• by Wendy Davis  @wendyndavis, September 19, 2019

Most of the companies that have been "certified" by the Trustworthy Accountability Group's anti-malware program say they scan all campaign assets and landing pages for malicious activity before a campaign launches, the organization reports.

The industry group requires all companies carrying its “certified against malware” seal to scan a “reasonable" proportion of campaign assets and landing pages for malware.

The organization has not yet defined reasonable. One of the goals of the study was to learn how companies interpret the requirement, Rachel Nyswander Thomas, chief operating officer of TAG, says through a spokesperson.

So far, certifications have been awarded to 21 companies -- 18 buyers, sellers and intermediaries, and three malware detection vendors. Another 101 companies have applied for certification.

To date, 15 of the 18 certified buyers, sellers and intermediaries say they scan for malware before a campaign launches.

Half of the certified companies rescan their ads and landing pages at least once a day, sometimes as frequently as every 15 to 30 minutes, the Trustworthy Accountability Group reports. Twenty-five percent of the certified companies determine the frequency of scans based on perceptions of their partners' risk levels.

“Assets from partners in the highest risk tier are rescanned daily, at a minimum, while those of partners in lower risk tiers may be rescanned every 2-7 days,” the Trustworthy Accountability Group writes in a new report.

One quarter of the certified companies determine frequency based on campaign volume, with high-volume ads receiving more frequent scans than lower-volume ads.