Software Security Suffers as Startups Lose Access To Google's Virus Data

Iain Thomson, writing for The Register: Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb. For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has seen an increasing number of security startups have been using the VirusTotal data without giving back. Now Google, and other contributors have had enough and have changed the terms and conditions of the website. Put simply, if you don't share samples, you can find your own malware elsewhere.From a Reuters report: The policy change at the information-sharing pioneer VirusTotal takes aim mainly at a new generation of security companies, some with valuations of $1 billion or more, that haven't been contributing their analysis. Older companies, some with market valuations much smaller than the upstart rivals, had pressed for the shift. "If they no longer have access to VirusTotal, their detection scores will drop," said Andreas Marx, chief executive of security software evaluation firm AV-TEST. With detection rates down, hackers will find easier entry.

It's how Open Data works

[cweber]

You cannot just consume and hope nobody cares that you don't give back.

Re:It's how Open Data works

No. That's specifically NOT how Open Data works.

Open Data is data that's made available, no strings attached, for public use and consumption. There are many reasons why someone would choose to share data in this way. Maybe it's for research. Maybe it's for third-party app developers (e.g. a municipality making transit data available). Maybe it's because they're required to provide the data by law (e.g. government datasets).

If the data is available only conditionally, then it's not Open Data. It might be data the public can potentially access, but that's not Open Data.

If (for example) Linux was ONLY available to people who actively contributed code back to the kernel, and blocked for everyone else, we wouldn't be calling it OSS.

Re:It's how Open Data works

[meerling]

The idea of a system like the one in the article is that everyone contributes, everyone benefits. They didn't think to write it in their rules because they didn't contemplate the possibility of the extensive leeching for profit that's going on. They are now correcting their posted rules to get the for-profit-leeches to participate or GTFO.

How many times do we need to say it?

[xxxJonBoyxxx]

Don't build your "startup" on other people's data/API/etc. unless you have a contract. They could change the terms tomorrow and then you're screwed.

Detection rates go down, products stop being used

[QuietLagoon]

... "If they no longer have access to VirusTotal, their detection scores will drop," said Andreas Marx, chief executive of security software evaluation firm AV-TEST. With detection rates down, hackers will find easier entry....

The people who use the products with the poorer detection rates should just switch to products that continue to provide good detection rates, and the hackers will then find entry to be more difficult.

.
If those a/v companies built a ~$1B business based upon the acquisition of free data for which they have no long-term contract to obtain, then those companies do not deserve to continue to be in business.

To put that much money at risk because the supply chain has not been properly vetted is not a good business practice.

Detection already negligible

[sinij]

Signature-based AV is already ineffective to the point of being useless. Trivial obfuscation techniques can and does fool every solution out there.