Consider this situation. You have just downloaded a file from a little known website. And although your antivirus didnt detect anything malicious you suspect that the file may be a rogue file. And since no antivirus software has a 100% detection rate (many popular AV software have a detection rate of below 90%) it is possible that you are right. What should you do?
Thanks to web-services like Jotti’s Malware Scan and Virustotal you can now get your file scanned by multiple antivirus engines. These services allow you to upload any file and get it scanned by several antivirus softwares. Virustotal scans every file using 30 antivirus engines where as Jotti checks every file with 18 antivirus engines. However most of the time Virustotal servers are overloaded and you are made to wait in queue. If the file isnt deemed clean by all AV engines then it’s safe to assume that it is clean (unless its a 0-day exploit).
Hey! That’s a great service. Thanks for informing!
This is a great service. Thanks for the post. Viruses are always a threat.
I guess it is OK to wait for sometime if the service is of good quality. The defs are updated frequently as well, so that is an advantage
Check out http://www.threatfire.com. They have a great program to pick up the slack that your regular AntiVirus misses. 🙂
As an alternative. You can use a virtual machine, VMware or Qemu and run a copy of Windows from there which you can run all kinds of software that won’t touch your physical machine , or use Altiris SVS and Sandboxie which virtualize software, making it possible to install software without registry hell or clutter. Or You can use Returnil where you can revert actual changes to your hard drive upon a restart. Or if you have an old box you can use that as a “test” machine.
These online services are mainly useful when you already have something on the system that your av isnt detecting but you are suspicious about. Sandbox etc wont help.
Btw you can find my post on Sanbox over here.