Security Plus checks links in Firefox on Virustotal without leaving the page
It can sometimes be difficult to tell if a web page or domain a link points to is a legit site or not. While the url of the site may give you clues at times, for example if you know it already, it is at other times not possible to determine whether it is secure to visit a site or not based solely on a link.
One of the things that you can do in this case is to check the site against malware databases. There are plenty of services available on the Internet that can do so, from Google's Safebrowsing to Web of Trust.
Many of those have in common that they provide you with one result. If you prefer multiple results instead, as it improves the odds of the assessment being right, then you can use services such as Virustotal instead.
Just visit the service, click on url, paste the link in that you want to check and wait for the results to be displayed on the screen. While certainly useful, doing so is not really suitable if you need to check links regularly.
That's where the Firefox add-on Security Plus comes into play. The browser extension for Firefox adds a new entry to the right-click context menu to check the underlying link on Virustotal.
This is done without leaving the site you are on as results are displayed right on the page in a small overlay on the screen.
Even better, you can check links in rapid succession with results of all those checks displayed on the page.
The results indicate whether the linked site is clean or not. You can click on the results link on the right of each report to display the list of engines used in the check and how they rate the link.
Security Plus uses Virustotal which means that it will use all 64 services supported by Virustotal to scan the selected links.
The browser extension requires that you launch the scan manually as there is no option included to scan links automatically instead. So, it is best used to scan questionable links that you come across while you are browsing the Internet.
The main advantage over the official Virustotal extension for Firefox is that the result is displayed on the same page and not on a new page that is opened when you initiate the scan.
Chrome users can check out VTChromizer and Internet Explorer users VTExplorer. Both open the scan results on a new page though.
I’m sorry to have to inform you all that URL scanners are very different from file scanners, and you shouldn’t trust them. Web sites that uses dynamic pages like .asp or .php can check the IP of the client and if it’s from the range of Virustotal or an anti-virus company then they only print out clean code. But when other IP’s visit the pages the malicious code is printed instead. This is how it works :(
Very useful extension. After installation, I found out it is also available on other browsers too. Thought it might help others to have the links
Chrome: https://chrome.google.com/webstore/detail/security-plus/edkcmflbdogcbjahoblehnlonjedkmoh
Opera: https://addons.opera.com/en/extensions/details/security-plus/?display=en
Safari: https://extensions.apple.com/details/?id=com.add0n.security-plus-N36DZ3K24G
WOT is still the best tool. VT said 3 out of 4 malare sites were clean.
What a wonderful idea. No need to leave the page to verify if the web page is clean or not. I’m getting this now. I know that i will be using this a lot so thanks,,,,,
Martin Brinkmann wrote,
“Chrome users can check out VTChromizer and Internet Explorer users VTExplorer.”
Yes, but a couple of weeks ago, I found out that VTExplorer doesn’t work with IE11, probably because of this:
http://msdn.microsoft.com/en-us/library/ie/ms535869(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/ie/bg182625(v=vs.85).aspx
A couple of users on the Dutch Security.nl forum have been (and still are) testing some modified VTExplorer variants, to find a solution. A suitable VTExplorer variant may have been found, but it needs some more testing with some ‘picky’ webpages. VirusTotal will also have a look at the VTExplorer code, but VirusTotal is a small team, and about half of the team is on vacation, so this matter is low in VirusTotal’s list of priorities right now.
Interesting, thanks for mentioning that,
In addition to my December 22 and 30 posts –
Today, VirusTotal released a new VTexplorer version, that should work with all Internet Explorer versions.
In addition to my December 22 post –
We (that is a couple of users on the Dutch Security.nl forum) have created and tested a modified VTexplorer variant that works perfectly with IE8, IE9 as well as with IE11 (and probably with IE10 as well, but we haven’t tested that).
I sent the VirusTotal team the information regarding the modified VTexplorer variant, including the modified VTExplorer.htm file.
The VirusTotal will have a look at it, but VirusTotal is a small team, and about half of the team is on vacation, so this matter is low in VirusTotal’s list of priorities right now, and I suppose it will take a couple of weeks.
That, precisely, was my doubt. Thank you for answering.
I’ll be checking this extension out right now, thanks for posting about it. Also how do you get your firefox to look so minimal? I’ve always wondered about that.
Only Classic Theme Restorer, nothing else.
I have been trying to tweak it to look like the one in the picture, but have failed to do so. Could you send me your preferences by clicking “settings” and then clicking “export preferences” – It would then save in a notepad file.
Here you go: http://pastebin.com/zz6UAFuf
Martin, one of the things I like in Virus Total is that you can order a new scan if the date of the results shown is not recent. Is this also possible with Security Plus? Can we see the date of the results shown and, if thery are not recent, is it possible to order another scan? Thank You.
You cannot rescan a url using the extension. I’m not sure though if it checks for existing results at all or will run a fresh scan each time.
Awesome post, Martin! :-D
Thanks for the tip Karl :)
it lists ghacks as a suspicious site ????
A false positive — again. Very disruptive to the site’s operation. I have contacted them.