Security experts have welcomed VirusTotal’s new terms and conditions, which now state that any entities wanting to benefit from the threat information shared on the platform also have to contribute themselves.
Trend Micro CTO, Raimund Genes, argued that increasing numbers of firms are benefiting from the data generated by the service without giving back at all.
The Google-owned business was founded 12 years ago on the basis that security vendors and researchers could contribute suspicious files and receive in return a report bearing the results of multiple AV scanners.
In exchange, AV firms receive new malware samples to improve their own products.
However, the site administrators were forced last week to change the T&Cs after seeing some members of the community abuse that agreement.
VirusTotal explained the new conditions in a blog post:
“All scanning companies will now be required to integrate their detection scanner in the public VT interface, in order to be eligible to receive antivirus results as part of their VirusTotal API services. Additionally, new scanners joining the community will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO).”
Trend Micro’s Genes claimed that some smaller AV firms were even basing their business around the data obtained from VirusTotal.
“Instead of maintaining their own pattern files, these companies would simply use the data in VirusTotal as their effective pattern file. Rather than build up their own research capabilities, these companies were using the research capabilities of VirusTotal contributors to power their security products,” he argued.
“On top of this, these companies would then tout their ‘patternless’ solution as a competitive differentiator in contrast to those very companies that were contributing data to VirusTotal (and thus powering their products).”
He added that the changes to VirusTotal’s T&Cs was evidence that “Google is a good and trustworthy custodian of this singularly important industry partnership and resource.”