Menu
Google-owned VirusTotal starts analyzing Mac malware in a sandbox

Google-owned VirusTotal starts analyzing Mac malware in a sandbox

The service now extracts behavioral information from scanned Mac executable files

VirusTotal, the most widely used online file-scanning service, is now executing suspicious Mac apps submitted by users inside a sandbox to generate information that could improve the analysis and detection of Mac malware.

This comes at a time when, according to security vendors, the number of potentially unwanted Mac OS X applications, especially adware programs, is at an all time high.

VirusTotal, a Google-owned service, allows users to upload suspicious files and scan them with 54 different antivirus products. However, its scan results are not perfect and should not be taken as guarantees that files are safe.

For many years, the service only performed a static scan of user-submitted files without executing them and this left out an important component of modern malware testing -- behavioral analysis.

Many antivirus products might not detect a file as malicious if it's simply stored on disk, especially if it's well obfuscated or part of a new threat. However, they might detect and block it if it tries to do something suspicious when executed.

Since VirusTotal only used static scanning, its reports never were an accurate reflection of a malicious file's detection rate across antivirus products, even though many people interpreted them as such.

In reality, if a VirusTotal scan report shows no detection for a file it doesn't mean that it's clean and should be executed without worries. However, if a VirusTotal scan returns one or more positive results, especially from well-known antivirus products, then the file that triggered them should definitely not be be executed. So, there's still value in the system.

In an attempt to complement their static analysis reports with more information that could help users, security teams and researchers make better decisions about suspicious files, VirusTotal added behavioral information for Windows executables in 2012.

This information is extracted by running the file inside a controlled environment -- a sandbox -- and monitoring what actions it performs, like what files it creates, reads, or moves and what processes it spawns.

The same capability was added in 2013 for Android apps and, as of Tuesday, is also available for Mach-O executables, DMG files, or ZIP files containing Mac apps.

"Users may scan these file types directly on www.virustotal.com, with our OS X Uploader app, or via the API," VirusTotal team member Karl Hiramoto said in a blog post.

David Harley, a senior research fellow at antivirus vendor ESET and a vocal critic of using VirusTotal scans to make claims about the performance of antivirus products, feels that the addition of sandbox testing to the service is an improvement.

"This perhaps blurs the distinction slightly between VirusTotal’s service and other security services in a way that might cause further confusion among pseudo-testers," he said in a blog post. "But that’s not VT’s fault, and I think the value added to its services more than compensates."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments