Google Acquires VirusTotal

Google is not evil. It all depend on how you use it.
I think this Virus Total acquisition will let them build a malware database without spending a penny on development. A smart move, if you ask me.

 

The alternative:

http://virusscan.jotti.org/

 

ive always used both and now will only use jotti.

 

They will start by adding the hashes of submitted files (and outcome) to Google's safe surving (file reputation) feature. So could be available for public in next Chrome release. VT is a nice addition to honeypots and server side file reputation collection (on Google's not so private usage tracks in their search cache/DNS servers).

Google was allready evil for some. Their business models is based on adds and clicking, so one should be surprised it tracks your internet traffic allways on the cross border of (EU) privacy regulations and (US) tracking obligations posed at web facilitators as cloud storage, search engines and browsers (all for the fight against terrorisme).

For me browsing the web via anonymus proxy services is simply to much of a hassle/loss of response time, I can only hope that Google's file reputation will become as strong as IE's smartscreen.

 

That is not a wise move... what are you afraid of when you upload a file to virustotal?

 

People do not have purely egotistical motives. They have ideals and principles, which then become the guidelines for their behaviour. I agree with TheWindBringeth that borderline totalitarian industry consolidation is not a good idea. There are always alternatives, even to Google.

 

nothing im afraid of EXCEPT giving google more info then they need i refuse to contribute to their mass data collection. which i why i do not use anything from google now at all period.

 

But you are not giving any PERSONAL information to Google if you upload a file to VirusTotal. Sorry but this sounds to me just pure hatred towards Google. They have done nothing wrong with VirusTotal until now. If they will force me to register on Google+ or require other personal information then i will agree about the privacy concerns.

 

+1
I am happy with this decision. This move only have extended the lifetime of VT. How any of us have donated to VT to maintain their server load. Money is the key factor for the growth of any good thing. I wish now VT will support 100 Mb upload size.

 

Yeah time to swap to a different service before I have to log into Google+ using my real name and phone number just to upload a sample.

I know of http://virusscan.jotti.org/en
Other alternatives?

 

http://www.viruschief.com/
http://vscan.novirusthanks.org/
http://virscan.org/

 

If you are looking for an alternative for free multiscanning you can use metascan-online.com

 

http://www.metascan-online.com/....don't know how I failed to read previous post properly suppose at least I provided the link, sorry

 

i will not go into it here but i have my reasons to dislike google. not only do i know people that work for them personally and have some insight maybe more than others do to certain goings on, they screwed me on our online business' ad words among other issues we have had with them. i will NEVER have a google + account nor will i use gmail, so for me anything related i guess you could say i feel is evil.

 

Some people have created accounts at VirusTotal in order to comment and/or acquire an API key so that they can perform their own automated lookups. First and last name appear optional but email address does not. Lets assume that doesn't apply...

VirusTotal has a high availability pay-for API. I'm not sure what products/services use that, whether some users are indirectly exposed to it without knowing so, and whether such queries in some cases contain additional information such as per machine/user GUIDs tied to accounts elsewhere. Lets assume that doesn't apply...

Someone is manually querying VirusTotal. Lets overlook VirusTotal's cookies and use of scripts at google.com, googleapis.com, and google-analytics.com (!) to keep things as simple as possible. Those could be blocked anyway. When you perform a lookup, VirusTotal receives your IP Address (which may be static or relatively sticky) and your browser headers (which can be fingerprinted with/without factoring in their IP Address). Here's where the debate begins. Is an IP Address "personal information"? Are browser headers "personal information"? That is a basically a debate over legal definitions and the entity's legal obligations with respect to use/sharing of such information, disclosing such things, etc. The far more important and practical questions are...

Can that IP Address (and those browser headers) be used to identify the same user in a different context? Can they be used to associate/acquire additional information about that same user? The answer is a "yes, but..." where there are various ifs that may or may not come into play and which may or may not be sufficient to eliminate that which concerns the reader.

Google is special for a number of reasons. One is its tremendous exposure to information in so many different contexts. Security/privacy revolve around the concept of compartmentalization. Simply put, the ability to "keep things separate", "restrict knowledge of information to only those who have an absolute genuine (from the information owner's point of view) need to know", and "minimize the number of entities that can access information across compartments and put the bigger picture together". There are so many different ways one's information and activities can be exposed to Google that it makes Google a major threat in this respect. Then there is Google's history, the various changes/expansions they've made, and general business model. Google is, I think it fair and accurate to say, a company that clearly WANTS to acquire, associate, retain, and use more information about users. It is quite reasonable to be very concerned about that. Even hate it I think. At least if you are doing so based on an understanding of it and a genuine concern for privacy.

