Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Total


  • Please log in to reply
11 replies to this topic

#1 yabbadoo

yabbadoo

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 27 December 2012 - 03:33 AM

I have had VTzilla - a Firefox plugin for years. Never used it much, but enough to form an opinion. You do get a toolbar, but i can be hidden.

The rather extraordinary description given is :-

"What is VirusTotal ?

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners."

Well that may be a hyper-optimistic viewpoint which would infringe any legal Trade Descriptions Act, my opinion differs.

In my experience, Virus Total is more justified as being Virus Total Useless. On every occasion I have tested it on a good site, VT comes up with a golden egg. But then I do not need VT help on a good site, only on suspect or bad sites. Logically I would think that is the entire purpose of VT according to the elaborate description given above.

Every single time I use VT on a suspect or bad site, it NEVER does a virus scan - comes up with a message that the URL is either not on the VT data base or that the text format is unreadable. Then it lists a large number of so-called security vendors and gives a "Clear" against the lot To get a "Clear" on all these security vendors EVERY single time no matter how many sites I visit, is completely illogical and borders on the impossible.

Has anybody else used VT ? If so, what are your experiences ?
My opinion is obvious, VT is as much good as a bucket with a big hole in the bottom.

Edited by yabbadoo, 27 December 2012 - 03:47 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 27 December 2012 - 05:28 AM

Has anybody else used VT ? If so, what are your experiences ?

Yes I use the applicatin quite often. I also use Jotti, which is a similar application. Do you understand how it works ??
You submit items to them that May be known infections, or suspected infections.
A group of well known Antivirus / malware companies returns a result of if the item is in their data base as suspect or known to them, or not.
Then a reply is made by those who know if the item is good or bad Like This and their idea of a name. Each company may use their own name -

This is used almost every day in the Malware Removal area of the forum -

Thank You -

#3 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 27 December 2012 - 05:36 AM

Have a look at this thread. I don't think Virus Total is supposed to do what you are trying to do with it. Something like Web Of Trust might be more appropriate.





http://www.bleepingcomputer.com/forums/topic970.html

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 27 December 2012 - 05:54 AM

I must agree with frankp316 -

You are looking for a program that will identify a good or bad SITE - This is not the job of V/T or Jotti -
They identify a single item, and not a site in any way.

I also agree with WOT, as I use this also, and this is to rate Sites, not individual items / infections within a site -

You would be much better with WOT and MBAM Pro version to identify suspect sites and IPs -
Again - Not what V/T is about -

#5 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 27 December 2012 - 06:59 AM

What excellent posts so far. You have all given me a superb collection of comments and I thank you sincerely.

I tried "Norton Safe Web", stuck in a number of "suspect" sites randomly chosen from porn searches with a WOT red marker and every one came up clean, just like VT ! Hard for me to believe there are no threats on a variety of such sites.

Of course we all know that WOT is not a security checker, but a moralistic and personal opinion marker. I am purely interested in security threats NOT user opinions on moral issues or child safety.

I have WOT, but use it as a very rough guide, knowing the basic reasons for the given ratings. I find it a distraction from serious surfing considerations.

#6 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 27 December 2012 - 11:40 AM

The correct answer is that all sites like Web Of Trust are user curated. There is no such thing as an objective site that will tip you off to malicious websites. That's why I don't use WOT or similar products because they are subject to misinformation and user abuse. Besides, you can go to trustworthy websites and still get infected by malicious ads provided by an outside ad server. Those are called drive by infections. That's why I stay off of Facebook. Too many land mines for me. So if you're looking for something foolproof, there's no such thing.

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:43 PM

Posted 27 December 2012 - 03:42 PM

I tried "Norton Safe Web", stuck in a number of "suspect" sites randomly chosen from porn searches with a WOT red marker and every one came up clean, just like VT ! Hard for me to believe there are no threats on a variety of such sites.

Sorry but you still do not understand what VirusTotal and Jotti actually are for ! !
They are not for SITE navigation - They are there to process One actual submitted piece of information, not a Site Advisor -

Please read This link OR Here and you will see that each are individual files, NOT pages or sites uploaded to virus total for checking against 45 existing data bases, to see if they have been included or identified by any so far -
Each item will include the MD5 and other details it you use the drop-down More Details expansion.

It seems that you are only wanting a Site Advisor Program put out by one of the Antivirus or Antimalware companies, not a File analysis system

Fully read > https://www.virustotal.com/about/ for the description of Virus Total and what it is for - Remove the word Google, as this is a Privately run exercise.

Now Google SystemLookup and they are "similar" in identifying Known Collected infections - NOT sites -

#8 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,526 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:43 AM

Posted 27 December 2012 - 04:03 PM

Another user curated site in the WOT mold is: http://www.avgthreatlabs.com/sitereports

Something I'm not seeing identified is the Virus Totals mention of URLS being scanned. The URLS that VirusTotals refer to are URL's for downloads not website URL's. This may be what the confusion regarding the zero identification of risky sites is related to by VirusTotals.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:43 AM

Posted 27 December 2012 - 08:41 PM

Hi,

McAfee's siteadvisor may be along what you search. It is scanned by the McAfee egine and the site is rated based on what McAfee finds mostly. So less of a user-drive approach and also more of a malware-based judgement. The same limitations as with other addons apply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 27 December 2012 - 09:17 PM

I must reiterate my earlier comments, that your responses have been excellently explanatory and I now understand what VT is all about.
Could not have wished for a better response. I never expected so many constructive posts.

Obviously my personal quest and objective is not a practical target and your posts explain why. No matter, I was under the impression that VT would check out a site on the Google search list before I entered it. I was wrong, but am grateful to you all for explaining why. I will probably not use VT again, but will retain it on my PC "just in case".

I have no particular anxiety about threats, since I trust my AV, FW and especially Sandboxie implicitly. Having wandered through the Valley of Death many times, visiting all kinds of demons and always come out clean, my confidence is on a high.

My grateful thanks to you all and sincere best wishes for a Very Happy New Year.

Yabba

#11 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 28 December 2012 - 04:40 AM

Another user curated site in the WOT mold is: http://www.avgthreatlabs.com/sitereports

Something I'm not seeing identified is the Virus Totals mention of URLS being scanned. The URLS that VirusTotals refer to are URL's for downloads not website URL's. This may be what the confusion regarding the zero identification of risky sites is related to by VirusTotals.


Dear Admin,

I think you have hit the nail right on the head. Entering a Site URL gives nothing but a constant stream of "All clears", this is what I have been doing and I know that the whole world is not "All clear", there is definitely a whole population of bogie's out there.

Next time I download, I will try VT before I do so and see what comes up. If I am convinced it worked OK, perhaps my opinion will then change about poor lambasted VT`s practical use.

Sandboxie is impeccable and all downloads are confined to the sandbox. It is then up to us users to decide whether to transfer such downloads out of the sandbox to our desktop etc. The risk of infection is then our problem, but I can always scan manually with my AVG, or MBAM, Emsisoft AM stand-alones before running the download should I be suspicious.

Edited by yabbadoo, 28 December 2012 - 05:01 AM.


#12 yabbadoo

yabbadoo
  • Topic Starter

  • Banned
  • 510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 28 December 2012 - 11:56 AM

I have found a website URL malicious site checker called Comodo Web Inspector. Looks more like what I am after :- http://siteinspector.comodo.com/

Tried it out on a confirmed malicious site list shown on the web and an example of the output is :-

Posted Image

Seems OK, any comments ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users