Educause Security Discussion mailing list archives
VirusTotal Alternatives [Changing Subject Line]
From: Karl Bernard <karl.bernard () GMAIL COM>
Date: Thu, 26 Jan 2012 09:43:04 -0600
This is a great discussion and deserves its own thread ;) On Thu, Jan 26, 2012 at 9:38 AM, Tim Doty <tdoty () mst edu> wrote:
A quick look at jotti's source and I expect them to follow virustotal down the path of requiring allowing all google domains to function. To force javascript enabled they disable the form input and then use javascript to enable it. They have a claim that the service will not work without javascript. Inasmuch as that is true it is only so because they deliberately broke the page. Of course, it is a misleading statement anyway because javascript isn't an either/or situation (thanks to NoScript). They also use javascript to validate form data. I haven't looked at it deeply (what is there to validate for a simple file upload?), but I did notice the comment that they skip hidden elements because user's can't alter the information. Really? My estimation of their web developers is dropping... The javascript they include looks pretty mundane, just some "fancy it up" type stuff (and of course a function to enable the submit button for the form). If they were upfront and said "this is an ad supported service, we will try our best to make it not work if you don't view our ads" I'd think more highly of them. What would be nice is a community service that did what virustotal and jotti do, but without the back links to google. Maybe something for REN-ISAC (as if they didn't have enough stuff lined up already...) Tim Doty On Thu, 2012-01-26 at 09:23 -0600, Tim Doty wrote:On Thu, 2012-01-26 at 09:01 -0600, John Kristoff wrote:On Thu, 26 Jan 2012 08:24:08 -0600 Tim Doty <tdoty () MST EDU> wrote:I'm aware of some alternatives, but I'm curious about reputation.Whatdo people here use other than virustotal?I can't speak to reputation, but here are a few popular alternatives. Not all of these do exactly the same thing, but they do at leastprovidea similar sort of service: <http://anubis.iseclab.org/>yep, these guys are good for getting an analysis<http://fileadvisor.bit9.com/services/search.aspx>I don't think I've seen this one before, thanks!<http://www.team-cymru.org/Services/MHR/> <http://www.threattrack.com/> <http://www.threatexpert.com/submit.aspx><http://virusscan.jotti.org/en>This is one I've started using. Note, they also require javascript "just because" (c'mon, it doesn't require javascript to do a simple form, but for some reason the submit button isn't active until you permit their domain -- I haven't analyzed what their javascript does, but the fact they require it for *submit* button is not encouraging).<http://wepawet.iseclab.org/>I've never had wepawet ever find anything, even on files simple enough for manual examination it would conclude it was safe. Tim Doty
Current thread:
- VirusTotal Alternatives [Changing Subject Line] Karl Bernard (Jan 26)