from Hacker News

Software security suffers as startups lose access to Google’s virus data

by spotirca on 5/9/16, 8:37 AM with 25 comments

  • by deprave on 5/9/16, 10:14 AM

    Key quote: "Marx of AV-TEST said that some newer companies secretly relied on data supplied by older companies while marketing themselves as a cut above the older technology. "They are using traditional methods, too," he said. Some of the newer companies said they do not share their evaluations for competitive reasons."

    The above sentiment may ring a bell for those of you who follow the news. It's the exact same behavior we heard from Theranos: Startup makes headlines as breakthrough technology, but under the hood nothing works and they rely on decades-old technology for actual testing. When asked about their technology (even by their investors!) their reply is "we can't tell you more because competition."

    These garbage companies, shrouded in secrecy and enjoying the hype, should be outed for what they are: snake oil.

  • by lorenzhs on 5/9/16, 11:16 AM

    This is a good move being completely spun around to make it sound like Google is bullying startups. Snake oil should be outed as such, and if those hyped SV darlings like to shroud themselves and their shady techniques in a veil of secrecy (or rather, thick dense clouds of smoke), then they shouldn't be part of an information-sharing network like VirusTotal.

    In the end, this is good for everyone's security.

  • by PeekPoke on 5/9/16, 9:28 AM

    This only affects organisations that don't contribute back into the community - leechers in otherwords.

    Virustotal has always been a platform whose data is enriched by the community for the benefit of all and so Cylance, Crowdstrike, etc can frankly go suck balls if they don't want to contribute.

  • by pmx on 5/9/16, 10:10 AM

    Article puts a really negative spin on what can only be a good move. Why should leechers be allowed to make huge sums of money on the back of the rest of the communities work?

  • by Cozumel on 5/9/16, 10:55 AM

    It doesn't seem like a coincidence that this is coming right after OSVDB shut up shop ( https://blog.osvdb.org/2016/04/05/osvdb-fin/ ), it's a good move by industry to shut out leechers and over hyped snake oil companies.

  • by fridek on 5/9/16, 10:00 AM

    Why are they not contributing back? I fail to see any real competitive advantage to gain. Even if you happen to protect against a threat that is not publicly known, you can't really advertise that without a) making it publicly known b) making yourself sound like a jerk.

  • by roosterjm2k2 on 5/9/16, 3:06 PM

    How is an article that is clearly incredibly biased on top of the front page?

    Leechers who don't contribute got cut off - that sounds incredibly fair... yet the article spins it to sound like it was malicious.

    I guess the entitlement complex rolls all the way up to businesses, too...

  • by _Codemonkeyism on 5/9/16, 10:24 AM

    Key sentence

    "Some security companies rely completely on the database, essentially freeloading, said executives on both sides of the divide, and did not want to share their analysis for fear of being found out."

  • by cleverfoo on 5/9/16, 3:06 PM

    Let me see if I can try to simplify the underlying problem here (I dabble in this space):

    Little bit os background: writing pattern matching signatures is hard, adding a bunch of "known malicious" hashes to your malware database is easy.

    So, company A with a staff of folks writing pattern matching signatures has its engine added to VirusTotal and virus total shares/sell hashes found by that engine to folks that pay for its API. Company B, without a staff of engineers writing pattern matching signatures, signs up for VirtualTotal API and creates its malware database based purely on the hashes other actual engines create.

    Two important things to keep in mind, when this happens at the scale of VirusTotal (basically all real engines are participating) the end result "hash database" is, essentially, bullet proof since it's likely that any sample used to test its effectiveness will be run by VirusTotal first.

    We (I run scanii.com a malware/content detection API service) run into this all the time with folks either abusing or just not understanding the reason VT exists.

  • by ZoFreX on 5/9/16, 11:40 AM

    "Software security suffers" [citation needed]

    This article is a mix of facts and opinions and it plays pretty fast and loose with which are which.

  • by matt_wulfeck on 5/9/16, 4:06 PM

    > On Wednesday, the 12-year-old service quietly said it would cut off unlimited ratings access to companies that do not share their own evaluations of submitted samples.

    Not sure why the headline spins google as the bad guy here. The system works best if all companies contribute, and clearly there's some who are not contributing.

  • by jbaviat on 5/9/16, 4:19 PM

    An open-source equivalent to VirusTotal, built for scaling, is IRMA by Quarkslab.

    http://irma.quarkslab.com/

  • by rpedela on 5/9/16, 1:37 PM

    I am a little confused. VirusTotal has public and private APIs. Are these companies losing access to those APIs? If so, what if you aren't a security company but want to use it for virus detection of uploaded files?