Virus Total has been described as a useful tool, but the industry needs something better.
Talking to IT Security Guru, Giovanni Vigna, co-founder and CTO of Lastline, said that it has run malware on Virus Total which is “the wrong tool in a way and sometimes people get upset when people run tests on it, but it is the only one we have”.
Asked if he felt that something could replace it, Vigna said that Virus Total is “a fantastic tool”, but said that the industry needs something better as the tools that run in Virus Total are just normal anti-virus.
He said: “I think that this is something that the security community has already acknowledged and the anti-virus companies know that we need to go beyond static signatures and we need dynamic data and dynamic execution to work with.”
Jaime Blasco, director of AlienVault labs, praised Virus Total as “a great tool for researchers” as it lets you easily explore certain pieces of malware and obtain new information when you are investigating a certain incident or malware family.
He said: “The Virus Total team has done a great job (the company was started in Spain like us) and Google bought them a few years ago. The problem when you use Virus Total as a tool to ‘compare’ anti-virus solutions, the engines that they use usually work in ’static mode’, meaning that they only analyse the file itself.
“The problem is anti-virus usually has more features that can only be tested when they are running in real environments, such as behavioural analysis or when it comes to exploit detection, they use heuristics that can only be applied in a real environment.”
Mark Osborn, senior security consultant at MWR InfoSecurity, said: “We believe Virus Total isn’t ‘broken’, it’s just a tool; and as a tool to provide information, it works extremely well. In fact, other tools are also hooking into it and providing extra value.
“Virus Total does, however, go right to the heart of the anti-virus problem: there is no asymmetry between attacker and defender – both parties have access to the same information and this will always result in an advantage to the attacker.”
Luis Corrons, technical director of PandaLabs at Panda Security, also defended Virus Total, saying it was not the industry as a whole who built Virus Total, instead it was a company that had a brilliant idea and decided to give it a try.
“If Lastline had better ideas I am sure they could start a new project covering this, or they could even talk to Virus Total (or other companies offering similar services) and tell them their ideas to see if they can be implemented,” he said.
Osborn said: “If a Virus Total alternative existed, which only defenders had access to, then this would be of much more value to the defenders. This is the main reason behind our recent release of a new service which may go some way to tipping the balance in favour of network defenders tackling the threat of advanced malware.”
