Thursday, 14 September 2017

VirusTotal += Avast Mobile Security

We welcome the Avast Mobile Security scanner to VirusTotal. This engine is specialized in Android and reinforces the participation of Avast that already had a multi-platform scanner in our service. In the words of the company:

"Avast Mobile Security is a complete security solution capable of identifying potentially unwanted (PUP) and malicious apps (TRJ). The app protects millions of endpoints on a daily basis using a wide range of cloud and on-device-based detection capabilities. Our hybrid mix of technology, which includes static and dynamic (behavioral) analysis in conjunction with the latest machine learning algorithms allow us to provide state of the art malware protection.

Avast has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by AV-TEST, an AMTSO-member tester.

Wednesday, 30 August 2017

VirusTotal gets a new hairdo

Being geeks in a world of executable disassemblies, shell scripts, memory dumps and other beautiful matrix like interfaces, it is no secret that at VirusTotal we have never been great artists. This said, many of you may have noticed that we have taken some time to refresh our public web site. Design is a matter of taste and so we acknowledge that while some will love it, some others won't. However, we think all of our users will be excited about some technical improvements that come along with this refresh, and so we wanted to be sure to call those out.

First of all, we dived into this redesign exercise in order to take advantage of new front-end architecture concepts such as web components. By making use of Polymer, we intend to create basic building blocks that will allow us to operate in a more agile fashion going forward, hopefully making it easier to create new features that you may all enjoy.

Under the hood we have placed a front-end cache layer that allows us, under certain circumstances, to load file and URL reports as if the data was stored locally on your machine, instantaneously. For instance, if you take a look at reports that contain lists of files or URLs, e.g.
https://www.virustotal.com/#/domain/drive.google.com
you may click on several files in the Downloaded files section and you will notice that after a first template load, subsequent file reports load immediately; the file objects appearing on lists are now locally cached via your browser's local storage. As you dive into multiple threat reports you may also feel lighter transitions thanks to this revamped site being mostly a single page application.

We have also acknowledged the fact that analysts and researchers like to see as much information as possible about a threat condensed into as little space as possible, this is why we have reduced unnecessary paddings, removed merely decorative icons, compacted detections into two columns, etc. It is also the reason behind introducing file type icons so that we can communicate at a glance as much details as possible:


https://www.virustotal.com/#/file/072afa99675836085893631264a75e2cffd89af568138678aa92ae241bad3553/detection
https://www.virustotal.com/#/file/82d763c76918d161faaca7dd06fe28bd3ececfdb93eced12d855448c1834a149/detection
We would like to thank our friends over at Freepik and Flaticon for designing such a rich set of icons for us.

Ease of data communication and comprehension also explains why certain new sections grouping details of the same nature have appeared, e.g. the file history section:


This section ties together all the date related information that we have about a file, including submission dates to VirusTotal, date metadata shared by partners such as Sysinternals' tool suite, file signature dates, modification date metadata contained in certain file formats such as ZIP bundles, etc. Many of these details were formerly spread over different sections that made it difficult to get a clear picture of a file under study.

We have also taken a shot at some usability improvements. You will notice that we now have an omnibar that allows users to search or submit files from any page within VirusTotal, no matter whether you are on a file, domain, IP address or URL report, you can refer to the top bar in order to continue your investigations. Similarly, you can always drag and drop a file in any view in order to trigger a file scan. By the way, we now accept files up to 256MB in size, leaving behind the former 128MB limitation.

Usability is also the reason why file and URL reports now include a floating action button that allows users with privileged accounts to act on the file in VirusTotal Intelligence, for example, by launching a similar file search in order to pinpoint other variants of your interest.


Finally,  we also wanted to spend some time making sure that certain technical features would be understood by non-technical audiences, this is why when you now hover over the headings or subheadings of the different detail sections you get descriptive tooltips:



Better descriptions and inline testing forms can also be found in our  new API documentation and help center

As you can see, what looked merely like a subtle aesthetic change hides certain unnoticed functionality improvements that we hope will make your research smoother. We feel very excited about the transition to web components, as this will allow us to reuse basic building blocks and will speed up future coding efforts. There is still a lot of work to do as we have not fully rewritten the entire site: group and consumption sites or private views such as Intelligence are now entering our redesign kitchen. As usual, we would love to read your suggestions and ideas so that new iterations match your expectations, please share your feedback.

P.S. You may have noticed that our logo has morphed from a sigma into a sigma-flag symbiosis; there is a nice little story to it. The sigma represented the aggregation of detection technologies, and in the security field we often use the term flag in order to detect or mark a file as suspicious, hence, the new logo represents both the aggregation and flagging in one unique visual component.

Thursday, 6 July 2017

VirusTotal += Cylance

We welcome Cylance scanner to VirusTotal. In the words of the company:

“Cylance is the first company to apply artificial intelligence, algorithmic science and machine learning to cybersecurity to prevent the most advanced security threats in the world. Using a breakthrough predictive analysis process, CylancePROTECT® quickly and accurately identifies what is benign and what is a threat, and prevents malicious code from ever executing on a targeted system. By coupling advanced machine learning and artificial intelligence with a unique understanding of an attacker’s mentality, Cylance provides technology and services that are truly predictive and preventive against the most advanced threats.”

Cylance has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by NSS Labs, an AMTSO-member tester.

