Yadda ake bincika fayilolin da ake tuhuma tare da VirusTotal kuma ku fahimci sakamakon

Mundobytes » Anti-malware » Cikakken jagora don nazarin fayilolin da ake tuhuma tare da VirusTotal da fahimtar sakamakon

VirusTotal yana amfani da injunan riga-kafi sama da 70 da kayan aikin dubawa don gano barazanar cikin fayiloli da URLs.
Rahotanni sun nuna cikakkun bayanai game da suna, cikakkun bayanai na fasaha, dangantaka, da ganowa.
Kayan aiki ne mai sauƙi, mai sauƙin amfani tare da zaɓuɓɓukan ci gaba don ƙwararru, kodayake yana iya haifar da tabbataccen ƙarya.
Haɗa API ɗinku da sigar ci-gaba yana ba ku damar sarrafa sarrafa kansa da samun zurfin hankali na barazanar.

ƙwayoyin cuta duka

Ba mu taɓa fuskantar barazanar dijital ba: daga fayilolin da ba su da tabbas da muke zazzagewa zuwa hanyoyin haɗin yanar gizo masu shakka da muke karɓa ta imel ko saƙo, kowane mai amfani zai iya zama dannawa ɗaya kawai daga yuwuwar matsalar tsaro. Abin farin ciki, samun kayan aikin zamani da ƙarfi kamar VirusTotal yana haifar da bambanci lokacin da yazo don ƙarfafa kariyar kayan aikin mu.

Kuna so ku san yadda za ku iya bincika kowane fayil ko gidan yanar gizon da ake tuhuma kuma ku fahimci cikakken sakamakon don yanke shawara mafi kyau game da tsaron ku? A cikin wannan cikakken jagorar, zaku gano kowane daki-daki game da VirusTotal, gami da yadda ake amfani da fa'idodinsa, fassara cikakkun rahotanninsa, har ma da ƴan cikakkun bayanai waɗanda ke haifar da bambanci.

Menene VirusTotal kuma me yasa ya zama ma'auni don nazarin fayiloli da URLs?

VirusTotal dandamali ne na kyauta, wanda kamfanin Hispasec Sistemas na Spain ya kirkira a 2004 kuma ya samo shi Google a cikin 2012, wanda ke ba ku damar bincika fayiloli, URLs, adiresoshin IP da yanki don malware da sauran barazanar dijital. Babban abin jan hankali shi ne cewa yana amfani da injunan riga-kafi sama da 70 daga masana'antun da aka fi sani da su a duniya kuma suna ƙara bayanan mahallin, ta yadda kowane mai amfani - daga masana cybersecurity Ko da mutanen da ba na fasaha ba za su iya sanin ko fayil ko gidan yanar gizon yana da aminci kafin ya gudana ko ziyartar shi.

Hanyar VirusTotal yana da sauƙi: Kuna loda fayil ko shigar da URL mai tuhuma, kuma a cikin daƙiƙa, za ku sami cikakken rahoton da ke nuna sakamakon duk injunan binciken. Ta wannan hanyar, zaku iya gani a sarari idan kowane injin ya gano wani abu mai haɗari da samun damar bayanan fasaha, hanyoyin haɗi zuwa wasu fayiloli, maganganun al'umma, da ƙari mai yawa.

Bugu da ƙari, VirusTotal yana ba da damar sarrafa kansa ta hanyar API na jama'a, haɗin kai tare da dandamali na kasuwanci kamar Google Workspace, kuma yana ba da juzu'i na ci gaba tare da faɗaɗa damar manazarta da ƙungiyoyin intanet. Amma menene ainihin ke sa VirusTotal yayi tasiri sosai idan aka kwatanta da sauran ayyuka? Mu duba a tsanake.

Babban fa'idodin VirusTotal akan sauran riga-kafi da na'urar daukar hoto ta kan layi

Babban fa'idar VirusTotal ya ta'allaka ne a cikin amfani da lokaci guda na injunan riga-kafi da na'urori na musamman. Fuskantar madadin shigar da shirye-shiryen riga-kafi da yawa-wani abin da ba a ba da shawarar ba kuma, a aikace, ba zai yuwu ba—VirusTotal yana aiki azaman “meta-antivirus” ta hanyar tattara sakamako daga manyan masu samar da kasuwa. Waɗannan sun haɗa da kamfanoni irin su Kaspersky, Avast, BitDefender, Eset-NOD32, Sophos, McAfee, Microsoft, F-Secure, da sauran su.

Wadannan injuna kullum sabunta ta atomatik, wanda ke rage haɗarin novel malware ana rasa ta hanyar bincike. Bugu da kari, Dandalin yana da cikakkiyar kyauta don amfanin mutum ɗaya, samun dama daga kowane mai bincike kuma ba tare da buƙatar shigar da ƙarin shirye-shirye ba.

