Trend Micro is a long-time supporter of VirusTotal. We support VirusTotal because we believe that keeping people around the world safe on the Internet requires partnerships. This includes public and private partnerships, like those we and others have with law enforcement that result in the arrest of cybercriminals, like the recent sentencing of Aleksandr Panin, the creator of SpyEye. And this includes industry information sharing partnerships like VirusTotal.
However, we also believe that partnerships need to be just that: partnerships. Everyone involved has to give to the effort as well as take. VirusTotal works and is effective due to the communal work of security vendors, businesses and even individuals who contribute the results of their research and intelligence to it.
It’s in the spirt of equal give and take that Trend Micro strongly supports VirusTotals recent changes to their Terms of Service. Put simply, these terms of service changes mean that in order to take advantage of the information shared with VirusTotal, you have to share information back.
These changes were made in response to Trend Micro and other VirusTotal contributors seeing more and more companies that do not materially contribute to VirusTotal benefit from the data and analysis of those of us who do contribute on an ongoing basis.
Beyond the fact that some companies were taking from VirusTotal without giving back is the fact that some of these non-contributors have also been using the data and analysis in VirusTotal to power their so-called “next gen” patternless security solutions. Instead of maintaining their own pattern files, these companies would simply use the data in VirusTotal as their effective pattern file. Rather than build up their own research capabilities, these companies were using the research capabilities of VirusTotal contributors to power their security products.
On top of this, these companies would then tout their “patternless” solution as a competitive differentiator in contrast to those very companies that were contributing data to VirusTotal (and thus powering their products).
Like I said, we believe in information sharing, but there is no sharing here: this is just taking. This is taking from VirusTotal without giving back. This is taking advantage of the goodwill and resources of VirustTotal contributors. And this is taking liberty with the truth by claiming their solutions are patternless, when in fact they do have patterns: the aggregated information on VirusTotal, contributed by those very companies they’re competing against.
For these reasons, we strongly support the VirustTotals changes. They keep VirusTotal focused on its goal of enabling meaningful, effective partnerships by imposing a simple and reasonable standard of fairness.
When Google took on VirusTotal in 2012, our CEO Eva Chen said that it was “excellent news for Trend Micro, for the industry and everyone”. VirusTotal’s changes to their Terms of Service underscore again that Google is a good and trustworthy custodian of this singularly important industry partnership and resource.