Wednesday, August 30, 2017

VirusTotal gets a new hairdo

Being geeks in a world of executable disassemblies, shell scripts, memory dumps and other beautiful matrix like interfaces, it is no secret that at VirusTotal we have never been great artists. This said, many of you may have noticed that we have taken some time to refresh our public web site. Design is a matter of taste and so we acknowledge that while some will love it, some others won't. However, we think all of our users will be excited about some technical improvements that come along with this refresh, and so we wanted to be sure to call those out.

First of all, we dived into this redesign exercise in order to take advantage of new front-end architecture concepts such as web components. By making use of Polymer, we intend to create basic building blocks that will allow us to operate in a more agile fashion going forward, hopefully making it easier to create new features that you may all enjoy.

Under the hood we have placed a front-end cache layer that allows us, under certain circumstances, to load file and URL reports as if the data was stored locally on your machine, instantaneously. For instance, if you take a look at reports that contain lists of files or URLs, e.g.
https://www.virustotal.com/#/domain/drive.google.com
you may click on several files in the Downloaded files section and you will notice that after a first template load, subsequent file reports load immediately; the file objects appearing on lists are now locally cached via your browser's local storage. As you dive into multiple threat reports you may also feel lighter transitions thanks to this revamped site being mostly a single page application.

We have also acknowledged the fact that analysts and researchers like to see as much information as possible about a threat condensed into as little space as possible, this is why we have reduced unnecessary paddings, removed merely decorative icons, compacted detections into two columns, etc. It is also the reason behind introducing file type icons so that we can communicate at a glance as much details as possible:


https://www.virustotal.com/#/file/072afa99675836085893631264a75e2cffd89af568138678aa92ae241bad3553/detection
https://www.virustotal.com/#/file/82d763c76918d161faaca7dd06fe28bd3ececfdb93eced12d855448c1834a149/detection
We would like to thank our friends over at Freepik and Flaticon for designing such a rich set of icons for us.

Ease of data communication and comprehension also explains why certain new sections grouping details of the same nature have appeared, e.g. the file history section:


This section ties together all the date related information that we have about a file, including submission dates to VirusTotal, date metadata shared by partners such as Sysinternals' tool suite, file signature dates, modification date metadata contained in certain file formats such as ZIP bundles, etc. Many of these details were formerly spread over different sections that made it difficult to get a clear picture of a file under study.

We have also taken a shot at some usability improvements. You will notice that we now have an omnibar that allows users to search or submit files from any page within VirusTotal, no matter whether you are on a file, domain, IP address or URL report, you can refer to the top bar in order to continue your investigations. Similarly, you can always drag and drop a file in any view in order to trigger a file scan. By the way, we now accept files up to 256MB in size, leaving behind the former 128MB limitation.

Usability is also the reason why file and URL reports now include a floating action button that allows users with privileged accounts to act on the file in VirusTotal Intelligence, for example, by launching a similar file search in order to pinpoint other variants of your interest.


Finally,  we also wanted to spend some time making sure that certain technical features would be understood by non-technical audiences, this is why when you now hover over the headings or subheadings of the different detail sections you get descriptive tooltips:



Better descriptions and inline testing forms can also be found in our  new API documentation and help center

As you can see, what looked merely like a subtle aesthetic change hides certain unnoticed functionality improvements that we hope will make your research smoother. We feel very excited about the transition to web components, as this will allow us to reuse basic building blocks and will speed up future coding efforts. There is still a lot of work to do as we have not fully rewritten the entire site: group and consumption sites or private views such as Intelligence are now entering our redesign kitchen. As usual, we would love to read your suggestions and ideas so that new iterations match your expectations, please share your feedback.

P.S. You may have noticed that our logo has morphed from a sigma into a sigma-flag symbiosis; there is a nice little story to it. The sigma represented the aggregation of detection technologies, and in the security field we often use the term flag in order to detect or mark a file as suspicious, hence, the new logo represents both the aggregation and flagging in one unique visual component.