VirusTotal ya yi fice don saurinsa da sauƙin amfani: Tsarin bincike yawanci wani abu ne na daƙiƙa, yana mai da shi ingantaccen kayan aiki ga masu amfani da gida da ƙungiyoyin tsaro na kamfanoni.

ToxicPanda: Trojan na banki wanda ke yin barazana ga amincin na'urorin Android

Wani babban abin lura shi ne nasa al'ummar hadin gwiwaYawancin masu amfani suna barin tsokaci, suna tattaunawa akan tabbataccen ƙarya, kuma suna raba ƙarin bayani game da barazanar da aka gano, suna mai da VirusTotal zama mai raye-raye kuma koyaushe ana sabunta tushen bayanan barazanar.

Koyaya, VirusTotal shima yana da wasu iyakoki: Ba riga-kafi ba ne na ainihi, ma'ana baya kare kwamfutarka sosai. Madadin haka, yana bincika abubuwan da kuka zaɓa don loda ko da hannu. Yana da mahimmanci a kiyaye wannan a zuciya don kar ku dogara ga wannan dandali kawai don tsaron tsarin ku gaba ɗaya. Bugu da ƙari, yana iya gano abubuwan karya ko ƙyale malware da aka kera musamman don guje wa irin wannan binciken don wucewa, kodayake waɗannan lokuta ba safai ba ne godiya ga nau'ikan injin da yake amfani da su.

Yadda ake bincika fayilolin da ake tuhuma tare da VirusTotal mataki-mataki

Babban aikin VirusTotal shine bincike na m fayiloli. Tsarin yana daidaita daidai ga duka biyun masu amfani da farawa kamar yadda aka ci gaba. Bari mu kalli mahimman matakai:

1. Shiga dandalin: Abinda kawai ya wajaba shine shiga shafin VirusTotal na hukuma daga kowane gidan yanar gizo mai bincikeBa a buƙatar shigarwa ko rajista.

Labari mai dangantaka:

Fayilolin INI: Abin da Suke, Abin da Suke Don, da Yadda Ake Amfani da su

2. Zaɓin fayil da loda: Danna shafin "File" kuma zaɓi fayil ɗin da ake tuhuma daga kwamfutarka. Matsakaicin girman fayil ɗin da aka yarda shine 650 MB, ya isa kusan kowane gida ko amfanin kasuwanci. Da zarar an zaba, danna blue "Confirm Upload" button don fara scan.

3. Bincike ta atomatik ta injunan riga-kafi sama da 70: VirusTotal ya fara nazarin fayil ɗin tare da duk injunan da aka haɗa. Kowannensu yana ba da nasa bincike, yana ba shi damar gano ko da sababbi ko musamman hadaddun barazana. Tsarin yakan ɗauki tsakanin ƴan daƙiƙa da mintuna biyu, ya danganta da girman da nau'in fayil ɗin.

Labari mai dangantaka:

ListDLLs a cikin Windows: Abin da yake, yadda yake aiki, da kuma dalilin da yasa yake da mahimmanci

4. Kallon sakamako: Da zarar an kammala binciken, taƙaitaccen bayani yana bayyana a saman yana nuna adadin injuna da aka gano fayil ɗin a matsayin qeta. Sakamakon al'ada, alal misali, shine 0/70 idan babu ɗayansu da yayi la'akari da haɗari, ko 1/70 idan ɗaya ne kawai ya ɗaga ƙararrawa.

Idan an sami ingantaccen ganowa, zaku iya zuwa shafin "Ganewa" don bincika injunan binciken waɗanne ne suka yi alamar fayil ɗin da kuma irin barazanar. Sauran shafuka suna ba da ƙarin bayanan fasaha, hanyoyin haɗi, da sharhin al'umma.

Daga cikin injunan riga-kafi da ke akwai, sunaye kamar:

Avast, AVG, Avira
BitDefender, Kaspersky, Eset-NOD32
F-Secure, Sophos, McAfee, Microsoft Defender
Panda, TrendMicro, Fortinet, Comodo
Kuma da yawa, har sama da injuna 70 gabaɗaya.

5. Fassarar sakamakon: Ba kowane fayil ɗin da injin ya gano ba yana da haɗari. Idan, alal misali, ɗaya kawai daga cikin injunan riga-kafi 70 sun nuna fayil ɗin a matsayin qeta, yana iya yiwuwa rashin gaskiya. Koyaya, idan injuna da yawa sun dace, yana da kyau a share fayil ɗin ko a daina sarrafa shi.

