back to article VirusTotal wants YOU (but not you) to join its epic AV whitelist

Google-owned VirusTotal wants large software houses to send in their software catalogues so it can build what could well end up being one of the world's biggest anti-virus whitelists. The whitelist would clarify to users that software being checked for cleanliness came from a recognised developer, and warn vendors and anti- …

  1. CrazyLikeAFox

    So tell me... do known virus vectors like JRE or Flash get to be on the whitelist? At least one of them also has the joy of trying to foist crap onto you as part of the standard installer.

    1. Crazy Operations Guy

      So what does it do about Chrome? I've seen a couple installers that want to install it along side whatever I downloaded initially...

      1. EJ

        Hmm... that's a tough one. How would Google, the handler of VirusTotal, deal with Chrome, another Google product.

        Would Google act in their own best interests? I'm stumped...

  2. Kanhef

    Possibly shortsighted

    I don't know exactly how AV signatures are generated, but if there's any way to force collisions (like with md5), this could be a very bad idea. I'm sure plenty of people would love to have their malware whitelisted because it's identified as a core Windows component.

    1. John Tserkezis

      Re: Possibly shortsighted

      "I'm sure plenty of people would love to have their malware whitelisted because it's identified as a core Windows component."

      You don't have to. As the article says, with heuristic flags being generated hand over fist, I'm seeing a greater number of false positives than ever before.

      Not to mention the worsening flags on crack and key gen software. By default, things look so bad that you'll need to check yourself for odd rashes.

    2. Robert Helpmann??

      Re: Possibly shortsighted

      I don't know exactly how AV signatures are generated...

      Whitelisting actually uses a different approach than typical AV products. Similar in approach to a firewall, the default in using a whitelist is to block execution unless specifically allowed. Traditional AV products assume the process should run unless it shows up as known malware, typically through comparison with a signature (blacklists), or as the result of some sort of heuristic analysis.

      Done properly, a corporate admin might use the list curated by VirusTotal as a starting point, and then de-list those apps that are not desirable for whatever reason (licensing, appropriateness to the work environment, etc.).

  3. Crazy Operations Guy

    But most exploits in modern software come from those 'trusted' bits that are being white-listed... Why not have it set up to only have libraries and other bits of code on there that haven't been proved exploitable. I'm sure there are several compiled versions of OpenSSL on that whitelist that have vulnerabilities, especially since there are over 6000 Microsoft-built binaries on that list, one of em has to be vulnerable.

    Just because it isn't a virus, doesn't mean it won't bite you in the ass...

    1. Anonymous Coward
      Anonymous Coward

      This isn't a "not vulnerable" list. It's a list of "known, trusted source" files. It's aim is to avoid false positives when trying to spot files that should not be there, not to identify those that are allowed to be there but are vulnerable to some kind of attack - that would be another kind of list (or an attribute of files in such a list).

      1. Crazy Operations Guy

        I'm quite aware of that. My point being is that in today's environments, a security application that only warns you about malware is obsolete, we need more comprehensive solutions.

  4. Anonymous Coward

    Are Chrome and Google Toolbar in the list?

    If so, that "whitelist" is useless...

    1. Al_21

      Re: Are Chrome and Google Toolbar in the list?

      McAfee Security Scan and Ask Toolbar... Who uses these things?

      Most people's computers I see them on are unaware it's there... and its back on a few months after I uninstall it.

      1. VinceH

        Re: Are Chrome and Google Toolbar in the list?

        How can people not be aware if McAfee Security Scanm is on their computers? The blasted thing runs automatically on a regular basis (weekly, IIRC?) and warns users that their computer is insecure if it doesn't have some other McAfee crap installed. Quite hard not to notice, really.

  5. Al_21

    Is this another version of digital signatures?

    Hope AVs still scan the whitelisted programs on an ongoing basis to validate they're clean, else we won't have got anywhere.

  6. Mark Allen

    It is just another list to frustrate the average user

    This list sounds similar to the ones that Chrome use when you download an installer. A list that is a serious PITA at times. I'll often talk to a client over the phone to get them to install something like TeamViewer - only to have Chrome tell them that the installer can't be trusted.

    So if they can't even keep a list up to date for big name companies, I worry for the smaller developers. Those companies who will not be able to afford constantly getting their software on the white lists. We all know there will be a fee for this service... and it will become a massive headache for devs as they find PCs become a closed shop unless you pay the fee for entry.

    And what is a legitimate application for the list? How will the handle all these SnakeOil registry cleaners? SpeedUpMyPC applications? "Watch Free Sport" toolbars? These types of programs can be argued to be "legit" but have evil Ts and Cs and take over computers. In many cases they do worse damage than an actual virus, but so many of the BigBrand anti-virus products leave these scumware applications in place.

    This just sounds a bonkers system for me which will only benefit those software companies with wedges of cash.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like