Infosec freeloaders not welcome as malware silo VirusTotal gets tough
'Cause the takers gonna take, take, take
Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb.
For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has seen an increasing number of security startups have been using the VirusTotal data without giving back.
Now Google, and other contributors, have had enough and have changed the terms and conditions of the website. Put simply, if you don’t share samples, you can find your own malware elsewhere.
"All scanning companies will now be required to integrate their detection scanner in the public VT interface, in order to be eligible to receive antivirus results as part of their VirusTotal API services," the site's administrators explained in a blog post.
"Additionally, new scanners joining the community will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO)."
The admins also took the opportunity to remind people that VirusTotal isn't supposed to be used as a primary antivirus engine, merely as a backup checker. It seems some outfits have been using the database as a way of providing security scanning on the cheap – by throwing users' files at the database to identify potential infects. Now the party is now over, and some of the more established hands have praised the move.
Raimund Genes, CTO at long-time VirusTotal contributor Trend Micro, complained that too many newcomers were use the website for so-called "next-gen" security systems that are anything but.
"We believe in information sharing, but there is no sharing here: this is just taking. This is taking from VirusTotal without giving back," he said.
"This is taking advantage of the goodwill and resources of VirusTotal contributors. And this is taking liberty with the truth by claiming their solutions are patternless, when in fact they do have patterns: the aggregated information on VirusTotal, contributed by those very companies they’re competing against." ®