Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Google Businesses The Internet

GMail Adds Virus Protection 355

Posted by CmdrTaco
from the google-farts-and-people-smell dept.
AxsDeny writes "Google has rolled out virus protection for it's web based email service. Apparently they are scanning incoming and outgoing messages for infected messages. Read more on their "what's new" page."
This discussion has been archived. No new comments can be posted.

GMail Adds Virus Protection

Comments Filter:
  • by fembots (753724) on Thursday December 01, 2005 @03:01PM (#14159967) Homepage
    That's it, that's EVIL and I'm quitting GMail now!

    GMail has been my faithful virus depository, now where can I go today? HoTMaiL?

    I wish it gives users the option to still retrieve the virus if they insist.
    • I wish it gives users the option to still retrieve the virus if they insist.

      So you really do want to read the love letter just for you, and view those Anna Kornokorva pics, one more time.

    • Re:Final Straw! (Score:4, Interesting)

      by davez0r (717539) on Thursday December 01, 2005 @03:44PM (#14160406)
      i use yahoo to store my viruses. it's like the computer version of the nose garden. so far i have:

        - W32.Sircam.Worm@mm
        - W32.Magistr.39921@mm
        - W32.Sobig.F@mm
        - W32.Sober.F@mm
        - W32.Netsky.P@mm
        - W32.Netsky.D@mm
        - W32.Netsky.Q@mm

      anybody got some other good ones they can send me?
      • by TubeSteak (669689) on Thursday December 01, 2005 @05:39PM (#14161659) Journal
        (email not shown publicly)
        you forgot to give us your e-mail address.

        I've got this great virus you can add to your collection. It's called W32.Goatse@cx

        It's pretty original, the virus masquerades as a JPEG and when you open it in your e-mail, it makes you go blind. ...Lightyears ahead of the competition
    • Deja vu (Score:2, Interesting)

      by nova_ostrich (774466)
      Not directly related, but this reminds me of my college days. I used to work at the technology help desk. It took years to get spam protection on the email accounts at the school because some crazy staff members demanded that they receive EVERY SINGLE email sent to them. Eventually, a system was set up, and it allowed a user to log into a service that showed them what spam was blocked. If the user wanted, he or she could have any message in that list delivered. Then after a week or so, a message was permane
    • Re:Final Straw! (Score:5, Informative)

      by Curunir_wolf (588405) on Thursday December 01, 2005 @04:25PM (#14160874) Homepage Journal
      What I hate is the way it refuses to send attached executables, even inside a zip file, and silently drops them when incoming. I'd at least like to be told that someone *tried* to send me an email, but the attachment was deleted, or bounce it back to the sender, or something.

      The easy work-around for this is to just rename mypgm.exe to mypgm.renametoexe and then it goes through just fine (zipped or not). But if I'm sending it *TO* a gmail account, I don't even know it got dropped...

    • by MadJo (674225)
      Sony has the answer for you
      $sys$virus.exe

      will make it invisible for any AV program.
  • EICAR (Score:4, Interesting)

    by ditto999999999999999 (546129) on Thursday December 01, 2005 @03:02PM (#14159985)
    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIR US-TEST-FILE!$H+H* makes it through fine.
  • by the computer guy nex (916959) on Thursday December 01, 2005 @03:03PM (#14159994)
    .. can we say Google is now replicating? :)
  • by caffeinemessiah (918089) on Thursday December 01, 2005 @03:04PM (#14159999) Journal
    This in itself is not surprising -- it's a natural step that Google had to take in order to compete with the other biggies in the business. What I'm more interested in knowing is if Google has put that army of Ph.D.'s into developing the AV technology. I don't see any other reason to wait so long for adding virus protection -- they could just as easily have licensed some commercial AV months ago, seeing as AV is one of the features that novice Internet users look for most. Now that MS is into AV, will Google follow suit? I'm hoping...
    • by temojen (678985)
      Or just use ClamAV.
      • by IAmTheDave (746256) <basenamedave-sd@ya[ ].com ['hoo' in gap]> on Thursday December 01, 2005 @03:26PM (#14160247) Homepage Journal
        No offense to ClamAV, which I currently use, but if an engineering team rivaling the brain power of MIT research teams or NASA decides to make a virus scanner and release it for free, well... I'm gonna at least give it a try.
        • Wouldn't it be better for google to take the ClamAV base and extend/adapt it to their needs? I think that's more likely to happen than them starting from scratch unless there's something weird (aside from size) about the way their email system works.
          • Since I don't know, is GoogleOS an extension of anything, like UNIX? Because I don't BELIEVE it is, which points to their prepensity (sp?) to create things from scratch, so that they're just that much better.
          • by Leadhyena (808566) <nathaniel@dean.alumni@purdue@edu> on Thursday December 01, 2005 @04:01PM (#14160605) Journal
            Wouldn't it be better for google to take the ClamAV base and extend/adapt it to their needs? I think that's more likely to happen than them starting from scratch unless there's something weird (aside from size) about the way their email system works.
            Funny you should mention that... I read through the headers from an email I sent to our local mail server:(Identifiers mutated for spam reasons)

            Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.199]) by ###.###.### (8.13.5/8.13.5/Debian-3) with ESMTP id jB...5 for ; Thu, 1 Dec 2005 11:06:00 -0600 Received: by zproxy.gmail.com with SMTP id x7so21853nzc for ; Thu, 01 Dec 2005 09:06:48 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-ve rsion:content-type; b=DZ...SE/zJ0= Received: by 10.37.12.24 with SMTP id p24mr1718713nzi; Thu, 01 Dec 2005 09:06:48 -0800 (PST) Received: by 10.36.153.11 with HTTP; Thu, 1 Dec 2005 09:06:47 -0800 (PST)

            In other words, it looks like they have a cluster of 30 email servers for just the outside representation, and then 2 more levels of multiple clustered mail servers on the 10.37 subnet and 10.36 subnet. Your mail bounces in google's net 3 TIMES before it ever hits the real world. Granted, my experience in setting this stuff up is limited to clustering 2 or 3 servers together, but IMHO something amazing is going on under GMail's hood.

    • by garcia (6573) on Thursday December 01, 2005 @03:10PM (#14160086)
      This in itself is not surprising -- it's a natural step that Google had to take in order to compete with the other biggies in the business.

      Of course it's not surprising. They've been blocking "bad" attachments for quite some time (and possibly since I started using it on 6/22/04).

      If they were doing that (which gets rid of most viruses and non-sense) all along, I certainly wouldn't be surprised by this.
    • Who needs to invest in commercial scanners? There are free ones ones there. ClamAV, for example has been working great for my company. Not only does it catch viruses as attachments, but it identifies phishing emails as well. Indeed, one has to wonder what took Google so long.

      -matthew
      • by Anonymous Coward
        a non-trivial investment in servers to scan the mails, I would imagine.
    • I can't say I know much, but I have been irritated many times that it would not let me include a zip with a binary file (something I do often in testing programs).
    • by Zeinfeld (263942) on Thursday December 01, 2005 @03:23PM (#14160217) Homepage
      Hopefully GMail use the most secure, most effective form of virus scanning, block all executable attachments.

      Traditional virus scanning based on a blacklist of known bad code is hopeless. By the time a new piece of trojan code has been identified a hundred million copies have been blasted out from a botnet. There is almost no legitimate use of email to send executable code, way over 99% of all executable attachments are malicious.

      ISPs should block executable attachments by default and offer the people who really really think that they can't live without it the option of turning delivery back on. AIDS awareness campaigns have saved millions of lives by persuading people to use condoms even though some people think that they just have to have casual sex without one. Accepting code in email is like having casual unprotected sex, its idiotic.

      There is a very small, largely theoretical problem with non-executable content. Any data that is transferred from one machine to another could be used to exploit a code vulnerability in theory. The use of anti-virus style malicious data lists will still be necessary but the problem is much, much smaller. It is a much easier signal to spot. AV systems spend huge numbers of cycles recursively unpacking program loaders. With a data exploit we know the shape of the lock it fits into.

      • So I take it you've never had to send an exe via email? It's pain in the ass! Sometimes we just resort to fedex-ing updates to customers. Really, it would be nice if some email systems would try to just little smarter about allowing exe's.
        • by slamb (119285) *
          So I take it you've never had to send an exe via email? It's pain in the ass! Sometimes we just resort to fedex-ing updates to customers.

          Dude, don't send the executable. Send a link to where the executable lives on your website. If it's important that no one else get it, then password-protect the directory. (.htaccess on Apache.) This is a much better solution:

          • No overflowing mailboxes - your non-GMail customers are likely to have small quotas.
          • No 33% base64 overhead.
          • No slow involuntary downloads when
      • Hopefully GMail use the most secure, most effective form of virus scanning, block all executable attachments.

        Well, I can confirm that GMail does block executable attatchments, even in zip files. I was coincidentally trying to send a zip file of a small program from my office to home and ran google spit the thing back with warning that: "filename.zip contains an executable file. For security reasons, Gmail does not allow you to send this type of file. "

      • by geekoid (135745) <dadinportland AT yahoo DOT com> on Thursday December 01, 2005 @03:44PM (#14160420) Homepage Journal
        and 80% of statistics are made up on the fly.

        I can think of many legitimate reasons for sending programs that execute something.
        Movies, pictures, sounds, etc...
      • 1) Gmail does block exe attachments, even if they are in zip files.
        2) It's a giant pain in the ass. Yes, I need to send executables once in a while. (Application installers to clients etc).
        3) I get around it by renaming the file to something nonsensical. like app.exe.deletethisbit
  • NO! (Score:5, Funny)

    by Anonymous Coward on Thursday December 01, 2005 @03:04PM (#14160000)
    Not on the same day MS starts beta testing their anti-virus solution.

    I'm gonna fucking kill this guy, I did it before and I'll do it again, I'm gonna fucking kill google!

    Where's a chair?

  • So what? (Score:5, Insightful)

    by NineNine (235196) on Thursday December 01, 2005 @03:04PM (#14160003)
    So what? Yahoo and the other big players have had this for years. That's like announcing that Ford is now selling cars with anti-lock brakes and power steering. That's great and all, but I wouldn't consider that news.
    • You forget. "News" likes this is more like a cue for the Slashbot revisionist historians to claim another innovation for Google and/or OSS.

      In three months, we will read about how Google created virus protection for web-based e-mail.
      • Re:So what? (Score:4, Funny)

        by NineNine (235196) on Thursday December 01, 2005 @03:14PM (#14160124)
        You're right. I'm wrong. I'm a bad Slashdotter. Here's my revised post:

        GMail has virus protection?!? Wow! That's so innovative! They've done everything else perfectly, and now they've ended email-based viruses! M$ and Yahoo both suck! Google rocks! Thanks, Google!
    • Yeah, but this isn't just any anti-virus. It's GAnti-Virus (tm)!
    • Re:So what? (Score:3, Interesting)

      by Burning1 (204959)
      That's like announcing that Ford is now selling cars with anti-lock brakes and power steering. That's great and all, but I wouldn't consider that news.
      It would be if this was an auto enthusiet site. The Dodge Viper getting anti-lock breaks was big news to me, being a car geek.
  • Indeed what is new?

    They were having some sort of virus protection already that involved disallowing certain file extensions inside zip files and mangling(!) files with other extensions (.asc) or maybe headers (MBZ)

    Does it mean they are finally doing it right(tm) now, actually scanning for virii?
    • >actually scanning for virii?

      Virii isn't a word. So no, they're not.

      Seriously, they're doing what yahoo and hotmail have been doing for a couple years now. Not terribly newsworthy, but hey, its google. I wonder how our kids and grandkids will see the google hype which so far has been one good search engine and lots of aquisitions and me too projects.
    • Not just inside zip files... what i remember from the 1st days of gmail, it dont let in files with executable extensions (windows style, i.e. not only exe, com, or dll, but also others like chm), and the same was controlled for compressed files with those files attached. So i dont think i ever received a virus/worm/whatever in gmail, since im using it, as you could not receive that kind of files.

      They are going back in that policy, accepting all kind of extensions, or is just another level of protection sc

  • by ellem (147712) * <ellem52@@@gmail...com> on Thursday December 01, 2005 @03:05PM (#14160013) Homepage Journal
    <sarcasm>
    I use GMail on OS X so I don't need it...
    </sarcasm>
  • by ZachPruckowski (918562) <zachary.pruckowski@gmail.com> on Thursday December 01, 2005 @03:05PM (#14160015)
    If the virus can't be removed from the file, you won't be able to download it.
    ......
    If a virus is found in an attachment you're trying to send, you won't be able to send the message until you remove the attachment.


