VirusTotal launches 'Monitor' to help developers mitigate malware false flags

Cal Jeffrey

Posts: 4,153   +1,416
Staff member
In context: VirusTotal is a company that Google picked up about six years ago (now under the Chronicle umbrella) that allows users to upload any file and check it for malware and viruses. The service runs verification through 70+ antivirus and domain blacklisting services. The tool is used by developers and users alike.

Yesterday VirusTotal launched a new tool called “Monitor.” The utility lets developers run new programs or updates to existing apps against the systems of its antivirus partners. The purpose is to check that the new code does not turn up a false positive for malware with any of the AV vendors.

False positives are fairly common due to the numerous ways that the various virus algorithms out there handle code. Having a legit program flagged can be particularly troublesome for a developer leading to a loss in revenue while the app is blocked. It can also be a hassle for the AV vendor in terms of bad PR for mistakenly flagging a popular app as malware.

“So what we came up with is something like a Google Drive to which software developers can upload what they create — and do so before launching a given piece of software — or after,” VirusTotal’s lead tech Emiliano Martinez told TechCrunch.

"For software developers it is [a] big win, as they can upload their creations to Monitor at pre-publish stage, to ensure a release without issues."

Monitor looks to eliminate the headache of false positives proactively.

The way it works is developers will upload new code to the monitor. It will check it against the antivirus partners. If the program gets flagged by one or more of the vendors, VirusTotal will put the developer in touch with the AV partner so they can work out how to fix the problem.

The service will be free to the antivirus partners, but developers will be charged an undisclosed fee. The way VirusTotal sees it, developers have a lot more to lose if their software gets flagged.

“At the end of the day, whenever there is a false positive, and you are blacked out, that [is] a huge revenue damage,” said Martinez.

For this reason, developers may be more inclined to make a small investment in TotalVirus Monitor rather than suffer the monetary loss and hassle of fixing the code after launch.

Monitor is available now, and TotalVirus is offering a free trial for interested developers at its dedicated website.

Permalink to story.

 
You would think that anti-virus companies would have all implemented a 1st run sandbox for any app where it's not 100% sure it's a virus or not. I know some anti-virus programs have a sandbox run option but it isn't automatic and doesn't fix the false positive issue. The data these companies can collect in a sandbox mode is much more important than simply blocking every bit of potentially bad software and it comes with zero risk to the user.
 
Back