Babban Bincike: Yadda ake Fassarar Labaran VirusTotal

An raba rahotannin VirusTotal zuwa ɓangarorin maɓalli da yawa, waɗanda duk ana iya samun su bayan an gama dubawa:

Gano: Jerin duk injunan riga-kafi, yana nuna wanda ya gano fayil ɗin azaman malware kuma wane bambance-bambancen.
details: Bayanin fasaha game da fayil ɗin (suna, hash, ƙirƙira/kwanakin gyare-gyare, nau'in fayil, girman, sa hannun dijital, da sauransu).
Dangantaka: Yana nuna haɗin kai zuwa wasu fayiloli, URLs, ko yankuna waɗanda ƙila suna da alaƙa da barazanar da aka gano.
Community: Wuri don tsokaci da gudummawar wasu masu amfani, mai fa'ida sosai don gano gaskiyar karya ko ƙarin koyo game da barazana.

SparkCat: Cryptocurrency-sata malware akan iOS da Android

A cikin ci-gaba rahotanni (akwai a cikin nau'ikan kasuwanci ko na masu amfani da gata na musamman), VirusTotal yana ƙara tebur masu ma'amala, nazarin ɗabi'a na sandbox, metadata mai arziƙi, daidaitawa tsakanin kayan tarihi masu alaƙa, alamomin sasantawa (IOCs), ba da cikakkun bayanai game da yanayin ƙasa, har ma da sigogi masu alaƙa da ke nuna alaƙa tsakanin barazanar.

Waɗannan cikakkun bayanai suna ba manazarta damar gano ƙira, haɗa kamfen na malware, da yin saurin yanke shawara da ƙarin bayani a cikin saitunan kamfani ko bincike.

Yadda ake bincika URLs, IPs, da yanki tare da VirusTotal

VirusTotal ba wai kawai yana bincikar fayiloli ba, yana kuma bincika adiresoshin yanar gizo (URLs), adiresoshin IP, da duk yankuna. Wannan yana da amfani musamman don tantance ko shafi yana da mugunta kafin ziyartar sa, gano yunƙurin satar bayanai, ko fallasa wuraren da aka lalata.

Ta yaya binciken URL ke aiki? Kuna shiga shafin "URL" akan gidan yanar gizon VirusTotal, liƙa adireshin da ake tuhuma kuma za'a bincika ta atomatik tare da baturi na injunan tsaro na yanar gizo. bayanan bayanai anti-malware.

Don yankuna, VirusTotal yana nuna ƙididdiga akan shahara, alaƙa tare da wasu URLs, tarihin DNS, takaddun shaida na SSL, da bayanan rajista. Ta wannan hanyar, zaku iya gano idan an lalata wani yanki mai kama da halal ko kuma yana da hannu cikin munanan ayyuka.

Game da adiresoshin IP, rahoton ya haɗa da suna, tarihin abin da ya faru, dangantaka tare da fayilolin ƙeta da aka gano, da sauran cikakkun bayanai waɗanda ke sauƙaƙe yanke shawara kafin yin hulɗa tare da albarkatun cibiyar sadarwa.

Shin VirusTotal lafiya ne kuma yana kare sirrina?

Loda fayiloli ko URLs zuwa VirusTotal ana yin su ne a cikin amintaccen muhalli da sarrafawa. Abubuwan da aka ƙaddamar ana raba su tsakanin injunan riga-kafi da aka haɗa, amma dandamali yana aiwatar da tsauraran manufofin keɓantawa, suna kula da bayanai a asirce. Duk da haka, yana da kyau a guji loda mahimman bayanai ko na sirri, saboda bincike na iya zama mai isa ga al'ummar binciken da ke haɗin gwiwa da VirusTotal. Wannan, duk da haka, yana wakiltar ƙarin ƙima, saboda yana ba da damar al'umma da kanta don gano barazanar duniya da sauri.

Har ila yau, VirusTotal yana iyakance loda fayiloli ta hanyar burauzar (zunubi ajiya ba dole ba), kuma samun damar samun rahotannin ci-gaba yana iyakance ga masu amfani da kamfanoni waɗanda suka bi ka'idodin sabis. Idan kai mai gudanar da aikin Google Workspace ne, zaka iya dubawa da sarrafa rahotannin VirusTotal daga Cibiyar Fadakarwa, tare da iyakance damar shiga ga ma'aikata masu izini.

Amfani da API na jama'a da fa'idojin sa don sarrafa sarrafa bayanan tsaro

ƙwayoyin cuta duka

Ɗaya daga cikin manyan fa'idodin VirusTotal ga ƙwararrun IT da ƙungiyoyi shine ikon sarrafa aikawa da bincike na fayiloli da URLs ta hanyar API na jama'aWannan yana ba da damar VirusTotal don haɗawa cikin ayyukan aiki ta atomatik, tsarin SIEM, dandamali gano barazanar, da hanyoyin haɓaka software.

