned annoying for people who actually work with zipfiles. "Here, give this version a try." "What version?"

I've sent them polite feedback requests to stop doing that. Other services scan zipfile contents for known viruses; Google is just dropping the zipfiles altogether. In my message to their support folks, I pointed out that letting virus writers dictate the design of your mail service isn't the best long-term business model.

What? Can't they index virii?

[Wellspring]

This is a natural outgrowth of the fact that they can't effectively index virii.

Therefore, they must be destroyed.

next step: gVirusFighter

[altoz]

They have gmail scanning for viruses... They have google desktop indexing the files...

Soon, they'll release a google-desktop extension that scans viruses on windows.

google really is taking over microsoft (windows)

Re:"it's"?

[bamf]

If you're going to try to be pedantic, at least be accurate. "pretence" is perfectly valid here.

Virus-Targetted Advertising

[Jherek+Carnelian]

Does this mean Google will be targetting their advertising based on the kind and number of viruses they filter out?

For people who get a lot of viruses, they can advertise privacy tools, anti-virus software and adware removers.
For people who do not get a lot of viruses, they get to see ads for social networks, dating sites, etc.

Re:"it's"?

[Buddy_DoQ]

*
Or is it?

pretence P Pronunciation Key (prtns, pr-tns)
n. Chiefly British
Variant of pretense.

pretence

n 1: a false or unsupportable quality [syn: pretension, pretense] 2: an artful or simulated semblance; "under the guise of friendship he betrayed them" [syn: guise, pretense, pretext] 3: pretending with intention to deceive [syn: pretense, feigning, dissembling] 4: imaginative intellectual play [syn: pretense, make-believe] 5: the act of giving a false appearance; "his conformity was only pretending" [syn: pretense, pretending, simulation, feigning]

(source: Dictionary.com)

*Sorry, I had trouble resisting after being beat down by the grammar Nazis my self. It's really just a regional thing here.

hotmail

[dioscaido]

following the trend for MS, it looks like hotmail is copying gmail and checking for viruses as well. :)

Can I send _uninfected_ .exe files now?

[Hopieopdepaus]

Because I am getting tired of renaming my files and explaining n00b aunts how to re-rename the files when they receive them.

Google AV for web?!!!

[G4from128k]

What if Google create AV for the web -- filtering websites and pages that contain embedded viruses, trojans, or malware. Any website with malware, trojans, or other nasties would lose its favorable pagerank or even disappear from searches where the user has asked for "safe" pages.

Google may not be able to stop fast moving threats because they don't reanalyze pages that often (unless they offered a proxy service), but they could stop corporate-sponsored malware by advertisers and less ethical site providers.

And the next obvious step - is long overdue

[Nom+du+Keyboard]

virus protection for it's web based email service

The next, obvious, and far too long overdue, step is for Google to flag web-sites that attempt to install malware, redirect you to sites you didn't want to visit, spawn endless pop-up windows, attempt to create a full-screen browser that you can't close, or disable features of your browser like right mouse button clicks. Since they've already spidered it, and in most cases cached it, they can darn well scan it for viruses and other crap at the same time! Their virus, adware, spyware, malware signature files would certainly be more upto date than my own. They could even be protecting surfers now from the current unpatched IE exploit by warning of sites that have dodgy or questionable code while MS takes its own sweet time coming up with a patch.

The first decent search engine that takes this step to protect its users can count on the majority of my traffic.

Re:And the next obvious step - is long overdue

[NilObject]

I'll second this. One of the most commong phishing techniques I see in e-mails is the old "I can see the link text there so it must be right" scam. Something like:

Update your account here: http://ebay.com/updateAccount.html

Of course, Slashdot has a nice solution (the "[scammer.com]" bit). AFAIK, no webmail services protect users against this. Apple's Mail doesn't, unfortunately, but what about the legions of less tech-savvy people?

Not a lot of common users instictively know that eBay would never send an e-mail like "Your account info must be updated NOW or else we will cancel your account" and then require name, address, credit card info, SSN, fingerprint, DNA sample, and face scan.

It seems like such a simple fix too: if the link text looks like a URL or looks like a fakey one (ex: http;\\ebay.c0m), see if it matches where the actual URL points. If they don't match, warn the user.

Re:No zips with binary files

[afidel]

just change the extension to something other than zip and it goes through fine. In fact you can probably make it .gz or some other extension that winzip and clones understand and it should work (unless the javascript catcher is more adavanced then I think it is).

Re:"it's"?

[errxn]

In a related story, editors at the popular tech website Slashdot today launched a major new development initiative, the aim of which is to create a groundbreaking new piece of vaporware known as "Dupe and Grammar Protection." The project, codenamed "HellFreeze", is currently slated to launch shortly after the Apocalypse.

Re:I'd love this...

[verbnoun]

You don't need to worry about that. I've noticed from the notifications from OpenOffice's mailing list that Gmail bounces any attachments it doesn't like without telling you. You won't get pissed off because you'll never know the email existed.

They could also improve the security

[Matlo]

From what you read on "Linux Activist" only the login phase of email sessions is encrypted and protected from prying eyes... They could also address this kind of potential security breach instead of bothering me each time I try to send an executable...

great, now I don't need norton

[Surt]

I'll just write a program to email myself every file on my hard drive and see what fails, or maybe use that gmail as file system thingy.

Deja vu

[nova_ostrich]

Not directly related, but this reminds me of my college days. I used to work at the technology help desk. It took years to get spam protection on the email accounts at the school because some crazy staff members demanded that they receive EVERY SINGLE email sent to them. Eventually, a system was set up, and it allowed a user to log into a service that showed them what spam was blocked. If the user wanted, he or she could have any message in that list delivered. Then after a week or so, a message was permanently deleted from the quarantine if not delivered.

We phone-jockeys were informed that the system had certain levels of spam probability assigned to each message, and we could tell the users that. What we couldn't mention was that spam with the highest probablility didn't even make it to the quarantine. The spam problem was just so bad that we had to get rid of some of it, but we tricked everyone into thinking that they could get everything they received.

Re:Grammar

[paco3791]

For anyone else out there who has no clue what the parent is talking about, check out this site. http://www.badgerbadgerbadger.com/

Seems like there's a nice beat, but I'll have to wait till I get home from work to really crank it up.

Google Ads

[ramrom]

Will I get ads based on the Virus ???