hyalineskies

Whilst browsing del.icio.us/popular yesterday, I came across Amit Agarwal’s entry on the Gmail antivirus scanner, in which he asks “Why is Google calling it an AntiVirus scanner when it is just an attachment blocker?” He continues to call Gmail’s virus scanner nothing but an attachment blocker, giving ways to bypass their executable file filter.

I was rather skeptical; would Google actually attempt to pass off an executable file filter as an antivirus? Was Google really that desperate when putting new features into Gmail? Since Agarwal’s entry was rather popular, I had assumed that he had done all of the research and was entirely correct. I wrote an entry in my Moleskine about how this misleading filter-called-scanner could be the downfall of an increasingly noncompetitive Gmail. During experimentation, though, I found that Agarwal was actually wrong. There is a Gmail antivirus scanner, and it’s actually quite effective, although still limited.

I first checked for the existence of the executable filter by attempting to send a clean .exe to an alternate e-mail address of mine. As expected, Gmail disallowed it, stating that executable files were not allowed due to “security reasons.” I also tried tar, zip, and rar, with the clean executable only passing through in the RAR format. Agarwal was correct in stating that Gmail’s executable filter was in place and that it didn’t read the RAR format.

Internet research shows that this attachment blocker is nothing new, being in place since at least March. I can only assume that Google originally did this not as much for “security reasons” but instead for its own liability reasons as people began to use Gmail accounts for virtual filesystems. Banning executables in common ZIP archives, as well as by themselves, puts a bit of a damper on the use of Google disk space for possibly illicit software storage.

Regardless of Google’s reason for the executable filter, I needed to test something that Agarwal hadn’t: whether or not Google actually detected viruses. This means that I’d have to send Google infected files. Although I have a ZIP that contains a selection of the most intrusive viruses and spyware in the wild (for testing purposes of some of my own repair software,) I was hesitant to release this pack upon my freshly-reformatted computer. Instead, I tried the much safer EICAR test file, a file specifically written to raise red flags within antivirus heuristics. I downloaded eicar.com and attempted to execute it on my own machine; Grisoft’s AVG stopped me from doing so. A scan with Norton also caused the antiviral alarms to sound. I had decided that Google’s antivirus technology - if such a technology did exist - would detect the EICAR file as well.

I first attempted to upload the regular eicar.com file; of course, Gmail’s executable filter stopped it before any scanning occurred. At this point, I used Agarwal’s re-suffix workaround, changing the .com file extension to eicar.com.pseudo to bypass the filter. The file was uploaded to Google’s server, scanned, and flagged as a virus. Google did not allow me to send the email until the offending attachment was removed. This proved that Gmail’s web interface actually does scan for viruses.

I then decided to put the re-suffixed file into a ZIP and a RAR archive, assuming that it would pick it up in the ZIP but not the RAR. Much to my surprise, Gmail’s virus scanner actually detected the EICAR test file in both the ZIP and the RAR archive, showing some degree of separation between Gmail’s executable filter and its antivirus.

I tried the same tests with Yahoo! Mail, one of Gmail’s primary competitors, to see how it handled things. Yahoo’s Norton-powered antivirus did not detect the infected file in the ZIP or RAR, although it did attempt to clean eicar.com.pseudo (which was not possible, considering all of the file is a “virus”.) In this case, I guess that there’s an antiviral draw: While Google searches deeper within archives, Yahoo takes a shot at cleaning the infection.

Regardless of Gmail’s so-so scanner potency, Gmail’s trendy innovation is becoming long in the tooth as the Gmail client itself, once the must-have email client, seems to be moving to a point where it is increasingly non-competitive. Gmail’s revolutionary feature upon release was its then-unheard-of one gigabyte of space; now, however, with competitors offering an equivalent (or larger) amount of space, along with the same search functionality, Gmail’s once-unique features have become mainstream. Google was actually late to the antivirus game; Microsoft’s Hotmail has been scanning using Trend Micro’s technology for some time.

Why, then, do so many people see a massive advantage in using Gmail over competing services? It’s not all that much better if at all. It seems that the only thing that’s keeping Gmail up with the joneses is its trendiness and prestige. In technical circles, it seems that Google everything is heralded as messianic. People flocked to Google Talk, an ordinary Jabber client. People still ask for invites to the Gmail “beta”. Developers find frivolous uses for the Google Maps API because Google’s stuff is just cool, man, not because they as developers have any particular purpose for it. Plenty of geeks long for the day when Google creates an OS. A browser. A video game for the Atari 2600.

From a microeconomic standpoint, Gmail still sees consistent growth and use, and it currently seems to be solely due to its trendiness. Consumers somehow see greater utility out of Gmail due to preferences skewed by social peer approval and consumer psychology. I still use Gmail, and I expect that I do for something close to this reason.

Although Gmail’s trendiness secures its position as a leader in the short-term, it is well-known that trends fade. Google will have to revolutionise e-mail once again to maintain consumer (or, probably more importantly, technologist) interest in the face of increasingly powerful competition from its corporate enemies. They will have to revolutionise to keep their shareholders believing in the Zen of Google as well as keep the shareholders using Google products themselves. Although I see no reason why Google’s human capital would grind to an innovative halt, the company is moving forward - both in innovative and expansionary ways - at such a breakneck speed that any bump in the road could leave Gmail, a core software package aside from Google’s search functionality, vulnerable to serious and possibly fatal attack that could lessen both user and shareholder interest.

Watch out, Google. Antivirus or not, Gmail is becoming closer and closer to playing a game of catch-up with a pack of rabid competitors.