Mahimman Tsaro na Microsoft vs. Windows Defender: Bambance-bambance, Juyin Halitta, da Wanne Za a Zaɓa Yau

API ɗin yana sauƙaƙa don neman bincike na sabbin abubuwa, bincika rahotannin da suka gabata dangane da hashes ko URLs, dawo da metadata da alaƙa, da ƙara wasu abubuwan ci gaba da aka mayar da hankali kan ingantaccen gano abin da ya faru na tsaro da gudanarwa. VirusTotal kuma yana ba da tsare-tsare masu ƙima (Enterprise) tare da iyakoki mafi girma, samun damar samun rahotanni masu inganci, da kuma ci gaba da neman bayanan sirrin barazanar duniya.

Aikace-aikacen wayar hannu da madadin don nazari akan na'urorin Android

VirusTotal yana da aikace-aikacen hukuma don Android, cewa yana ba ku damar bincika aikace-aikacen da aka shigar, fayilolin da aka sauke da URLs kai tsaye daga na'urar hannuApp ɗin yana da hankali kuma an ƙirƙira shi don haɗawa, amma ba maye gurbin ba, riga-kafi tare da kariya ta ainihi.

Babban ayyukansa sun haɗa da:

Binciken da ake buƙata na apps shigar don malware
Ana bincika fayiloli da hanyoyin haɗin yanar gizo tare da injuna iri ɗaya da dandalin kan layi
Sauƙaƙe kuma bayyananniyar dubawa, daidaitacce ga kowane mai amfani

Masu amfani za su iya sauke shi daga Google Play Store, don haka tabbatar da cewa kun sami sigar hukuma da kuma guje wa haɗarin shigar da APKs daga tushen da ba a tantance ba. A yanzu, babu wani aikin VirusTotal na hukuma don iOS; masu amfani da iPhone o iPad Kuna iya amfani da sigar gidan yanar gizon don bincika hanyoyin haɗin gwiwa, amma ba fayiloli ko aikace-aikacen tsarin ba.

Nau'ikan Rahoton VirusTotal da Nau'o'in: Daidaito da Ingantacce

VirusTotal yana ba da matakan rahoto daban-daban dangane da nau'in mai amfani da biyan kuɗi.:

Daidaitaccen Rahoton: Ya haɗa da suna na barazanar (injuna 70+), kwanakin gano maɓalli, ƙwarewar fasaha (zata, nau'in, girman), suna na asali, da ra'ayin al'umma.
Ingantattun rahoto: yana ƙara nazarin kusurwa da yawa (tare da YARA, Sigma, dokokin IDS), bayanan karya masu inganci tare da jeri na software na halal, alamomin sasantawa (IOCs), jadawali masu alaƙa, wadataccen metadata (mai wallafa software, izini na app, geolocation, da sauransu), da ƙarfin motsa jiki don nemo abubuwan da suka shafi duniya.

An tsara sifofin ci-gaba don kamfanoni, hukumomin tilasta bin doka, ƙungiyoyin mayar da martani, da cibiyoyin ayyukan tsaro (SOCs), suna ba da ƙarin bayanan sirri mai ƙarfi da kayan aikin fifiko. Ta wannan hanyar, ƙungiyoyin ƙwararrun za su iya daidaita bincike, kawar da abubuwan da ba su dace ba, tabbatar da abubuwan da suka faru, da kuma hasashen bullar sabbin barazanar.

Yadda ake samun damar samun rahotannin VirusTotal daga Google Workspace da Admin console

para kamfanoni masu amfani da Google WorkspaceAn haɗa VirusTotal cikin Cibiyar Faɗakarwa da kayan aikin Bincike na Tsaro. Manyan ma'aikata masu gata ne kawai za su iya duba cikakkun rahotannin mahallin akan abubuwan haɗin Gmel, abubuwan log ɗin Chrome, da sauran albarkatu. Littafin mai amfani ya haɗa da shiga na'ura mai kwakwalwa, tace bincike, zaɓar abin da ake tuhuma, da buɗe rahoton VirusTotal daga ɓangaren gefe. Wannan yana sauƙaƙe yanke shawara na tsaro ba tare da barin yanayin kasuwancin ba.

Ishaku

Marubuci mai sha'awa game da duniyar bytes da fasaha gabaɗaya. Ina son raba ilimina ta hanyar rubutu, kuma abin da zan yi ke nan a cikin wannan shafi, in nuna muku duk abubuwan da suka fi ban sha'awa game da na'urori, software, hardware, yanayin fasaha, da ƙari. Burina shine in taimaka muku kewaya duniyar dijital ta hanya mai sauƙi da nishaɗi.