Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Releases VirusTotal Uploader For OS X

Posted by samzenpus on from the check-it-out dept.

An anonymous reader writes "Google today announced the release of VirusTotal Uploader for OS X, allowing Mac users to upload suspicious files for scanning. You can download it now directly for OS X 10.8 and 10.9 from VirusTotal. For those who don't know, VirusTotal Uploader for Windows is a popular tool for submitting suspicious files to the online scanning service. The process is as simple as right-clicking any file and selecting the relevant option from the context menu."

37 comments

  1. Macs don't virus, yo! by Anonymous Coward · · Score: 0, Informative

    If your mac viruses, you're being hand-held by Apple wrong. And it's your fault.

  2. Yet another front on Mac Security by jaeztheangel · · Score: 1

    This will throw up so many false positives for Mac users...

  3. Multi-scanner by DigiShaman · · Score: 3, Informative

    Basically, you use VirusTotal when you're unsure of a potential infection or outbreak. This site is basically a giant filter that runs the file against multiple engines and provides a score. I've seen a new outbreak where my AV didn't catch it, but 1/4th of the scanners at VirusTotal did. It was obviously so new that not all of the AV vendors had time to catch up yet within the 12 hour window or less. It happens; quite common in fact.

    --
    Life is not for the lazy.
    1. Re:Multi-scanner by TubeSteak · · Score: 1

      I've seen a new outbreak where my AV didn't catch it, but 1/4th of the scanners at VirusTotal did.

      I've also seen 1/4th of the scanners at VirusTotal claim known good binaries = generic malware because of the packer used to build the exe.

      --
      [Fuck Beta]
      o0t!
    2. Re:Multi-scanner by Anubis+IV · · Score: 1

      Neat idea, and thanks for explaining it to those of us who didn't know what it did, but it doesn't seem particularly useful in this case. And I'm not just saying that because Macs have been by-and-large (though obviously not completely) free of malware in everyday use. I say that because normal users, who are the sort that are likely to be afflicted with an infection, will never hear about it, while the sorts of users who do hear about it (i.e. folks like us) already engage in best practices and will essentially never get infected unless they set out to do so.

      Aside from trojans aimed at people who think that a browser pop-up window is an authoritative source for learning of a malware infection on their machine, I can't recall any other malware in the wild for OS X in the last 5 years that was significant enough to warrant a mention in the Mac news/rumors circuit (though, I will point out that OS X has had both viruses and worms targeted at it in the past, contrary to what many of my fellow Apple users might claim). With Apple being pretty good at rapidly updating the built-in malware definitions in response to any new sightings, even the people who think pop-ups know everything don't have much to worry about.

    3. Re:Multi-scanner by Anonymous Coward · · Score: 0

      I used to see virus scanners set off all the time with UPX. Such a basic detection is, thankfully, becoming rare. And now executable compression is now rare (or at least in my experience). Seems to be a combination of a problem with 64-bit processors and disk space is not as big of an issue as it used to be.

    4. Re:Multi-scanner by Anonymous Coward · · Score: 0

      I've also noticed that VT added a few questionable scanning engines to their repertoire. One called Rising Antivirus is an obscure Chinese AV vendor that flags tons of benign software as generic trojans. Another one that behaves the same way and is just as questionable is a two-bit Vietnamese scanning engine called CMC Antivirus. It has the same problem of flagging perfectly fine software as generic malware.
       
      I have submitted false positive reports to both of these companies and VT but they have not removed any of the false positives.
       
      There needs to be some level of competence to be allowed to scan files for virustotal, but there is not.

  4. what a name! by Jeremy+Erwin · · Score: 3, Funny

    Virus Total Uploader sounds like a malware development kit. The Headline had me thinking of Google taking the IOS-Android war to new levels of barbarity.

    1. Re:what a name! by Anonymous Coward · · Score: 0

      I also was wondering what it was from the title alone.

    2. Re:what a name! by munch117 · · Score: 2
      It is a malware development kit, you know. Or rather, part of one. The bad guys use tools like this to create virus-scanner-proof malware.

      1. Create 1000 random variations of your malware.
      2. Select a variation that's given a clean sheet by Virus Total. If there isn't any, just create more variations.
      3. ?? (*)
      4. Profit.

      (*) Release the malware into the wild.

