NEWS ANALYSIS: Hacking fears as Google chops ‘freeloading’ security firms
May 9, 2016
Shah Sheikh (1294 articles)
Share

NEWS ANALYSIS: Hacking fears as Google chops ‘freeloading’ security firms

A NUMBER of young technology security companies are losing access to the largest collection of industry analysis of computer viruses, a setback industry experts say will increase exposure to hackers.

The policy change at the information-sharing pioneer VirusTotal takes aim mainly at a new generation of security companies, some with valuations of $1bn or more, that have not been contributing their analysis.

Older companies, some much smaller than the upstart rivals, had pressed for the shift.

Alphabet’s Google runs the VirusTotal database so security professionals can share new examples of suspected malicious software and opinions on the dangers they pose. On Wednesday, the service said it would cut off unlimited ratings access to companies that do not share their evaluations of submitted samples.

Analysts and executives at several companies said the changes would leave some services more likely to mistakenly classify legitimate software as malicious and less able to protect their customers from real threats.

“If they no longer have access to VirusTotal, their detection scores will drop,” said Andreas Marx, CE of security software-evaluation firm AV-TEST. Hackers will, therefore, find easier entry.

Some security companies rely completely on the database, essentially freeloading, said executives, who did not want to share their analysis for fear of being found out.

Several people familiar with the matter said the move would affect high-profile California firms Cylance, Palo Alto Networks and CrowdStrike, as well as some smaller companies.

Cylance said it gave up access to the ratings two weeks ago after deciding not to share its technology. Chief research officer Jon Miller said Cylance had not suffered, but that others had.

“Many next-generation products are simply not functioning right now,” he said. Mr Miller said the loss of VirusTotal could help spur the companies to invest in their own innovation to catch viruses.

Asked whether it had been kicked off the service, Palo Alto said it had not been relying on the VirusTotal peer determinations and expected “no impact” on customers.

CrowdStrike said it was negotiating with VirusTotal and had not been cut off by Saturday. “We support the mission of VirusTotal and have reached out to them to explore additional ways we can collaborate for the benefit of the entire security community,” the company said.

VirusTotal gets about 400,000 submissions of potentially dangerous files daily, mostly from old-guard antivirus companies such as Symantec, Intel and Trend Micro that sit on the most machines.

“It was never meant to enable new companies to use it as a shortcut by silently relying on, and benefiting from, the service without a corresponding investment,” said Trend Micro chief technology officer Raimund Genes, an old-line tech executive who pushed for the shift.

Marx of AV-TEST said that some newer companies secretly relied on data supplied by older companies, while marketing themselves as a cut above the older technology.

“They are using traditional methods, too,” he said.

Some of the newer companies said they did not share their evaluations for competitive reasons. Blanket copying of virus indicators has been a historic grievance at VirusTotal, with at least one victim resorting to sabotage in retaliation, Reuters reported last year.

Others say the way that they detect bad programs is too intensive to integrate with VirusTotal’s current system.

Source | BDLive