VirusTotal has a dark side.
The music I use is from Artlist (2 Months for FREE!): bit.ly/3UIhwu8 - My favourite platform with a huge variety of songs + SFX and unlimited licenses.
Tempted to upload that file into VirusTotal to see if it's malware or not? Be careful! You don't want a data breach on your hands!
MY NEWSLETTER
Join thousands of readers in my free weekly newsletter:
www.garyruddell.com
MY GEAR
www.garyruddell.com/gear
CONNECT WITH ME
LinkedIn: / thegaryruddell
X: / thegaryruddell
Instagram: / thegaryruddell
Website: www.garyruddell.com
Пікірлер: 89
As wiser people than me have said, if a product is free, then you are the product.
@theGaryRuddell
6 ай бұрын
Boom
@Leo-sd3jt
4 ай бұрын
That's a terrible quote. It implies that if you pay for something then your data doesn't get sold which is wildly untrue. It also implies that free stuff is sketchy which is also not true. Look at Linux, Wikipedia, or the entire free and open source software community
@theGaryRuddell
4 ай бұрын
@@Leo-sd3jt yeah these are great counters to that quote! I understand the sentiment of what Pele is saying. It’s largely centred on the advertising tracker and data broker world.
@hydradragonantivirus
2 ай бұрын
Except open source.
@futuza
Ай бұрын
@@Leo-sd3jtit's still kinda true though. eg: Linux users are the product, no one is writing the code for them, they or another community member have to write it, no one offers free support or fixes for you on Linux, you have to be your own software engineer or IT person if you want help. It ain't really free, you gotta sink hours into it, and the volunteers who make it, either get paid by a sponsor or spend hundreds of their own personal hours to make the product exist. Linux doesn't necessarily cost money, but it does cost time (and it would probably only exist in its current state if people, foundations, organizations and corporations etc hadn't also spent money on making it.
Solution: don't upload personal photos and customer data to virustotal. It's a signature based virus scanner not a personal cloud.
@theGaryRuddell
6 ай бұрын
It’s a community cloud 😉
Woah, didn't know Google's (or Alphabet I suppose) ownership! As always great information and recommendation in 3 minutes. Love this series, thanks for doing them!
@theGaryRuddell
6 ай бұрын
Thank YOU Mathew for tuning in!
I mean, the safe (in terms of data confidentiality) way to check if the file is malicious is to just check it’s hash in the VirusTotal. If it comes as malware - we’ve got our answer. For the popular malware staff out there and for the regular user it will do just fine. Of course this could be a new file, which hasn’t been uploaded to the VirusTotal database yet but it still gives us some info
@theGaryRuddell
6 ай бұрын
The vast majority of malware hashes are unique though. So a lot of the time you won’t get a hit.
@trikto9120
6 ай бұрын
@@theGaryRuddellBut still if the malware that I upload and the malware in their database have the same hash values (because it's the same malware), you are going to get a match, right?
@theGaryRuddell
6 ай бұрын
@@trikto9120that’s right 🎉
@RomanTruman
6 ай бұрын
Please don't confuse malware and files. A malware doesn't have a hash, only files does :)
@theGaryRuddell
6 ай бұрын
@RomanTruman eh?! Pretty sure WannaCry.exe has a hash. What do you mean?
WOW, an actually informative Tech Video, no BS under 3 mins. Feels like old youtube.
@theGaryRuddell
10 сағат бұрын
I’m honoured that it feels like old KZread!
Great video! Thanks for sharing Gary!
@theGaryRuddell
6 ай бұрын
Glad you enjoyed it! Be careful out there!
Loving the 3 min Thursdays Gary, Cheers!
@theGaryRuddell
6 ай бұрын
Thanks Rahim for your support 😊
Great video! Short and concise as always
@theGaryRuddell
6 ай бұрын
Appreciate it!
I didn't know about files you upload to VirusTotal being available by the community; that's interesting.
Only found your channel today from a LinkedIn post. 2 short videos in and already a gold mine of information.
@theGaryRuddell
3 ай бұрын
Welcome aboard!
@SteveForteGMR
3 ай бұрын
@garyruddellofficial many thanks. Will soon be diving into getting qualified, and I get the feeling your videos are going to be extremely useful.
Interesting, never knew that. Thank you
@theGaryRuddell
6 ай бұрын
Glad to help 😊
thanks, i didn't know about that. Will deffinetly be careful next time
@theGaryRuddell
6 ай бұрын
Glad to help!
Same for approximately all services, which give online service for free. As online PDF Editor or Online Microsoft office converter to OpenOffice and etc.
I just found this channel and already know I'll be binge-watching every single video. Especially all the OSINT content is way too interesting
@theGaryRuddell
6 ай бұрын
Nice to meet you and thanks for your support!
Great video as always! Make a video on OSINT and disinformation next if possible..
@theGaryRuddell
6 ай бұрын
Hey! Thanks buddy. Disinformation is a tough one because it tends to end up incredibly political. I’ll add it to the list though and see if there is a way I can do something 😊
Excellent tip!!! I wish they were more up front with that before they get the file. Makes me wonder how many people will be uploading all kinds of junk to the system just to add noise to the paid people's little gold mine. Makes me want to find anti-forensic tools that take random garbage and add file and virus signatures to the random data... Wonder what other fun could be had.
