Qualys to launch malware detection and website scanning with approval seal this week

Qualys will introduce a scanning service and seal of approval along with malware detection at this week's RSA Conference.

The free QualysGuard Malware Detection service proactively scans websites for malware infections and threats. The company claims that it also conducts daily recurring scans that provide immediate insight into malware issues, delivers automated alerts when malware is found and identifies vulnerable code snippets for quick and easy removal of malware.

Qualys CTO Wolfgang Kandek explained that it works with the scanner looking at a website, crawling the pages and analysing each page. He said: “It reads the page and looks at the construction and at any vulnerable areas; it is able to recognise when something is wrong and help web users to make sure that websites are free of malicious content. This is a free service, you sign up for an account and register the sites that you want to monitor.”

Chief marketing officer at Qualys, Amer Deeba, said that rather than being a service to scan every website that a user chooses, they specify ten sites that they want to look at.

It said that QualysGuard Malware Detection minimises false positives to a near zero rate by utilising both static analysis and behavioural analysis to accurately identify malware while scanning. The static analysis identifies source code typically used in malicious attacks, including encoded JavaScript, web bugs and character encoding inside of inline frames.

Also launched this week will be the Qualys Go Secure service that allows businesses to test their websites for the presence of malware, network and web application vulnerabilities and SSL certificate validation.

Once a website passes the four comprehensive security tests, the Qualys Go Secure service generates a Qualys Secure seal for the merchant to display on their website demonstrating to online customers that their company is maintaining a rigorous and proactive security program.

Kandek explained that it will conduct four scans on the web applications, perimeter vulnerabilities and SSL certificate validation that are done weekly, while a malware check is done daily.

He said that this will be a benefit with problems associated with malvertising as malware is seen by looking at the page, and if code attempts to do something that is not whitelisted then it will detect it. It is reading the page in the same way that a user would.

Deeba said: “It is proactively securing the website to make sure the business is ready and secure. The web application scanner was launched at RSA last year and now with this technology it is much broader. You are looking at the security of your website.”

Sign up to our newsletters