OPSWAT, provider of solutions to secure and manage IT infrastructure, announced the release of a new statistics feature for their free anti-malware multi-scanning service, Metascan® Online. The newly-released malware statistics page provides a list of the 100 most searched for threats from the past week, including detailed scan results. The statistics page is updated daily and provides the ability to track the scan history of a given threat, giving researchers insight into the growth rate of malware detection rates.
The Metascan Online data can be used to investigate the current threats generating the most searches, as well as to monitor the detection rate of new threats. OPSWAT CEO Benny Czarny expressed excitement over the research and data analysis possibilities created by the new technology, stating that “the Metascan statistics tool provides information about the malware samples in our database, giving malware researchers the ability to dig into the types of threats that are currently circulating as well as track how the detection of new threats changes over time.”
To reduce the risk of false positives at least five of Metascan Online’s 40+ anti-malware engines must flag the file as a threat for it to be included. According to Product Manager for Metascan Online, Ronald Melencio, five engines seemed to be the “sweet spot” for detection. He went on to say that “we were concerned about false positives, but if the minimum is set too high we could eliminate real, new, interesting threats.”
The statistics page provides a nearly real-time visualization of the value of multi-scanning. No single anti-malware engine detects 100% of threats 100% of the time, but using multiple engines to scan for threats allows users to take advantage of the strengths of each individual engine and to guarantee the earliest possible detection. While the data included on the statistics page shows only a subset of the most common threats in the wild and utilizes only the Windows-based anti-malware engines in Metascan Online, it provides an indication of the variability of detection rates of common malware by the anti-malware community.
OPSWAT elicited feedback from their partners within the anti-malware and malware research community as they developed this new feature in the hopes that it would provide information that was interesting, but not misleading for consumers. It is important to note that the detection data comes from static analysis performed by Software Development Kit (SDK) and Command Line Interface (CLI) package versions of the anti-malware engines included in Metascan Online and not from endpoint desktop applications which may be capable of enhanced behavioral and other dynamic analysis. Detection rates, therefore, may differ significantly from commercial endpoint performance. Therefore the data should not be used for comparative analysis of desktop or server anti-malware application. To discourage such comparisons, OPSWAT has chosen to anonymize the scan engine names.
About Metascan Online
Powered by OPSWAT’s Metascan technology, Metascan Online is a free online scanner that scans files for malware using more than 40 commercial anti-malware engines from leading security vendors such as Kaspersky Lab, McAfee, AVG, Avira and many others. The Metascan Online API allows users to programmatically upload and scan files or to search for previous scan results using a file’s hash (MD5, SHA1 or SHA256). By utilizing the hash lookup functionality, users can easily see if the file has previously been scanned by Metascan Online and get the scan results without sending the file over the Internet to be scanned.