@theGaryRuddell
4 ай бұрын
Good question!
If I use Virustotal scan in the Autoruns software, is it scaned localy or is it sent to Virustotal?
This advice basically applies to any online service that you can upload a file to. Uploading a file means you're essentially giving the internet access to that file, unless the service you're using specifcally is mandated by law to protect and keep it private. But even then...it might still get shared by a rogue employee or data breach (eg: Google gets hacked), so decide if it's really worth the risk of uploading before you send the data on any service and for any file.
@theGaryRuddell
Ай бұрын
This 👆🏼
Can I ask them to delete something I uploaded if I don't have a registered account?
@theGaryRuddell
3 ай бұрын
You can always ask - I’m not sure.
How can others see and download your files? Why would Virus Total allow them to do that and for what purpose?
@August4
6 ай бұрын
It's just like a database of files. "Malware samples" are valuable for security researchers. You can detect new malware based on techniques that are similar to those previously used by another malware. How do doctors know what cancer look like? They have documented early cases and learned from it and shared it with others. In essence, it's to share knowledge so the whole community can benefit. But the problem is they don't clearly disclose that they retain a copy of the files for the uninitiated.
@theGaryRuddell
6 ай бұрын
This 👆🏼
Brother, can I change the download server link to a valid link?
what's the watch model & reference you have been wearing in this video ?
@theGaryRuddell
3 күн бұрын
Hey! That’s an Omega 2254.50.00 but I slip on the NATO strap on occasionally!
Would have liked to see him pull his photo out using his paid account...
@theGaryRuddell
6 ай бұрын
Yeah I don’t have a paid account. But that photo is in there now! Maybe in the future we can sign up!!
Get the hash of the file and submit that, not the actual file. Otherwise, you will toast.
@theGaryRuddell
3 ай бұрын
Yeah but you probably wont get many hits on the hash.
Friend, can you help me please? I went to this site yesterday, and I just checked out your video. I don't understand English, could you explain to me if there is any danger on this site? I opened my folder through this site and added some videos to check if they had viruses. Am I in danger?
@SrMisterZ
5 ай бұрын
If I opened my folder to choose the file via the website, did they see all the files on my computer? Or do I have to drag it like you did? I hope you can help me my friend.
@theGaryRuddell
5 ай бұрын
@Ryanvallygames they only see what you upload.
What about hybrid analysis website?
@theGaryRuddell
6 ай бұрын
Not sure. From their website: Hybrid Analysis is a public-facing community platform which analyses, crowdsources, aggregates, and publicly shares submitted data to enhance cybersecurity.
That's the reason, why i only upload some executables/installers. I don't care if someone has thoose.
@theGaryRuddell
6 ай бұрын
Yeah - unless it’s some intellectual property from inside your company!
dammmn you google
@theGaryRuddell
6 ай бұрын
😂
So basically VirusTotal is a data miner setup by Google. What can possibly go wrong? ¯\_(ツ)_/¯
@theGaryRuddell
6 ай бұрын
Well, bought and now owned by them. But yeah. Although it does add a lot of value when used properly.
Sorry but what's the problem here? What I am submitting is something not made by me, not a presonal document. What if they get a hold of a malware file I don't want anyways? Where is the privacy issue?
@hrtbot
6 ай бұрын
Some scenarios off the top of my head: * you receive email attachments or any other attachment from someone you're not too familiar with but has information you don't want distrubted to everyone * likewise anything you send could end up on their database if the receiver unknowingly scans it * some sort of software provider and you sell your work but it gets unknowingly distributed by users / customers
@theGaryRuddell
6 ай бұрын
The problem is that many people at large organisations are putting sensitive data into VT for the whole world to see. They think they’re “just checking it’s not malware” not realising they have just committed a breach under GDPR etc
I have one question. Is it safe to use?. and is it ok if I signed in?
@theGaryRuddell
5 ай бұрын
Of course. It’s owned and operated by Google!
@essaothman2433
5 ай бұрын
@@theGaryRuddell Thank you for your fast response. And sorry I said two questions 😅
@theGaryRuddell
5 ай бұрын
@@essaothman2433 no worries!!!
Sir how I get money for this virustotal
@theGaryRuddell
4 ай бұрын
😂 you get your company to pay for it!
@riteshkumarjha4569
4 ай бұрын
@@theGaryRuddell 😂😂Okay, but boss is very rude.
@SteveForteGMR
3 ай бұрын
@riteshkumarjha4569 explain exactly why the funding is needed and the risk factor if the funding isn't given. Make sure it's all in writing too so you're covered if he declines and the worst happens.
@theGaryRuddell
3 ай бұрын
@@SteveForteGMRemails emails emails!
@SteveForteGMR
3 ай бұрын
@@theGaryRuddell that's what my wife drums into me 😂 If it's not written down or on video, it never happened.
l like this video
@theGaryRuddell
6 ай бұрын
Thanks 🙏🏼