Tuesday, 4 July 2017

VirusTotal += MAX

We welcome MAX scanner to VirusTotal. This scanner was developed by Saint Security Inc, headquartered in Seoul, South Korea. In the words of the company:

“MAX is a machine learning and cloud-based next-generation antivirus engine that identifies malware with AI. MAX, as a part of the malwares.com Project launched by Saint Security in 2014, is designed to detect malware by using intelligence data from malwares.com. It identifies various malware by nature, maximizes detection rate and minimizes false-positives with multi-layer and whitelist learning. In addition, MAX detects various types of files such as Windows binary files (32bit, 64bit), Linux elf files, mobile APK files, etc.”

Saint Security has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by SE Labs, an AMTSO-member tester.

Tuesday, 21 March 2017

VirusTotal += Symantec Mobile Insight

We welcome the Symantec Mobile Insight scanner to VirusTotal. This engine is specialized in Android and reinforces the participation of Symantec that already had a multi-platform scanner in our service. In the words of the company:

"Symantec Mobile Insight is a comprehensive mobile security service capable of identifying suspicious and malicious apps using a broad array of endpoint-based and cloud-hosted techniques. These techniques blend traditional code and behavior analysis with cutting edge similarity and machine learning applications. Leveraging analysis of over 50 million apps and telemetry from millions of endpoints on a daily basis, we're able to provide superior protection. Our App Advisor technology can help end users identify malware and other unwanted apps on the App Store, prior to installation.

Symantec has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by AV-TEST, an AMTSO-member tester.

Wednesday, 15 March 2017

VirusTotal += SentinelOne

We welcome the SentinelOne scanner to VirusTotal. This is a machine learning engine from the US. In the words of the company:

"SentinelOne (Static ML) is a machine learning engine designed to identify unknown malware. It is part of SentinelOne’s unique offering of a multi-layer detection and prevention agent – utilizing behavioral monitoring and static analysis that is capable of keeping organizations ahead of any advanced threat in real-time. SentinelOne protects Windows, OS X and Linux-based endpoint devices against advanced malware, exploits and fileless attacks.

SentinelOne has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by MRG Effitas, an AMTSO-member tester.

Tuesday, 7 March 2017

VirusTotal += Palo Alto Networks

We welcome Palo Alto Networks (Known Signatures) to VirusTotal. This scanner was developed by Palo Alto Networks, headquartered in Santa Clara, CA. In the words of the company:

"Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers superior security, safely enables daily business operations, and protects an organization's most valuable assets. The Palo Alto Networks (Known Signatures) scanner was built for VirusTotal to identify malicious files by comparing Windows portable executables (PE) file indicators against antivirus signatures from the Palo Alto Networks Threat Intelligence Cloud. The scanner is not a commercially available product, but leverages all of Palo Alto Networks known malicious antivirus signatures.

Palo Alto Networks has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by SE Labs, an AMTSO-member tester.

Monday, 6 March 2017

VirusTotal += Check Point

We welcome ZoneAlarm to VirusTotal. This is a consumer security solution developed by Check Point Software Technologies. Ltd., a company with worldwide headquarters in Tel Aviv, Israel, and US headquarters in San Carlos, CA. In the words of the company:

"ZoneAlarm is a comprehensive, multilayered security suite that stops the toughest viruses, spyware and hackers. Award-winning protection includes Advanced Real-Time Antivirus, Advanced Firewall, Anti-Spyware, Enhanced Browser Protection, Threat Emulation, Find My Laptop, Anti-Keylogger, Parental Controls, PC Tune-up and more.

Check Point has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates these reviews by NSS Labs, an AMTSO-member tester.

Tuesday, 14 February 2017

VirusTotal += Webroot

We welcome the Webroot scanner to VirusTotal. This is a machine learning engine from the US. In the words of the company:


"Webroot SecureAnywhere Business Endpoint Protection is a cloud-driven anti-malware solution and was the first next generation solution to offer a full replacement to conventional AV when launched in 2011.
Rather than rely on static signatures to identify malicious files and process, Webroot uses real-time monitoring and analysis of the events occurring within a device. Then, by using the extensive resources of cloud-based computing, threat and behavioral intelligence, Webroot is able to predict with negligible false positives any signs of malicious behavior. Windows PE files submitted to VirusTotal will be processed by the Webroot PE Scanner, non-PE files will not be scanned.”

Webroot has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by MRG Effitas, an AMTSO-member tester.

Thursday, 9 February 2017

VirusTotal += Endgame

We welcome the Endgame scanner to VirusTotal. This is a machine learning engine from the US. In the words of the company:

"Endgame is a leading endpoint security platform that enables enterprises to close the protection gap against advanced attacks as well as detect and eliminate entrenched adversaries. Endgame's endpoint security platform leverages a series of layered defenses to prevent, detect and respond to threats through a unified endpoint agent. The IOC-independent platform covers the entire kill chain, leveraging machine learning and behavioral techniques to uncover, in real-time, unique attacks that evade traditional defenses and respond precisely without disrupting normal business operations. The malware detection and prevention capability, integrated in VirusTotal today, represents a key element in this layered defense. The machine learning model exposed in VirusTotal detects never-before-seen malware with high efficacy in an extremely lightweight implementation."

Endgame has expressed its commitment to follow the recommendations of AMTSO and, in compliance with our policy, facilitates this review by SE Labs, an AMTSO-member tester.