Home > Security Tips > Threat Monitor > Finding a second opinion: Using free Web-based AV scanning resources
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

THREAT MONITOR

Finding a second opinion: Using free Web-based AV scanning resources


Ed Skoudis
11.04.2004
Rating: -4.67- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


It happens to me two or three times each week: Friends, colleagues or random people from the Internet send me e-mail describing strange system behavior, wondering if they are infected with a virus or worm despite the fact that their AV tool doesn't report any suspicious files. Sometimes, the woeful request even includes a file attachment such as a wayward .exe, .dll, .pif, .scr, or some other concoction that the potential victim thinks might be the malware itself.

Users can receive these suspect files in a variety of ways: via shifty-looking e-mail or from their browser suddenly downloading a file. Sometimes programs mysteriously appear in the file system, possibly placed there through over-permissive file sharing mechanisms or a vulnerability exploited by a worm. Ultimately, these e-mail requests almost always end with one of two questions: "So, is my system infected?" or "So, is this file really malicious?"

Luckily, there are a variety of free resources on the Internet you can use to scan your entire system for infection or to analyze an individual file to see if it is malicious. These services augment your existing antivirus tools, but do not replace them. If your own antivirus tool gives your system or a file a clean bill of health, you can turn to these services to get a second opinion, just as you might check with another doctor if your own health were on the line. And, best of all, these free scanning mechanisms do not require you to install any software in advance.

Several antivirus companies offer free Web-based services you can use to scan your entire system for infection. Since they scan an entire machine for viruses and worms, I refer to these tools as "system scanners" to differentiate them from the "file scanners" which I'll discuss later. With a system scanner, simply surf to the site, click on a button typically labeled "scan now", and watch as your system is scanned. Here is a list of my three favorite Web-based system scanners for W



indows machines:

Most of these system scanners are implemented via ActiveX controls the Web site sends to your browser. Therefore, depending on your browser configuration, you may need to permit a single ActiveX control to run on your system. Given that a major antivirus vendor runs each of these sites, allowing such access is likely quite reasonable in most organizations. Furthermore, by pushing the ActiveX control to your browser, where the scanning occurs, none of these services involves sending any of your files across the Internet for inspection. All scanning is done locally. Remember that none of these system-scanning services is a replacement for a solid antivirus tool installed locally. They give you a good second opinion, but require you to manually surf to their Web sites to initiate a scan.

But what if you only need to check an individual file? That's where free Web-based file scanners come in handy. For each of these services, you can submit a single file or an archive containing a group of files. The service then runs one or more antivirus tools against the file and sends you the results. All scanning takes place at the services' machines, so no new software at all runs on your system, not even an ActiveX control. Here is a list of some of my favorite Web-based file scanners:

Keep in mind that these file-scanning services merely attempt to see if the file you submit matches any of their respective signatures. Your file might get a clean bill of health in these scans, but could still be very malicious. It's possible that you've received custom-created malicious code for which no signature has been created. Therefore, use the results of a file scanner as a single data point in your decision about whether the suspect file is really malicious. However, even given this limitation, these free services are immensely helpful in identifying infected systems and malicious code.

About the author
Ed Skoudis, CISSP, is cofounder of Intelguardians Network Intelligence, a security consulting firm, and author of Malware: Fighting Malicious Code (Prentice Hall, 2003).

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Threat Monitor,   Application and Platform Security,   Enterprise Vulnerability Management,   Vulnerability Risk Assessment,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Threat Monitor
How to defend against rogue DHCP server malware
When BIOS updates become malware attacks
Mac OS memory flaws pose challenges for enterprise endpoint protection
Cybercrime and threat management
How to find and stop automated SQL injection attacks
Short-lived Web malware: Fading fad or future trend?
Security book chapter: The Truth About Identity Theft
How to use (almost) free tools to find sensitive data
How to block adult websites from enterprise users by logging content
Are Windows Vista security features up to par?

Vulnerability Risk Assessment
Are Web application penetration tests still important?
McAfee to acquire Solidcore Systems for whitelisting
The Pipe Dream of No More Free Bugs
Vulnerability test methods for application security assessments
Free HP SWFScan tool detects Adobe Flash flaws
PCI QSA assurance program penalizes assessors
Information security book excerpts and reviews
New York drafts language demanding secure code
Security experts identify 25 dangerous coding errors
Microsoft Windows XML flaw exploits test desktop antimalware
Vulnerability Risk Assessment Research

Malware, Viruses, Trojans and Spyware
ISP shutdown latest cat-and-mouse game with hackers
How to get rid of malware, botnets on a hospital IT network
How can search results lead to malware?
How to prevent mobile phone spying
Should a national cybersecurity strategy include offensive botnets?
How to defend against rogue DHCP server malware
New Trojan stealing FTP credentials, attacking FTP websites
Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths
When BIOS updates become malware attacks
Antispyware buying guide for Indian enterprises

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
gray hat  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts