Using malware scanning services – a security or marketing decision?

in Malware Scanning by Steve Waite
jan 05 2012
Security or Marketing?

Given that GlobalSign (and other SSL Providers) are putting some credence on bundling malware scanning services with SSL of late, it makes sense to cover the whole concept in more detail.

Malware is the latest buzzword to describe malicious software (Viruses, Trojan horses, Worms, Rootkits, Spyware, Adware, Crimeware, Robot (botnet) Clients etc) distributed by visiting infected websites. How the software is distributed is pretty sophisticated, usually incorporating a “drive-by downloading” method of:

  1. Hacking an unsuspecting website
  2. Inserting an iframe or HTML reference to a file on a second server somewhere
  3. Executing browser exploits that break the usual security barriers in place by the browser
  4. Then Using your broken browser to download and execute the malware. It’s a very real problem - even major sites have suffered (playstation.com, Bank of India to name a few).

    5. This is a problem for two reasons. Firstly, no one wants to distribute malware to their website visitors (at least legitimate website owners do not), that’s no way to treat your customers. Secondly, Google is on to this problem and is when indexing a website, is now also checking for malware thanks to the sandboxing (virtualisation) technology it obtained when it acquired GreenBorder several years ago (http://en.wikipedia.org/wiki/GreenBorder).

    Once Google has you flagged, you’re in serious trouble. Your entry in the organic search results is flagged as a potentially harmful site. Chrome and Firefox refuse to bring visitors to your site without a warning… so basically, your traffic will suffer dramatically. And the efforts taken to convince Google you’ve addressed the issue can take months. So to avoid this doomsday scenario, several companies have developed early warning systems to let website admins know of potential hacks prior to Google spotting the issue and going public. This makes adoption of malware scanning more about marketing than security, and like insurance, you only truly see the benefit when something terrible happens.

    GlobalSign has been considering adding malware scanning alert services to our core product DNA for many months, in fact another GMO company, GMO Hosting & Security, has been successfully OEMing malware scanning since the start of the year. So when VeriSign announced malware scanning inclusion, it firmed up our decision that we were not the only CA that considered SSL and malware have some level of overlap and mutual benefit to our customers. Rather than develop our own service, we chose to partner with Armorize – they have a great solution, some excellent analytical minds and a proven record with our parent company and more recently as the choice of VeriSign, both of which white labell the Armorize solution.