Modern field guide to security and privacy

Google shakes up antivirus industry

For more than a decade, Google's VirusTotal has given antivirus companies the ability to detect malware and share information about new viruses. But in a sweeping change meant end 'abuse' of the system, it is limiting access to the widely used database.

Peter Power/Reuters/File
A Google sign hangs in the foyer of the company's Canadian engineering headquarters in Ontario.

Google is in the process of limiting access to a widely used database of computer viruses and malicious software in a move that is having a ripple effect across the cybersecurity industry.

VirusTotal, a subsidiary of the search giant, said last week that it was attempting to curtail abuses of the database by mandating that any companies that access it must also participate in the service to help it grow.

VirusTotal receives about 1.2 million files each day from its free, public website that will scan against some 60 antivirus programs from leading makers such as Kaspersky Lab, Symantec, and Intel. 

Companies pay to receive access to those files full of potentially new viruses and data on the consistency of malware scanners. Until the policy change, VirusTotal did not require companies to participate in scanning new files, meaning they did not add to the larger pool of malware information for the industry. 

Many cybersecurity industry experts say that amounted to getting something for nothing. 

What's more, industry insiders worry that access to VirusTotal let some antivirus companies develop software that only checked to see if VirusTotal had encountered the file before, rather than root out new strains of malware to protect their customers.

"If the rumors are true, these companies are selling a false sense of security," said Bogdan Botezatu, a senior analyst at BitDefender, an antivirus firm that participates on VirusTotal.

Ideally, he said, the community of cybersecurity firms would collaborate on creating the most up-to-date information on viruses in service of improving the overall industry, and keeping consumers safer. "VirusTotal is so important because antiviruses only work on trust and cooperation."

"For this ecosystem to work," VirusTotal said in a May 4 blog post, "everyone who benefits from the community also needs to give back to the community."

VirusTotal did not say how many current companies it would limit from accessing the library, and Google did not respond to a request for additional comment about the new VirusTotal policies. But the changes are already having a tangible effect on the cybersecurity industry.

According to Reuters, VirusTotal has shut out the cybersecurity firm SentinelOne, which promoted its use of the tool in marketing materials. Representatives from Crowdstrike told Reuters it was currently negotiating a way to continue using the service. 

Some firms have no qualms about leaving VirusTotal.

"People were saying that we were using VirusTotal to scan files, which we don’t," said Stuart McClure, chief executive officer of Cylance, a firm that promotes its use of artificial intelligence to detect cyberthreats. "This is good chance for us to educate people on what we actually do. VirusTotal's policies won’t affect us at all."

Still, he said, many companies may have had good reason not to share results of their own virus scans (often called "convictions") with the competition. "They would steal all of our convictions without giving us credit,” he said.

The changes to VirusTotal will not effect how the public can use the service to search files and websites for viruses and other malicious software.


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to