Jump to content

Virustotal


galaxy

Recommended Posts

Reputational scanners and anti-exec's like VoodooShield do this since they don't maintain a resident virus signature database.

I don't know of any major AV products that do likewise.

Link to comment
Share on other sites

  • Administrators

I strongly doubt that integration with VT would be free for AV vendors. Moreover I don't see any reason for it since it gives users just a second opinion on files without telling 100% truth if a file is malicious or not. It happens that innocuous samples are detected by dozens of AVs while malicious samples are undetected by all vendors. Also common users usually can't distinguish between overaggressive and accurate detections. As a result, they tend to ask why an AV failed to detect a particular sample given that another AV reported it at VT as infected. In fact, it could be an aggressive detection, e.g. based merely on cloud data and the AV that reported it would actually have a FP on it.

Link to comment
Share on other sites

But you also have to say that the idea would be great, you could just upload it to unknown files, I use Secureaplus with ESET and this is super security

Edited by galaxy
Link to comment
Share on other sites

What could be done in this regard is that Eset provide an option in LiveGrid to allow the user to manually initiate a connection to VirusTotal when an unknown file attempts to execute. This is how the processing works in VoodooShield for example.

The problem is this is easier said than done. Anti-exec software like VoodooShield was designed from the beginning to provide this "second opinion" capability. It therefore has incorporated logic to exclude signed processes that are frequently updated such as Win system files, etc. from being detected as unknown.

Eset to date has indicated it has no desire to get into anti-exec processing that requires on going and frequent user interaction.

Link to comment
Share on other sites

OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet

Link to comment
Share on other sites

  • Administrators
35 minutes ago, galaxy said:

OK, but you could also consider other databases in order to detect unwanted applications faster, even if it is not in the ESET database yet 

Using multiple scanning engines is not advantage if an AV already uses advanced technologies. Using multiple engines affects performance, increases the chance of false positives and I'm sure it would also affect the price of the AV since no vendor would allow to use their engine for commercial purposes for free.

Link to comment
Share on other sites

Securaplus also uses some databases that works out very well, with ESET together unbeatable

Edited by galaxy
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...