VeriSign is adding malware scanning to its authentication services for Web site operators, the company announced on Monday.
The "VeriSign Trusted" check mark seal indicates to Web surfers that VeriSign has verified that the site represents the organization or company that it purports to be and that it is using encryption to protect communications between the site and its visitors. Now, existing and new VeriSign SSL customers will have their sites scanned daily to check for malware as well, at no extra cost, said Tim Callan, vice president of product marketing at VeriSign.
The company also is adding its seals to Web search results on shopping search engines Pricegrabber and TheFind, as well as on Google and Bing for people using AVG's LinkScanner software. "We are aggressively pursuing deals with other search engines," Callan said.
If VeriSign discovers malware on a customer Web site, it will remove the seal and notify the site administrator via e-mail. Site administrators can see a report detailing what code was found and where via a VeriSign management console. When the malware is removed VeriSign will scan the site to verify that and then replace the seal.
The increase in drive-by-downloads in which Web surfers are infected with malware just by visiting a site prompted VeriSign to add this additional level of security for its customers, he said.
"Our seal and our service is widely understood to be the most recognized, most prominent indicator of a safe Web experience," Callan said. "In order for our seal to still mean what people think it means we needed to offer this service moving forward."
The service enhancement is also a way for VeriSign to differentiate its SSL certificate services from the dozens of other companies offering similar services. "We view ourselves as the Mercedes Benz of this category," Callan said. "We are making sure we are best of breed."
The malware scanning will be rolled out in stages to all VeriSign branded SSL certificate customers worldwide between now and the end of the year, he said.
Originally posted at InSecurity Complex