    Now I know Google is pretty good and reliable, but that's sort of a harsh way to do business. There should be some sort of work-around if Google gets it wrong on what is and isn't a virus (which I assume they are going to do sooner or later). I mean, a false positive would get you cut off from what could be vital information. If that happens to someone, they'll be mad, even though it was done for a good reason. I hope they at least warn the people that there was an attachment.
    • Or for that matter, for virus-analysis. I know of people who email each other copies of viruses (safely marked) so that they can all examine them.
    • So embed it in an encrypted ZIP inside of an encrypted RAR inside of a 7zip archive. :)
    • Yahoo is the same way. My ISP uses Yahoo for its email and when a virus comes through it don't let you get the attachement at all. I think it's kind of good though, because you know there's stupid people out there who are just dying to open it, even if it's been flagged as a virus.
    • Now I know Google is pretty good and reliable, but that's sort of a harsh way to do business ...... I mean, a false positive would get you cut off from what could be vital information. If that happens to someone, they'll be mad, even though it was done for a good reason.

      True. They might even demand that they get their money back.

      • True. They might even demand that they get their money back.

        Just because it's free doesn't mean Google doesn't profit. Google makes money off the ads we presumably click. If we (or more important, Joe Average, who is more likely to click the ads) quit, they lose revenue.
    • I mean, a false positive would get you cut off from what could be vital information.

      Why is this 'vital' information being sent via a free webmail account?

      Now I know Google is pretty good and reliable, but that's sort of a harsh way to do business.

      ..."But I didn't think that my friend would send me an attachment with a virus in it! She's so nice! And I really wanted to see the dancing Santa Claus, so I clicked past the warning anyway, and now my computer won't work, why did Google let me do that?" I

  • Wrong Link (Score:5, Insightful)

    by OverlordQ (264228) on Thursday December 01, 2005 @03:06PM (#14160028) Journal
    Actually the "What's New" page is here [google.com], not what was linked to.

    Also, I'm still pissed they havent added the option to empty the spam folder, yes I know it gets automagically deleted after 30 days, but I'd like to clear it out without having to go through 30 pages.
    • Re:Wrong Link (Score:5, Interesting)

      by alphakappa (687189) on Thursday December 01, 2005 @04:40PM (#14161049) Homepage
      Why do you care? The spam 'folder' does not add to your alloted storage space. The messages do not appear in your inbox or your regular searches (unless you specifically search using in:spam), so why do you care whether there are 0 messages or a gazillion messages in the spam folder?
  • Is it going to... (Score:3, Interesting)

    by scenestar (828656) on Thursday December 01, 2005 @03:06PM (#14160036) Homepage Journal
    flag mp3s and archives as unsafe by default?
  • by sphix42 (144155) on Thursday December 01, 2005 @03:07PM (#14160042) Homepage
    So much for the .zip.remove.everything.after.the.first.zip.includi ng.the.period files.
  • by andreyw (798182)
    Webmail will never replaced a normal MUA. Essentially, until I found a decent up-to-date MUA (Being an ELM user hating PIne and Mutt), I used gmail. Now that I have Mail.App, I just use Gmail as a safety repository for deleted mail.
  • by mmThe1 (213136) on Thursday December 01, 2005 @03:09PM (#14160075) Homepage
    From the page..
    "If the virus can't be removed from the file, you won't be able to download it"

    All that talk about false positive and important (project/contract saving) mails sounds so important suddenly...

  • by tgd (2822) on Thursday December 01, 2005 @03:10PM (#14160090)
    I've got 10k+ e-mails in my gmail account, though, and I don't think any have any virus-laden attachments, though.

    What I really want is a "yes, I'm unilingual, I speak English and if an e-mail isn't in English, its spam" setting.
  • by Anonymous Coward on Thursday December 01, 2005 @03:13PM (#14160121)
    ... but they are no longer allowing ANY zipfiles containing .exes to be transmitted to a gmail account.

    That's obviously pretty damned annoying for people who actually work with zipfiles. "Here, give this version a try." "What version?"

