It’s been six years since Google acquired VirusTotal, a service that allows users to upload any file to check it for malware and viruses against the databases and algorithms of 70 antivirus and domain blacklisting services. Over the years, VirusTotal, which is now part of Alphabet’s Chronicle, has established itself as a neutral public service that has the trust of both users and developers, who can also access its service through an API.
Today, the company is expanding on its core services by launching a new tool that allows developers to scan new code against the systems of its antivirus partners to help ensure that those partners don’t mistakenly identify their code as malware. These kind of false positives are surprisingly common and can obviously create massive headaches for developers who aren’t in the malware business.
With VirusTotal Monitor, which is now available to all developers, developers can upload their code, have VirusTotal check it and if it’s mistakenly flagged as malware by one of the company’s partners, VirusTotal notifies both its partners and the developers– and connects them to make sure they can figure out a solution.
As VirusTotal tech lead Emiliano Martinez told me, it’s worth noting that false positives are not just a headache for developers but also a potential PR disaster for the antivirus industry. Those companies don’t want to be responsible when users suddenly can’t use the latest version of an application they depend on only because their antivirus tool mistakenly thought it was malware. “So what we came up with is something like a Google Drive to which software developers can upload what they create — and do so before launching a given piece of software — or after,” Martinez explained.
It’s worth noting that this tool is mostly geared toward commercial developers, but it’ll also be useful for developers who write line-of-business apps for larger companies, given that they often need those application to run their businesses.
VirusTotal Monitor is free for the antivirus companies. The company plans to monetize the service by charging developers. “At the end of the day, whenever there is a false positive and you are blacked out, that a huge revenue damage,” Martinez told me when I asked about the reason for this monetization model.