Domain keepers ponder free malware scans

Sponsors and operators of generic top-level domains (gTLDs) have plans to introduce, or are open to the possibility of providing, free malware scans for Web domains under their purview.

ICM Registry, which operates the new .xxx TLD, in June announced a US$8 million partnership with McAfee to provide ".xxx" domain owners a free service that scans sites daily for vulnerabilities and malware. At the time, Stuart Lawley, CEO of ICM Registry, noted that the service eliminates the need for Web owners to invest in their own security software and, hence, reduce costs. At the same time, users "can feel confident the .xxx adult entertainment Web sites they are visiting are safe and secure," he added.

Industry players ZDNet Asia contacted supported the move, noting that it would benefit the entire ecosystem.

Describing ICM's initiative as a good and positive one for the industry Edmon Chung, CEO of DotAsia, said in an e-mail: "DotAsia will certainly look into the possibility and appropriateness of the approach."

However, he pointed out that the organization also needs to be careful such measures do not limit innovation on the .asia domain, or wrongly classify legitimate content as malware--a scenario known as "false positive".

"A good example is internationalized domain names (IDNs). Some over-protective software that only expects English alphanumeric domain names may as a result block IDNs," Chung said.

Verisign, which manages the .com, .name, .net, .tv and .cc TLDs, has developed a malware-scanning service and is currently working with registrars to determine how best to roll it out to registrants, a spokesperson shared in an e-mail.

"Verisign will be offering .com, .net and .name registrars the option to obtain a free malware report from optional quarterly scans," he said. "In addition, Verisign will be offering its registrars the ability to purchase a value-added service of daily malware scans for registrars to include in their security bundles. As a result, registrars will have the ability to take a proactive response to deal with malware in their zones, rather than reactively dealing with suspension requests."

According to the spokesperson, the malware-scanning capability would provide an additional reason for customers to choose TLDs managed by Verisign.

Malware authors not after porn sites
Carl Leonard, senior security researcher at Websense Security Labs, pointed out that it was "interesting".xxx domain had set the precedent for free malware checks as data indicated that malware authors might not be after adult sites.

"While adult sites are typically thought to be popular hosts for malware, research shows it's the highly trafficked sites, social networks and breaking news that are the real targets," Leonard said in an e-mail. "In fact, Websense Security Labs found that searching for breaking trends and current news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent), including pornography."

Leonard added that while free, automatic daily scans were "a great start" and welcomed by many Web site owners, the "real value" would be in having real-time scanning which could protect customers from being exposed to malware "as and when it happens".

"Malware authors are adept at taking advantage of zero-day exploits and can compromise a site, and then move on again just as quickly. So time is of the essence," he explained.