Why don't all browsers run the checksum for whatever they just downloaded past VT before committing the save? Aware you can get various extensions and such, but even so.. it seems like such a minor thing to add.
Alphabet-owned malware aggregator website VirusTotal has given itself an enterprise-focused makeover. The firm said the reboot "takes advantage of Alphabet's "increased scalability of data collection, processing, and search" to help threat intel teams work faster. Front and centre of the upgrade is the introduction of Private …
"Why don't all browsers run the checksum for whatever they just downloaded past VT before committing the save? Aware you can get various extensions and such, but even so.. it seems like such a minor thing to add."
Probably because this would be a huge privacy concern.
There are several websites where you can upload a hash and it will show you what the hash correlates to in it's database.
These antivirus companies can positively identify what a user is downloading by the SHA/MD5 sums and share what it is the user just downloaded (along with the users IP address and browser fingerprint) and passes this info along to it's affiliates (IE: Facebook, Experian etc.)
Starting to understand the privacy risks now?
Same thing goes for Google's Safe Browsing and others that collect the users web browsing history.
Google has partnered with ESET in it's Chrome browser for another example.
ESET is a cloud based antivirus/security company from a foreign country that isn't held to the same laws as the US or UK.
(Just like almost all the AV engines on Virus Total)
This is much more of a cocern.
"ESET is a cloud based antivirus/security company from a foreign country that isn't held to the same laws as the US or UK."
I've just done a quick search and it seems that ESET is based in Slovakia, which is part of the EU.
I think it's reasonable to assume that the laws ESET has to obey regarding storing data about people are pretty much the same as those in the UK, what with GDPR applying to all EU member states.
I just lost faith in Virus Total. Since google is one of the most compliant to the US government companies.
Hacking tools of the NSA, CIA, FBI, MI6/8 (others?) (which are used by private criminals too) must be white listed. Making the site a puppet ground and only useful to criminals to test their malware on.
One thing I like about VirusTotal is that what it aggregates it publicly cites. What I fear is that these public citations will go away. There are others that do this, but not enough. I don't want the public collaboration to go away, turning all the security services into black boxes. That doesn't mean there should be no black boxes. I just think that public collaboration and education is too important to have InfoSec become only black boxes--driven by secretive minions keeping what is crucial knowledge from the public.
Virus Total performs a service, and like most things it can be abused but that doesn't mean that it's not useful for lots of people - you really think that Google is any different from any other company? They are all in the business of selling your data.
Privacy isn't dead - it was never alive, we just thought it was.
Biting the hand that feeds IT © 1998–2020