TLDR: The question isn't just whether you are directly/immediately giving an entity "personal information" according to someone else's definition. It is whether what what you are "giving" them, directly *or* indirectly, allows them to access what YOU consider to be "personal information".

 

nothing from google is good

Google only spy on everybody.

 

Thanks for the scoop. I won't be using VT anymore...

 

I'm not worried about he absolute minuscule chance that Google may think my computer is more special than the millions of others and acquire the file details of a suspected item I upload, there is really nothing about it that I'd be worried about, Heck.. I could email Google the code for said file for all I care, what privacy would I be loosing? I really don't understand the hatred for google :\ or should I say I really don't understand why people hate success and innovation

This will be interesting what develops in the future I hope as someone said previously they use it as some sort of filtering in their search service. I don't see anything bad coming of this, Nothing is being lost here..

 

If I may comment on just that point because I think it important to do so. We live in an age where computing and particularly storage are so cheap that treatment which could have only been done in special cases in the past can be done in a completely automated fashion and across the board today. In most cases it doesn't even have to occur in real-time... it can be done via post processing lightweight logs. Certainly by the big players and Google is one of the biggest if not the biggest. Therefore, I think one must rethink "I'm not special and thus my activities won't be captured".

 

You know what they say about absolute power, and corruption?...

Also I believe the "strength in numbers" approach is pretty flawed when it comes to computer security. Though it works well enough if you're in a herd hoping to escape predators on the way to the watering hole. I personally don't put my faith in hoping I'm not the one eaten though.

 

even if they are captured what difference does it make to somebody like him(& many others like him):

absolute power means having a finger on a nuclear ICBM with no accountability to anyone not a certain software company acquiring VT or having biggest online search market share.it is still no umbrella corporation & it never will be.

 

Good.

Google... with a few privacy concerns acknowledged... has been great. Picasa is great. Chrome is great. Gmail and Google Maps are great. And they often figure out ways to do things without a fee to us -- the consumer.

I used to use a security system called Green Border. It was revolutionary for its time.

http://en.wikipedia.org/wiki/GreenBorder

I was disappointed when Google bought them.

But now we get to use key parts of the technology in the Chrome browser -- and it's free.

Bravo Google.

 

OT I beta tested some of the early versions after I emailed them to ask if they would come out with a home version. I must of took them by surprise as they replied they were not thinking of that, then a week later they changed their mind and come out with a desktop version. I had some good conversations with a software engineer and Bill who joined Wilders was a nice fellow - anyway one of the GB versions I have had no protection/time limit so still works.

_______________

It is good for VT funds and bandwidth.

 

That's a good question and there are many layers to it, ranging from the high level "why should I care about privacy in general?" down to the "what difference could it make if the files I submit for online scans are snooped?". When discussing things in forums where you don't know who is reading and what their context is, I lean towards "if it could adversely affect anyone, mention it". So for the second topical question I would offer this:

• The files you submit may contain personal information, identifiers unique to you and/or the accounts you use. For example, if you are the developer and your build tools inserted your information, if you downloaded a program that has embedded within it a GUID that is tied to your account, etc.
• The files you submit may be unique to a specific company you do business with, a specific project that you are working on, a specific type of financial or other account you have, a specific client you have taken on as a professional obligated to maintain privacy, etc.
• The files you submit may reveal details about the computing devices you use, other devices in your home, what software you are running on them, the security and privacy steps you take or don't take.
• The files you submit may reveal details of your life such as age bracket, income bracket, your sex, whether you are single or married, whether you have or are expecting children, your health, your political activities, your other interests, etc.
• The files you submit may be considered by some, and inappropriately, to make you suspicious. You may use encryption software, network sniffing software, alternate but legal tools that can backup and/or play copyrighted material, privacy tools considered to provide too much privacy, etc.

There is literally a whole industry dedicated to taking captured information and mining that to build up profiles of those individuals or businesses. We're talking about bright people, full time jobs and careers, working for companies (and governments too) that have very deep pockets. You must think like they do and look at things from the POV of someone with that objective. Someone who will be making their own calls based on what they think is important in your activity. Those calls might not even be accurate and you'll likely never know if they are or be able to challenge the faulty inputs. You also likely won't know who all has authorized and unauthorized access to the logs, profiles, etc. You must think about the cumulative potential risks and consequences going forward. A teenager or early adult, for example, likely won't have the same activities and perspective as someone who is more established and responsible for a family. Profiles are built up over time and contain some if not much history.

So those are some specific things one might consider and perhaps adjust based on their context, exposure, and concerns. I leave it to individual readers to take it from there and make up their own minds. There is a privacy forum for broader questions.