    3. Re:what a name! by Anonymous Coward · · Score: 0

      Creating 1000 versions is kind of pointless - you will get the first one by almost all the scanners.

    4. Re:what a name! by Hypotensive · · Score: 1

      Indeed. "This is a virus that totally uploads all your stuff to Google."

  5. Easy to use, just upload your files! by Anonymous Coward · · Score: 2, Interesting

    Just right click and send all your personal files to Google. They'll keep them safe and scan them for viruses.

    Big Brother doesn't have to work hard when we so willingly hand over anything and everything.

    1. Re:Easy to use, just upload your files! by ledow · · Score: 2

      Nobody's making you do it.

      And with Virustotal, you're free to calculate the hash yourself and go look up the URL it goes to (in fact, VirusTotal clients do this - generate a hash, lookup the hash, and only upload if it doesn't already exist).

      And why would you be uploading personal files to check for viruses? Surely your personal files are the ones you KNOW are clean? It's the random crap you download and are sent that you have to scan.

    2. Re:Easy to use, just upload your files! by Anonymous Coward · · Score: 0

      The "personal file" could be something someone sent me that should remain confidential.
      If I test it using VirusTotal, then I'm sending a confidential file to a third party.
      If I don't, then maybe opening it will install spyware through a Microsoft Office bug.

    3. Re:Easy to use, just upload your files! by Crash+Culligan · · Score: 2

      And why would you be uploading personal files to check for viruses? Surely your personal files are the ones you KNOW are clean? It's the random crap you download and are sent that you have to scan.

      Because doing so helps strengthen all anti-virus software which VirusTotal uses. The mistake is thinking of VirusTotal as just a big ol' multi-scanner, when under the hood it's a clearinghouse of virus and malware information for the participating vendors of detection and remedy software.

      If they get a file that only triggers 17/51 of the scanners, then the other 34 will want to know why they didn't catch it, and research it, and improve their own products in response. So uploading files to them is a way of supporting their efforts.

      --
      You cannot truly appreciate Dilbert until you read it in the original Klingon.
    4. Re:Easy to use, just upload your files! by Anonymous Coward · · Score: 0

      If I don't, then maybe opening it will install spyware through a Microsoft Office bug.

      Simple solution: Don't run Microsoft Office, you twit.

    5. Re:Easy to use, just upload your files! by ledow · · Score: 3

      Here's a hint then: Don't upload confidential files.

      Why does your stupidity of an unrealistic use case (uploading a file you don't want to share to an untrusted third party) render the service untenable?

      Fact is, I use VirusTotal a lot of deal with confidential information all the time. I use it to reassure myself that the things I'm handling aren't going to affect the confidential data or the programs that handle it.

      Personally, I think every PDF->Word or Word->PDF service is infinitely more dangerous as a source of uploaded confidential information that could be retained.

      And, as pointed out, you DO NOT have to use the service, DO NOT have to upload the file at all, and DO NOT have to use this client...

    6. Re:Easy to use, just upload your files! by Anonymous Coward · · Score: 0

      You should not praise software that has pitfalls even if you're personally smart enough to avoid the pitfalls. If this thing gets glowing reviews, then it's only a matter of time before your identity gets stolen because some dumb employee "right clicked" on a file containing SSNs to "check for viruses".

    7. Re:Easy to use, just upload your files! by Anonymous Coward · · Score: 0

      If you are in the information security industry, virustotal will sell you an API key for 500 euros a month that lets you download some number of the uploaded files that they get. For another very large price per month, you can get all the files that they get.

    8. Re:Easy to use, just upload your files! by Plumpaquatsch · · Score: 1

      Nobody's making you do it.

      And with Virustotal, you're free to calculate the hash yourself and go look up the URL it goes to (in fact, VirusTotal clients do this - generate a hash, lookup the hash, and only upload if it doesn't already exist).

      And why would you be uploading personal files to check for viruses? Surely your personal files are the ones you KNOW are clean? It's the random crap you download and are sent that you have to scan.

      So what you are saying is that the only time you ever have to actually upload something - it's a file unique to you. Which is totally not a personal thing.

      --
      Of course news about a fake are Fake News.
    9. Re:Easy to use, just upload your files! by smash · · Score: 1

      Nobody's making ME do it, but if i send any of the content i generate to others, there's nothing stopping them uploading my content, is there?

