VirusTotal tips, tricks, and myths

Presented at VB2017, Oct. 6, 2017, 9:30 a.m. (30 minutes).

Outside of the anti-malware industry, *VirusTotal* users generally believe it is simply a virus scanning service. Most users quickly reach erroneous conclusions about the meanings of various scanning results. At the same time, many very technical people are unaware that *VirusTotal* provides a wealth of contextual and forensic information. Most people do not realize that *VirusTotal* is a multi-directional threat intelligence feed as well. After a brief introduction to the history of *VirusTotal* and the role of *VirusTotal* in today's security ecosystem, the myths listed below will be debunked, and little-known features of *VirusTotal *will be demonstrated. * Myth 1: *VirusTotal* can be used for comparative testing. * Myth 2: A missed detection does not mean that a scanner does not detect the threat. * Myth 3: Detection by your scanner means you must be protected. * Myth 4: The quality of coverage of a threat is determined by the number of scanners that detect it. Information that can be obtained using the tabs for File Details, Relationships, Additional Information, Comments, and Votes will be reviewed. Some additional resources available to users will be touched on, and the need to read the terms of service will be emphasized.

Presenters:

  • Randy Abrams - Independent security analyst
    Randy Abrams Randy Abrams has been involved with the anti-malware industry since 1997, when he became responsible for ensuring that Microsoft did not release infected products. Randy designed and administered the processes used to prevent the release of infected software. The fundamentals of these processes are still used by Microsoft. In 2005, Randy joined ESET as the Director of Technical Education and was a popular blogger and podcaster, providing extensive security commentary for the media. In 2012, Randy joined NSS Labs as Research Director, focusing on the anti-malware industry. Randy is a popular presenter, which is a good thing since he has subjected people to his presentations at nearly three dozen security conferences. @randyab

Links:

Similar Presentations: