Message-ID: <b7bc1b1f040903220750b22d80@mail.gmail.com>
From: uberguidoz at gmail.com (Über GuidoZ)
Subject: Re: About VirusTotal/Hispasec

Very happy to see your reply Bernardo. =) That's how I imagines
VirusTotal.com to be... it's a shame that some people insist on
bashing a valid service. I can certainly understand, and appreciate,
2nd guessing something that seems to good to be true. However, instead
of bad mouthing it right out of the box, ask the questions first. THEN
give the conspiracy theories. =D

Best of luck expanding VirusTotal.com. It's an awesome service that
has saved me many headaches in times of need.

-- 
Peace. ~G


On Fri, 3 Sep 2004 21:11:12 +0200, Bernardo Quintero
<bernardo@...pasec.com> wrote:
> > I'm also rather suspicious of your promotion of Virus Total.  Hispasec,
> > as far as I can tell (Spanish being something I have to have translated
> > via online services), has no antivirus or similar product of its own,
> 
> Obviously, we don't develop any antivirus product. We don't either
> distribute any antivirus solution or have interest in any specific AV
> vendor.
> 
> > yet it has set up, and some folk seem to be promoting, what is
> > effectively a sample collection mechanism.  I've also heard vague
> 
> Sincerely, we have no hidden intentions, and we don't have any business
> model behind VirusTotal, but we accept suggestions in that field ;)
> 
> VirusTotal is more a system that lets users have a second opinion about
> suspicious file that, by any reason or other, are not detected as
> 'dangerous' by the AV they have installed in their system.
> 
> The program were developed as an inner-use tool for our laboratory to
> keep monitorized update responses of AV engines against new malware,
> knowing that way when exactly they started to detect them.
> We're requested frequently for consulting about antivirus solutions, and
> we've been doing tests and studies in that field for technical magazines
> and companies for years.
> 
> Once we had it working in our lab, we thought it would be something
> useful for the community for having that second opinion I told you
> about. We made it a lovely wrapper (the web interface) and we offered it
> as a free service.
> 
> About files received, we've developed a distribution system for giving
> that files to AV vendors that don't detect a suppossedly infected file
> (or that they detect with heuristics). This system is not active now,
> and I hope to make a formal proposal (free) and have consensus with
> them to see  if they like that system. If we finally activate that system,
> VirusTotal  will accept new commands so users could choose if they
> want that files to be sent to AV vendors or not.
> 
> I don't really see any problem about suspicious binaries, but in in the
> case of documents I understand that users should be able to use the
> service and make it knowing that file is not going to be sent to any lab
> (a matter of privacy). I think the best way is to keep that
> 'not-sending' option, so a user can decide anytime when they send a new
> file to make it enter the distribution system or not.
> 
> > rumblings that Hispasec/Virus Total does not have suitable licenses for
> > at least some of the scanners used in its service (and strongly suspect
> > that several of the AV vendors whose products are currently used would
> > not allow their products to be licensed for use in a service of the
> 
> No AV engine in VirusTotal is being used againsg the will of their
> vendors. We've asked permission to all developers themselves or
> distributors of that products here in Spain (just by geographical
> reasons, as it is our country). We're planning to increase the number of
> engines used (we're working on it) as other AV vendors have asked us to
> be part of the project with their solutions.
> 
> >- the different results could be due to differences in the update
> >  schedule at virustotal.com (some vendors offer their fastest updates
> >  only for premium licenses, which virustotal may not have).
> 
> VirusTotal is configured to look for new updates of all AVs in the
> system every 5 minutes. The updating system is basically the same that a
> registered used have in their own system. Obviouslly, AV vendors have
> stressed the importance of keep that procedure as pure as possible for
> not being 'harmed' against others.
> 
> >- maybe some products are used with optimized settings (for example
> >  maximum heuristic detection) and others with default settings.
> 
> The parameters used in each engine are discussed with the developers, as
> we look for a behaviour as close as possible to the one a user could
> experience in their system.
> 
> >Unless for (a purely theretical) example the website would use your
> >submission to infect others (perhaps with your address as sender) :-)
> 
> Definitively, that statement is close to paranoia, or there's simply
> interest in you to libel the service. Well, next week VirusTotal will
> accept files though a form that won't need any email to be given, so you
> can obtain the results directly on the web.
> 
> >I believe the intension maybe good but I have some lingering
> >suspicion of *free* service that have you send in binary maybe
> >the elaborate works of vx traders.  (cue the conspiracy theories)
> 
> Obviously not.
> 
> Do you have any other suspicion or vague rumour? I think this kind of
> things can make people of the list get bored, so you can use the email
> we offer (info@...ustotal.com) for answering all kind of requests (it's
> only a suggestion). With time, and using the most usual questions and
> answers received through that email, we're going to publish a FAQ in the
> site itself.
> 
> Of course, all critics and sugerences are welcome so we can improve the
> service or include new features.
> 
> Thanks,
> 
> Bernardo Quintero
> bernardo@...pasec.com
> Hispasec Sistemas
> http://www.hispasec.com

Powered by blists - more mailing lists