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  6. Use the hash search by Anonymous Coward · · Score: 1

    There's no need to upload files to Virustotal most of the time. Just calculate the MD5 or SHA-1 hash (or whatever else is supported) for the file, and search for it on Virustotal. More often than not someone else has already uploaded the exact same file very recently.

    Then again, I guess for some users uploading might actually be easier.

  7. Re:IMPOSSIBLE by BitZtream · · Score: 2

    ...

    What mac user runs as root? OSX never has by default allowed root to login, and Classic Mac OS didn't really have a concept of users. It most certainly does require you to provide your password to do administrative tasks just like SUDO. To access a root shell you must tweak some preferences so you can login as root directly or sudo bash to get a root shell.

    OSX doesn't come with MySQL, so if you installed it with no password, thats because you're a moron like your other posts imply. My machine shows postgresql listening and 2 other ports. PostgreSQL I installed the other 2 are CUPS and Xsan management ports, neither are on by default. So what exactly you're trying to refer too is beyond me.

    PHP shows version 5.4.24, but Apache isn't running by default. If you're playing with scripting languages and do stupid shit like using user input in ad-hoc SQL statements, again, thats your problem.

    Do you ever post anything that doesn't look retarded? You're not even trolling, you're just that stupid.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  8. Re:IMPOSSIBLE by angel'o'sphere · · Score: 2

    Contenance my friend, contenance! Look at his name ;)

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  9. Fake? by Anonymous Coward · · Score: 0

    What has this company got to do with Google? This smells like a fake set of blogs misusing Google's name, hoping to get this into the echo chamber.

    1. Re:Fake? by exomondo · · Score: 1

      What has this company got to do with Google? This smells like a fake set of blogs misusing Google's name, hoping to get this into the echo chamber.

      From TFA:
      Google acquired VirusTotal back in September 2012, promising VirusTotal will continue to operate independently.
      http://thenextweb.com/google/2014/05/26/google-releases-virustotal-uploader-os-x-hopes-malware-submissions-will-beef-mac-security/

  10. Re:IMPOSSIBLE by Anonymous Coward · · Score: 0

    The sense of sarcasm never evades.

  11. Here's the code by GrahamCox · · Score: 2
    In Objective-C of course ;-)

    - (BOOL) isKnownMacVirus:(NSURL*) url
    {
    return NO;
    }

  12. Re:IMPOSSIBLE by exomondo · · Score: 1

    You're not even trolling

    Your powers of deduction are mindblowing! ... your sarcasm detector is clearly overloaded though, perhaps for people like you he should include a sarcasm disclaimer at the bottom next time. I know the mac fanboys are a rabid bunch but come on, are you really suggesting that isn't sarcastic? Really?

  13. I can see where this is going... by jones_supa · · Score: 1

    This is the first step and the convenient slippery slope to a world where you will automatically send all your files needing a virus check to the server. They will reason this by saying that they can offer "better and more up-to-date service" when the system is running remotely instead of a local virus scanning program. And you will reason this by saying that "everyone else does this too" and "I have nothing to hide".

    1. Re:I can see where this is going... by smash · · Score: 1

      Already happens... plenty of companies run Microsoft Online Protection for exchange (or whatever they call it this week) which scans all inbound and outbound mail for their domain. Oh, what you never consented to microsoft getting a copy of your files? Too bad...

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
  14. No digital signature?!?!? by Smerta · · Score: 1

    Wow. Just went over to download the Windows version of the Uploader tool - the installer isn't digitally signed. WTF?!?!?

    I'm still shocked that so much software from legitimate companies isn't digitally signed. I do a lot of firmware development, and very few companies' installers are digitally signed (IAR, I'm looking at you). Sheesh. Even a tiny company like Saleae and the main developer of TortoiseSVN ,Stefan Küng, have digital certificates for signing code, why can't a bigger company be bothered with this?

  15. Right click? by Anonymous Coward · · Score: 0

    Do macs have a right click?

  16. VirusTotal Uploader for OS X by GabrielleeMaria · · Score: 1

    Google today announced the release of VirusTotal Uploader for OS X, allowing Mac users to upload suspicious files for scanning. You can download it now directly for OS X 10.8 and 10.9 from VirusTotal (8.52MB).