December 4th, 2005
So I attempted to find out for them, and did. It was Sophos, (an AV industry leader) and here’s why:
A public service by VirusTotal.com allows you to submit malware, and get results back from many AV vendors. The AV signature database between vendors is as unique as a fingerprint, so I decided to fingerprint the AV vendor! Using malware collected from my secret source of malware, and GHH honeypots, I started to compare Gmail with all of the AV vendors.
The chart below is one of my results, you can see that the Gmail results and Sophos results are exact (like DNA), in both my first opinion, and a friends second opinion. With 50+ pieces of malware, the signature results are identical.
My Gmail Results
Other Gmail Results from Brian
I’d like to add my ‘theory’ into the mix why Google wouldn’t announce the official AV for Gmail. I believe it’s because it’s BETA, and they shouldn’t have to announce each time they change AV’s for testing purposes. In a week or so (maybe more) I will test again to see if it’s the same. In the meantime, only similar tests will prove anything. In time it’s possible that they will change vendors.
