Flag virus & malware threats online through VirusTotal
Every computer user, novice or expert, is familiar with the term “virus”. Though many of us might not know the technicalities behind viruses, we do realize that a virus is some kind of a computer program that’s aimed at destroying our data or causing serious harm to our machines. It enters our computers through an infected download or when we visit a malicious website and to get rid of it or to protect ourselves from viruses, we must have a good antivirus program installed on our system.
All the above information is good, but it’s very basic. With innovation and the progress of technology, hackers and virus experts around the world have devised programs so sophisticated that even some of the best antivirus programs cannot detect the Trojans, Worms, or Viruses they build. As such we must exercise monitoring and caution to make sure our computers and data are safe from going into the wrong hands. To do this, every user must:
- Have an all-round virus protection installed on our system. This should ideally include anti-virus, anti-spam, firewall, anti-phishing and other similar protection.
- Take care NOT to download ANYTHING (not even a harmless looking .jpeg image) from a website our anti-virus program doesn’t trust.
- Rope in the services of “VirusTotal” – the online virus detector genie that needs no download or installation to flag suspicious content over the internet.
In this review we’ll be shedding light on VirusTotal – the online service to identify malicious programs – and try to find out what makes it indispensable.
VirusTotal – an Introduction
VirusTotal is a free online tool to analyze files and URLs for their safety from viruses, worms, trojans and other kinds of malicious content. This Google subsidiary flags suspicious material detected by antivirus engines and website scanners and lets users know that they’re in potential danger. By uploading files such as Windows executables, Android APIs, zipped folders, HTML / Excel files etc. users can be sure that the files they’re about to use are free of data threats. In principle, it is just a free unbiased service that collects the output of various antivirus engines, website scanners, analysis tools and user contributions to deduce how harmful a file or URL is. In addition to this service, VirusTotal can also be used to identify false positives, i.e, sources that may not be malicious but are incorrectly flagged by one or more scanners.
The best part about this tool is that unlike installed anti-virus programs, you don’t need to update it as per the latest virus definitions. Malware signatures are periodically updated every 15 minutes to ensure that the tool always works with the latest signature set.
How it works
This is the easiest part. Just open the tool’s website and upload a file (up to 128MB in size), enter a URL, or Search for a term that you think might be malicious. Click on the ‘Scan It!’ / ‘Search It!’ button and viola, you’ll be redirected to the results page. On the results page, you’ll be able to view:
- Detailed analysis of the file / URL you entered including the name of the file / URL scanner used & Result obtained
- Additional information about the file / URL including:
- Website category / File identification
- Scanning Engine Details / VirusTotal metadata
- Comments on the URL / file given by VirusTotal community members
- Up-votes or Down-votes given to the file / URL by community members
You can also choose to give your vote to the searched term / file / or URL if you have evidence about its characteristics. For this you’ll need an account with VirusTotal. Signing-up is free and easy.
Apart from this operation, you can choose to visit VirusTotal community to check out the users who contribute their valuable opinion from time to time. You can also become a member of the community by clicking on “Join our community” and filling a simple form.
You may also wish to view the statistics of files analyzed by VirusTotal by click on “Statistics” in the main menu. Here, you’ll be able to see which country has used the tool maximum, how many files have been analyzed on a day-to-day basis and what file types are most analyzed.
Advantages VS Disadvantages
Some of the benefits VirusTotal offers are:
- Allows users to search for reports given an MD5, SHA1, SHA256 or URL
- In addition to uploading files, users can also send files to VirusTotal through email and receive the results (as plain text or XML) in their inbox.
- It not only detects threats in a submitted file, but also displays the exact detection label returned by each engine.
- A strong pseudo-social network of developers and users strengthen the application to come up with useful reviews for a file / URL if security products (antivirus programs) give false positives / false negatives.
- The public API of the tool lets you embed its functionality into your application (with the restriction of at most 4 requests / minute) through simple scripts.
- You can also choose to use the tool as a browser extension
- Available in desktop / mobile flavors
Though the shortcomings of the tool are specified on their website, they can’t really be regarded as disadvantages but informative.
- The tool’s antivirus engines are command-line, so depending on the product, they won’t behave the same as the desktop version
- The results of VirusTotal cannot and shouldn’t be compared with desktop-oriented solutions since both work on different parameters. In other words, you can’t use VirusTotal for antivirus testing.
- All the tool really offers, is a second opinion regarding the maliciousness of files / URLs
Find out how dangerous a file or URL is with virustotal.com/ @virustotal via @supermonitoring
Final Words
A word of caution – don’t think you can do without an installed antivirus program on your machine if you have VirusTotal. The utility scans individual files / URLs on user demand. It cannot be deemed fit to offer permanent protection to user systems. Once you’re clear on that front, VirusTotal is probably one of the coolest and most useful services for a very wide spectrum of users worldwide.