    I've sent them polite feedback requests to stop doing that. Other services scan zipfile contents for known viruses; Google is just dropping the zipfiles altogether. In my message to their support folks, I pointed out that letting virus writers dictate the design of your mail service isn't the best long-term business model.
  • by Wellspring (111524) on Thursday December 01, 2005 @03:14PM (#14160131)
    This is a natural outgrowth of the fact that they can't effectively index virii.

    Therefore, they must be destroyed [theonion.com].
  • by altoz (653655) on Thursday December 01, 2005 @03:16PM (#14160147)
    They have gmail scanning for viruses... They have google desktop indexing the files...

    Soon, they'll release a google-desktop extension that scans viruses on windows.

    google really is taking over microsoft (windows)
  • by Jherek Carnelian (831679) on Thursday December 01, 2005 @03:21PM (#14160203)
    Does this mean Google will be targetting their advertising based on the kind and number of viruses they filter out?

    For people who get a lot of viruses, they can advertise privacy tools, anti-virus software and adware removers.
    For people who do not get a lot of viruses, they get to see ads for social networks, dating sites, etc.
  • hotmail (Score:4, Funny)

    by dioscaido (541037) on Thursday December 01, 2005 @03:27PM (#14160254)
    following the trend for MS, it looks like hotmail is copying gmail and checking for viruses as well. :)
  • The real story here is that GMail went live without virus scanning in the first place considering that at least one of their major competitors, Yahoo!, already had it. In a lot of ways Google reminds me of the go go tech companies back in the tech boom of the late 90's when updates and "news" came on an almost hourly basis. Am I saying Google is going too fast? Maybe, but I do admire their enthusiasm energy. They certainly woke up Yahoo!, AOL, and MSN to name a few.
  • Because I am getting tired of renaming my files and explaining n00b aunts how to re-rename the files when they receive them.
  • by G4from128k (686170) on Thursday December 01, 2005 @03:35PM (#14160317)
    What if Google create AV for the web -- filtering websites and pages that contain embedded viruses, trojans, or malware. Any website with malware, trojans, or other nasties would lose its favorable pagerank or even disappear from searches where the user has asked for "safe" pages.


    Google may not be able to stop fast moving threats because they don't reanalyze pages that often (unless they offered a proxy service), but they could stop corporate-sponsored malware by advertisers and less ethical site providers.

  • by Nom du Keyboard (633989) on Thursday December 01, 2005 @03:35PM (#14160319)
    virus protection for it's web based email service

    The next, obvious, and far too long overdue, step is for Google to flag web-sites that attempt to install malware, redirect you to sites you didn't want to visit, spawn endless pop-up windows, attempt to create a full-screen browser that you can't close, or disable features of your browser like right mouse button clicks. Since they've already spidered it, and in most cases cached it, they can darn well scan it for viruses and other crap at the same time! Their virus, adware, spyware, malware signature files would certainly be more upto date than my own. They could even be protecting surfers now from the current unpatched IE exploit by warning of sites that have dodgy or questionable code while MS takes its own sweet time coming up with a patch.

    The first decent search engine that takes this step to protect its users can count on the majority of my traffic.

    • I'll second this. One of the most commong phishing techniques I see in e-mails is the old "I can see the link text there so it must be right" scam. Something like:

      Update your account here: http://ebay.com/updateAccount.html [scammer.com]

      Of course, Slashdot has a nice solution (the "[scammer.com]" bit). AFAIK, no webmail services protect users against this. Apple's Mail doesn't, unfortunately, but what about the legions of less tech-savvy people?

      Not a lot of common users instictively know that eBay would never send an e-m
    • The first decent search engine that takes this step to protect its users can count on the majority of my traffic.

      I'm sure it will, and such a thing will be called a proxy :p

      Use safesurf.google.com. Free http/https proxy linked to your gmail account. The NSA will thank you!

  • From what you read on "Linux Activist" [blogspot.com] only the login phase of email sessions is encrypted and protected from prying eyes... They could also address this kind of potential security breach instead of bothering me each time I try to send an executable...
  • by Surt (22457) on Thursday December 01, 2005 @03:43PM (#14160401) Homepage Journal
    I'll just write a program to email myself every file on my hard drive and see what fails, or maybe use that gmail as file system thingy.

A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla. -- Mitch Ratcliffe

Working...