Tuesday, July 14, 2009

VirusTotal: Scan Individual Files for Threats

E-mail attachments and shady downloads from file-sharing services aren't the only ways to let viruses and other malware onto your computer. Most anti-virus applications will catch potential threats as soon as they land on your system or when you try to open them, but what if you're threatened by spyware or another form of malware that most security suites don't check for? Enter VirusTotal, a service that allows you to upload a file and have it scanned for viruses immediately.






There are a number of ways that malware can get onto your system with or without your consent. What about the pirated software you got from the "computer guy" who lives down the hall, and the archive of party photos your friend just transferred to you over IM? Most security suites will scan those files as soon as you try to open them or run them, but some security apps don't look for certain types of malware. Worse, most people who do have security software on their systems don't keep it up to date, which is almost as bad as not having anything installed at all. If you're looking at a file or a disc that you just got from a friend and you want to know if it's safe, VirusTotal might be able to help.



VirusTotal is a free online virus-scanning service provided by Hispasec Systems (based in Spain). If you have a file that you think is suspicious, browse to it, upload it to the site, watch the scan progress, and instantly get feedback as to whether the file is infected, and by extension whether your system is infected. If uploading a file to a Web site every time you're curious if it's malicious is too much trouble for you, you can download VirusTotal's uploader, which adds an entry to your Send To menu. Using the uploader, you can just right-click any suspicious file and choose Send To: VirusTotal, and a browser window will open, upload the file, and show you the results.



If you're concerned about security of the file, you can tell VirusTotal not to share the sample file with its labs, or choose to send the file to the service over SSL. The service seems to get significant use; you can view service statistics on the VirusTotal page and see that most of the files submitted to VirusTotal are actually malicious. IT professionals could use a tool like this when they find that malicious software has disabled the antivirus program on a computer, or when a user reports odd system behavior right after running a specific program.



VirusTotal is available in over a dozen languages, and the service participates with over two dozen antivirus applications and suites, including McAfee, Kaspersky, and Symantec, to get up-to-date virus descriptions and keep the product useful. But the folks behind VirusTotal will be the first to tell you that it's no substitute for a real security suite--it's just another weapon to add to your arsenal.

No comments:

Post a Comment